Security is a major concern for organizations of all sizes. Regardless of your industry, protecting and maintaining your organization’s data, online presence, and systems availability is crucial. Unfortunately, many organizations regard security as an afterthought, a process that is overlooked in favor of increased power, productivity, and budgetary concerns. Proper security implementation is often enacted “postmortem” — after an unauthorized intrusion has already occurred, often with costly or even catastrophic effect. Because most organizations are dynamic in nature, with workers accessing company IT resources locally and remotely, the need for secure computing environments has become more pronounced than ever.
For the last 10 years, enterprises of all sizes have solicited the knowledge and skills of Fotis’ security experts to properly audit systems and tailor solutions to fit the operating requirements of their organization. Our team of security engineers can perform a full security audit and vulnerability assessment of your existing environment, followed by a plan to strengthen your organization’s security posture.
Fotis Networks specializes in a wide range of security products and services, including:
Department of Defense Risk Management Framework (DoD RMF)
Stateful and application-aware firewalls
Intrusion detection and prevention
Security scans, audits, and remediation plans
RADIUS and TACACS servers
System patching and hardening
Centrally managed anti-virus and anti-malware solutions
Disaster recovery planning
Monitoring, reporting and system baselining
Fotis Networks’ Security Approach
The Fotis Networks approach to protecting information availability, data integrity, and privacy has been developed through years of experience incorporating security practices developed by the National Security Agency (NSA), the Defense Information Systems Agency (DISA), and other security-based agencies such as CERT, as well as industry best practices.
The approach begins with a thorough vulnerability assessment performed by an IA (Information Assurance) specialist, followed by a plan for remediation and/or mitigation of discovered findings. Finally, a security policy and procedure is put into place to ensure that a solid security posture is maintained. Fotis Networks conducts scheduled security assessments, remediation, and penetration testing at predefined intervals to ensure that organizations maintain their lines of defense.
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Vulnerability assessment has many things in common with a common risk assessment. Assessments are typically performed according to the following steps:
Cataloging assets and capabilities (resources) in a system
Assigning quantifiable value (or at least rank order) and importance to those resources
Identifying the vulnerabilities or potential threats to each resource
Creating a plan for remediating or mitigating the most serious vulnerabilities for the most valuable resources
In an ideal world, the assessment strategy would begin before a computer network becomes operational; the network devices and operating systems could then be probed for security vulnerabilities and ‘hardened’ before any connection to a public network is introduced. In reality, there are often existing data networks and external Internet connections in place. This situation introduces a significant number of known vulnerabilities.
Fotis Networks uses a vast range of industry-tested and approved automated scanning tools and utilities, many of which are proprietary, to gather information about a customer’s network assets and to discover vulnerabilities. The output from these tools is used to generate a ‘Remediation Report,’ which outlines the affected systems and categorizes the vulnerabilities by level of importance.
This approach is complemented by performing interviews with IT staff and computer users to gather further information on how data is processed and shared internally within an organization. The findings from these interviews are merged with the automated reports, and all findings will be then be reviewed with the designated personnel within your organization.
Fotis Networks offers flat fee pricing for vulnerability assessments. For more information, please contact us and ask to speak with an IA specialist.
Once all risks have been identified, and a meeting has taken place to confirm prioritization, Fotis Networks will develop a plan for remediation or mitigation of all findings. This plan is the step-by-step guide that outlines the process of securing each aspect of the network. Timelines, maintenance windows, and testing procedures will be part of the remediation plan.
Depending on the size and complexity of the IT infrastructure, and the types of vulnerabilities discovered, the approach for remediation may differ. Some strategies will require the introduction of additional servers or appliances into your network to provide necessary security boundaries, or possibly a centralized location for deploying patches and hot fixes. Other approaches may employ Group Policy Objects (GPOs) or scripts to secure your operating environments. Once the remediation has been thoroughly discussed, and approved, the process of remediation will begin.
Remediation is performed in logical steps according to the approved plan until all aspects of your network are secured. Throughout the process, automated scans will be performed as they were during the assessment phase to track progress. Once all findings have been addressed, a final report will be generated as a deliverable, outlining the current security posture as compared to the reports generated during the assessment phases.
Security Policies and Procedures
An information system security policy is a well-defined and documented set of guidelines that describes how an organization manages and protects its information assets, and how it makes future decisions about its information system security infrastructure.
Security procedures document precisely how to accomplish a specific task. For example, a policy may specify that virus-checking software is updated on a daily basis, and a procedure will state exactly how this is to be done.
Fotis Networks can develop policies and procedures that can be used by your organization to ensure that your environment remains protected. Such documentation is also a necessary component of many types of audits and compliancy checks.
Scheduled IA Maintenance
New vulnerabilities, exploits, viruses, and malicious software are released every single day. Securing your information assets is only the first step. Maintaining your security posture requires ongoing monitoring, scanning, upgrading and patching.
Fotis Networks offers custom-tailored, regularly scheduled IA maintenance to our customers. Our IA specialists stay abreast of vulnerabilities and exploitations as they are released, and make sure all systems are updated with the latest software or patches necessary to defend against these exploitations.
We offer monthly or quarterly packages, consisting of assessment and remediation reports, and provide tools to ensure that an organization is not trading off data security for ease of usability.
Fotis Networks offers flat fee pricing for scheduled IA maintenance packages. For more information, please contact us and ask to speak with an IA specialist.