GlobalNSA’s broad spectrum of professional security, ethical hacking, and development services are combined with our tactical delivery approach that results in unique solutions for our clients.
GlobalNSA offers a rapid mini-risk assessment service where we will help you understand where your gaps are and offer recommendations on how best to invest in security services. We will identify your critical assets, estimate costs involved, identify threats that have the likelihood of causing harm and the associated vulnerabilities that would allow these threats to occur. You will receive a road-map to adopt an effective, tactical phased-approach to addressing these identified security issues.
GlobalNSA provides a wide range of risk assessments. GlobalNSA’s holistic approach creates a customized assessment package that is unique for each organization.
- PCI DSS
- PCI PA-DSS
- PCI P2PE
- Meaningful Use
- SOC II
- CIS SANS20
- Security Architecture
- Secure Software Development
- Vendor Management
- Secure Cloud Development
- Security Operations
Security assessments are a specialized tool to help you identify and understand your gaps and blind-spots. GlobalNSA will work with you face to face to deliver an assessment that not only shows gaps but also provides a road-map to remediation.
GlobalNSA will analyze the design and architecture of your network to identify any potential security issues. Reviews are completed in accordance with all standards and regulations. Our trained engineers will work side by side your network team and evaluate all devices, segmentation, use of encryption, patch levels and more. The goal is to ascertain that your network architecture meets or exceeds security best practices.
GlobalNSA will assess the security of your mobile device solution. We will analyze mobile access paths including mobile browsers, mobile apps, and back-end services.
GlobalNSA's wireless security assessments is a key component to your organization's overall security health. We will review your network’s wireless security stance and provide you with a plan to secure your environment.
Penetration testing reveals vulnerabilities and possible exploits in your network, computer systems and applications and assesses impacts to your business and assets. GlobalNSA performs PEN testing either as a standalone service or combined with other services to create a tailored and comprehensive security solution. GlobalNSA utilizes proven penetration testing methodologies including real-world attacks. GlobalNSA recommends that all methodologies are used to obtain the most comprehensive picture of your risk exposure.
Advanced Penetration Testing
Black Box Testing
- External penetration tests simulate systems being attacked where there is no previous information about the target system
- Simulates a generally more realistic scenario
- GlobalNSA's experts will use all of the tricks and methodologies at their disposal.
White Box Testing
- Internal and external penetration tests are based upon full disclosure of the network in advance
- Simulates results from a threat operating inside the network.
- GlobalNSA will test areas where black box testing will not cover.
Red Team Testing
- Includes Black Box and White Box testing in combination with various additional attacks.
- Simulates a real-life adversary specifically attacking your organization with physical access to your location(s) and employees.
- GlobalNSA will create a full-scope, multi-layered simulation to measure your people, networks, applications and physical security controls
Standard Penetration Testing
Network Penetration Testing
Network vulnerabilities are usually introduced through poor configuration, inadequate patching, policies, and processes for firewalls, routers, key servers and other networked devices. GlobalNSA's network penetration testing attempts to exploit any vulnerabilities both internal and external to your organization's network.
Wireless Penetration Testing
Wireless penetration testing involves discovering any unauthorized wireless access points, spoofing legitimate wireless devices, identifying security weaknesses in wireless access points, and verifying compliance with any applicable regulations.
Many organizations go to great lengths to protect their sensitive data, yet fail to realize the weakest link in their defenses is their own people. Your employees may be unaware of the cyber-attacks that take advantage of basic human psychology. GlobalNSA's social engineering tests are all non-invasive and include email phishing, pretexting, media drops, and physical access. GlobalNSA will assess your security measures using real-world examples, offer recommendations, and provide training for your employees.
Security does not stop with a hardened network infrastructure. Desktop, mobile, web-based applications as well as service APIs are all possible entryways for an attacker to access your critical data. GlobalNSA’s application penetration tests are designed to validate that your applications are secure. GlobalNSA has extensive experience in software development and will execute software testing that exposes the flaws in your code and recommends steps to remediate.
Web Application Penetration Testing
Web applications are the most common targets for attacks. GlobalNSA offers web application testing based on the OWASP and SANs Top 25 methodology along with customized attacks that determines the security of your web application. GlobalNSA has experienced secure software developers who can identify issues not only through testing but by code inspection.
Mobile Application Penetration Testing
Mobile applications are becoming more dominant than ever which means attackers will attempt to exploit mobile applications as much as they do the Web application. GlobalNSA offers mobile application testing capabilities for Apple IOS , Google Android and Windows 10 mobile platforms including the backend API services that the mobile application depends on.
Desktop Application Penetration Testing
Desktop application penetration testing is often overlooked by organizations; however, it is as important as testing web and mobile applications. GlobalNSA provides thorough penetration testing of your desktop application by testing the GUI, data storage, data access and by code inspection.
Service API Penetration Testing
Web services allow applications to expose interfaces that can be called by other applications. Web services are often hosted on an internal network, but with the increasing popularity of mobile applications, many web services are being exposed to the Internet through Cloud applications. Securing these services is essential. GlobalNSA provides complete API penetration testing including protocols such as SOAP and REST.
Every IT organization needs to be prepared to respond to an incident at a moment’s notice. The speed with which an organization can recognize, analyze, and respond to an incident will limit the damage and lower the cost of recovery. Preparation is the key and GlobalNSA provides a comprehensive incident response program to help your organization manage any attacks or security incidents. Incident response is both proactive and reactive. GlobalNSA will help you get prepared and improve your ability to prevent attacks in addition to making sure your team is ready to respond in the event of an attack. GlobalNSA will address each phase of incident response with documentation, tools, and training.
GlobalNSA provides attack simulation services for those organizations that have a more mature security information program. These red team or multi-step attack scenarios will ensure that your incident response procedures adequately detect and respond appropriately to the threat level. GlobalNSA’s experts will create customized attacks and provide an in-depth assessment. GlobalNSA’s assessment will not only include the measurement of your incident response program but provide recommendations for improvement.
Intellectual Property (IP) is a high value corporate asset that is required to be secured. Intellectual property can be anything from a particular process to a trade secret or a specialized software algorithm. Often IP is more valuable than physical assets. GlobalNSA will help you identify and secure your corporate intellectual property.
GlobalNSA will perform technical reviews on your systems and software to identify possible intellectual property violations. Often software and system designers don’t realize that what they are working on is in fact intellectual property. GlobalNSA will provide a prioritization of the identify intellectual property and ensure it’s properly documented and protected.
Security training for your IT staff and employees will provide valuable understanding about today’s threats and how to avoid them. GlobalNSA’s experts will provide a customized training solution for your organization.
Secure Coding Techniques
Secure software starts with your developers understanding how to write secure code. GlobalNSA will train your developers to be secure coders and create customized classes based on your platform or architecture.
Employee Security Awareness
Give your employees hands-on instruction about the different cyber threats they may encounter inside and outside the workplace. Key training modules include Email Security (e.g Phishing), Pretexting, Portable Media Usage (e.g. use and storage, Media Dropping), and Physical Security (e.g. Tailgating).