Safety Net Solutions, Inc > Information Assurance

Protecting Enterprise Systems

Safety Net Solutions is a solutions-rich information technology firm providing information security and protection services to our customers. Customers select SNS because of our experience and reputation as a leader in building and deploying real solutions for their Mission Critical Federal Enterprise Systems.

The strength of our Information Assurance (IA) Team (SNS is a premier Software Developer for the Federal Government with significant qualifications with DoD, DoT, DoJ, INS, and our nation's Major Defense Contractors) is ideally suited to provide expert input into network planning, application and software development, security related process improvement, the certification and accreditation of government or business networks and associated information security equipment.

World events have driven today's Information systems security and systems protection to number one critical priority. SNS lives in this world daily, contributing "high order" Information Technology expertise to block clandestine intrusions attempts. Corporate commitment of our intellectual resources is dedicated to protecting Mission Critical Federal Enterprise Systems. This passion, shared throughout our entire organization, will be focused on your security needs.

As complexity increases and software vendors rush to release the next feature set to meet the steady demands for increases in information systems performance, more and more bugs find their way into software releases. Some of these are exploitable: on publicly accessible machines, on machines available within your intranet; others just cause problems in the way the software works. The historical approach of ignoring the potential problems until the next upgrade grows less viable each day. CERT's reports of cracked systems are showing a dramatic increase in incidents each year. A vast majority of these are cracked because the owners didn't keep them patched for known vulnerabilities. Major virus and worm outbreaks could have been similarly avoided for those who took the time to keep their systems fully patched and had the enterprise system certified by a CISSP Professional.

On average, Microsoft releases five security patches each month to correct major vulnerabilities. Gartner Group recently recommended migrating away from Microsoft's IIS web server if at all possible due to its continuing security vulnerabilities. If exploited, many of these vulnerabilities lead to compromise of your infrastructure: release or tampering with corporate information, loss of service availability, release of customer information, and use of the first compromised resource to attack other systems. Other platforms have similarly weak track records. Mailing lists for security issues can add a hundred messages a day to your inbox. Digests of these lists often don't provide timely information you can use without spending lots of time to review the materials provided. Then, you have to download, figure out how to apply, and finally apply the patches.

Just because you're behind a firewall doesn't mean that you're safe. The convergence of web browsers, word processors, and e-mail systems means that no desktop system can be considered safe. An attack can come from a web page, a rich-text e-mail, or other numerous other sources.

Our Information Security and Protection services are centered on the growing needs of government and businesses to protect their critical enterprise systems and electronic assets against misuse, misappropriation, data tampering, and most critical to the enterprise: clandestine intrusion. We provide the full range of information security services: from consulting on threat and risk analyses, penetration testing, real-time monitoring, and other "traditional" security services. We combine these disciplines with configuration management; process automation, log management, and other best in class system administration techniques that help our clients deploy these technologies as part of business processes improvement. We call this multi-disciplinary technique our "common sense approach to information security".


Common Sense Approach to Information Security

What You Need

We recognize that nothing will stop a determined intruder/cracker, short of the absence of a physical connection to the system being attacked. Information and system security is mostly an exercise in understanding your threats and risks, then wisely building in detection and defenses barriers to manage all threat risks. We believe in implementing security structures and systems that provide near term return on investment while raising the information security bar. Our goal is to make your Enterprise System a hardened target: one that we believe will stop intruders and defeat the potential cracker.

Our common sense approach to information security starts with increasing your knowledge. We provide basic services and products to help you:

-Learn about your threats and risks and existing real-world solutions to counter them.

-Learn about software defects and potential mis-configurations you may be exposed.

-Learn about effective tools, techniques, and other best practices to help you securely manage your infastructure.

-Learn timely and cost-effective remedies for defects and configuration issues.


Passing a network vulnerability scan doesn't mean that you're safe, it just tells you don't have any really obvious areas that can be exploited by some unauthorized person who gains access to your network. Many organizations have exposed risk factors that are so large and open you don't need a formal threat and risk assessment to expose them. We generally start with these problems: providing summary educational materials and a quick review of systems and procedures for commonly found significant risks that can be immediately corrected. Where we find these issues, we work with the organization to start correcting them. This approach quickly brings an organization to point where known major problems are fixed and remaining risks can be assessed at a more leisurely pace.

We then like to continue with a more detailed threat and risk assessment and develop a risk mitigation strategy for each exposed risk. Some risks can be mitigated using trivial fixes or procedure changes, some can be addressed by adapting a "best practice" that simultaneously improves how you work, others can be simply fixed by upgrading a system to its newest version, and some can't be fixed right away due to architecture constraints and require design changes to correct. We determine how to watch for these so you know if they are occurring before your systems are damaged. In all cases, we let you know what we have found, spend the time to teach your staff about it, and give you all the options and costs.

We like to recommend integrating fixes with adoption of "best practices". For example, if you have critical server patches that are not properly applied, we'd look at putting in place a "best practice" that helps monitor and install server patches, then use that tool to install the required patches. We combine the practices with training materials: both direct and hands-on practicum with your staff so they know how to carry on and give you a better way to manage your infrastructure as we fix vulnerability problems. The monitoring part of the solution tracks recommended fixes so you don't fall behind again. Problem solved: Permanently.

We've found that most organizations could have all the information they need to deal with most security issues available to their existing logging infrastructure. The information is generally:

-Not recorded due to mis-configurations

-Masked in the logs by volumes of other unrelated information

-Not reviewed by competent staff on a regulat basis due to log volume


We have a set of best practices for log management standards, automation, and integration techniques that make your existing logging systems provide useful information. We understand "best practices" applied to many areas, including:

-Automated assessment technologies

-Server configurations

-Workstation and server configuration management

-Log management

-Integrated log collection, monitoring and reporting

-Tamper detections and resistance

-Intrusion detection


Our common sense approach takes your knowledge and helps integrate automated tools to assess your vulnerabilities and report on them. These tools include automated system patch status reporting and assessment technologies, including our automatic continual self-assessment approach that helps ensure problems stay fixed during day-to-day operations. Unlike simple penetration tests and security scans, we help you integrate the tools you need to automatically check your network systems day after day to ensure that new problems are not introduced to your enterprise system and compromise your critical data.


Services

How We Help

-----

-Services

-Threat and risk assessments

-Disaster recovery planning

---Business impact analysis

---Recovery strategy

---Recoverability

---Disaster recovery testing

-System and network vulnerability assessments

---"Tiger team" attacks

-Incident detection and response

---Damage limitation

---Forensics

---Recovery

-Management guidance

---One time or ongoing

---Review of planned systems and architectures for security weaknesses

---Mentoring and coaching

-Policy development

---Security

-Training

---Security principles

---Secure system and network management

---Secure application development technique

-CISSP Certified Professionals

---Certification of your Network Security

Staff with over 20 Information Technology Patents Ready to Support your Program

Reputation for having some of the most talented Software Developers and System Engineers Available

Known for authoring cutting-edge Solutions for Mission Critical Data Applications

Achieved CPA's with Ratings of "Outstanding" in all Performance Categories