SERVICES
McDowell Associates has a proven methodology and experience in performing the following types of security consultanting engagements.
Penetration Testing
Web Application - reviews the logic structure, code, methods of access and authentication mechanisms of your web-based applications. Testing for SQL injection, Cross-Site Scripting (XSS) and many other web application attack vectors.
Network - provides external and internal vulnerability and penetration assessments, VPN vulnerability and penetration tests and an analysis of VoIP within your environment.
Wireless - identifies weaknesses and vulnerabilities specific to your wireless infrastructure.
System Hardening - tests for the hardening configuration of the operating systems in use within your environment.
Mobile & Laptop - tests for the hardening configuration of the laptop hardware, encryption and operating system in case of loss or theft.
Social Engineering / Physical Security - tests for unauthorized access into your companies buildings and networks or systems via various methods.
War Dialing - identifies unauthorized modems that provide access to your network and then attempts to exploit your network through illicit devices.
Network Security Monitoring
Detecting and responding to unknown malware attacks within the enterprise network may be a necessary capability for organizations with demanding security requirements, but it’s also a major
workload for Security Operations Center (SOC) personnel. McDowell Associates increases analyst productivity and accelerates time-to-response by automating threat detection, analysis, protection, and remediation. Integration via APIs to provide automated signature creation and distribution to Firewall and AV solutions.
RESULTS
A face-to-face presentation of findings and recommendations (where applicable).
An executive summary that examines the overall assessment process and results including highlights of specific high priority vulnerabilities and findings.
A management summary that groups, categorizes, and ranks vulnerabilities by severity level, as well as recommends mitigation techniques and time/resource requirements.
Technical reports which include detailed processes and/or findings from each phase of the assessment. This report includes technical mitigation recommendations, technical process improvements and recommendations on proactive mitigation strategies, depending on the situation.