HomeContactClient Login
AboutProducts & ServicesAdvisories & AlertsThis text is replaced by the Flash movie.

PRODUCTS & SERVICES

Managed Services
»    Firewall Monitoring & Management Services
»    Network Intrusion Prevention Services
»   Server Intrusion Prevention Services
»   eShield Email Solution
»   Server Vulnerability Scanning Services
     
Consulting Services
»   Vulnerability Assessment
»   Penetration Tests
»   Security Assessment
»   Other Services
     
IT Regulatory Compliance Products and Services
»   Network & Internet Policy
»   Information Security Policy
     
Training Opportunities
»   Regulatory Compliance
»   eSAT
»   Training Schedule
»   Training Registration
 

  

Gladiator conducts a scored evaluation of a financial institution’s perimeter and internal systems along with their policies and procedures. By using common attack methods, social engineering, and drawing on our extensive knowledge of the financial industry and its regulatory requirements, we can effectively determine the overall security of your network. More important, we have years of experience in designing, installing, and supporting financial institution network systems and an in-depth knowledge of their associated software and platforms. This unique expertise enables us to anticipate and recognize threats on networks such as yours — from inside as well as outside.

Our Vulnerability Assessment comprises four phases:

Remote Examination:

  • Footprint Process: Your financial institution is electronically researched to discover all public information that would be available to an attacker. Other searches are conducted to find private information that may be used by unauthorized individuals.
  • External Scans and Penetration Testing: A series of automated and manual scans are used to discover all open ports through your Internet presence, find existing vulnerabilities, and identify any rogue modems that allow inbound connections.
  • Social Engineering: Publicly gathered information is utilized to orchestrate social engineering tactics on your employees. The resulting report will enable you to examine the security awareness of your employees and plan any necessary training.

On-site Examination:

  • Information Gathering: Our security analysts will meet with your key technology personnel to establish an overall understanding of your network and current security practices. Appropriate information security based policies will be gathered for review.
  • Internal Scans: A variety of scanners and tools will be used to identify your internal vulnerabilities. Password crackers will recognize weak network passwords. File-level security will be tested to determine if access control lists are configured to deny unauthorized access to sensitive data. A scan will also be performed to search for unauthorized or unsecured wireless access points on the internal network.
  • Analysis of Current System Security Configurations: A comprehensive review of your financial institution’s current system security configuration is performed to identify weaknesses in system implementation. Critical security controls, including firewalls, antivirus, network access controls, and security event auditing, are examined for adherence to regulatory and industry standards. Configuration enhancement recommendations will be made to fit the size and complexity of the financial institution.
  • Physical Review: A review will be conducted to examine physical controls and processes for selected facilities. This step will evaluate the adequacy of your financial institution’s physical security in protecting your customer information and critical network infrastructure.

Processing Phase:

  • Data Analysis: Information gathered during the external and internal phases will be analyzed to separate false positives from actual vulnerabilities.
  • Policy Review: Key security and financial institution policies such as network and Internet use, as well as information security programs, will be reviewed to help ensure regulatory compliance. Regulatory issues, best practices, and industry standards not sufficiently addressed and documented will be identified.
  • Executive Summary and Supporting Documentation: A comprehensive report will be produced, including results from the remote and onsite examinations. A non-technical, executive-level summary is provided to highlight the key findings of the assessment and provide an evaluation of your financial institution’s overall network security and regulatory posture. A detailed report will describe all vulnerabilities identified, including description of the threat, level of risk, and appropriate mitigation procedures. Recommendations for policy enhancements will be included along with suggested physical security changes. Raw report data from the various scans will also be included to supplement the report.

Presentation:

  • Deliverable Presentation: The completed assessment will be fully reviewed and explained to key personnel, and any questions will be addressed. Both a printed and electronic version of the report will be provided.

"Our recent vulnerability assessment was extremely complete. We hired Gladiator to check existing systems and processes and were surprised to discover several critical vulnerabilities that Gladiator identified and
quickly patched for us."

--SHARON STANLEY
IT Manager
American Heritage Bank
Sapulpa, Oklahoma

 
  © Gladiator Technology. All rights reserved.
  11395 Old Roswell Road, Alpharetta, GA 30009 | phone: 678.461.4620 | fax: 678.461.4625 | info@gladiatortechnology.com