We Help You Stay Ahead
Consulting Services & Competencies
Our services provide actionable security intelligence to organisations enabling directed action and targeted investment to secure their systems. Our security consultants understand the technology that runs your business and are specialists in vulnerability discovery and exploit development, allowing us to determine exactly what tests and attacks could and should be protected against. We specialise in performing Vulnerability Analysis and Penetration Testing of Virtualised Environments and have developed tools and methodologies to support this specialisation.
Our objective is to provide our customers with solutions relevant to specific threats to their environment.
“Cyberspace is a twenty four (24) hour a day world, one in which old assumptions about geographic boundaries and time zones are obsolete. This is the one great benefit of modern technology – cyberspace is always open for business. But this also brings great challenges to those who guard our electronic borders” – Senator John Faulkner.
SoftGen’s offering includes both ad hoc and customised programs, which enable customers to move through a top down process, implementing a management framework to assist them with information security and risk. This approach is industry-aligned and practical for any organisation.
SoftGen in conjunction with our partners have developed a unique scanning methodology that enables us to provide both Vulnerability Assessments and Verification testing using a combination of real time modelling and virtual environments to identify and prioritise risks to your network and data. This approach enables for continual testing of your environment without impacting your production systems.
The results of this type of assessment may indicate that elements of a company’s architecture need to be re assessed or re designed to provide a customised approach to their particular security requirements – one size doesn’t necessarily fit all.
The SoftGen tailored approach to Vulnerability Assessment enables us to scan your systems to meet site requirements.Our procedures allow us to:
Accurately understand your real risk exposure
Prioritise vulnerabilities quickly and accurately
Report on the vulnerabilities that have been revealed
Provide detailed remediation steps to protect the systems
Implement systems to maintain remediated systems
Penetration Testing or Ethical Hacking
Penetration testing highlight which of your systems are effective in stopping hackers and which are not, providing detailed remediation advice on how to correct or mitigate the issues.
This information is critical for PCI Compliance, periodic security testing, change management and pre-purchase due diligence. Using sophisticated tools and extensive security experience, our consultants utilise brute force credential discovery, smart exploitation, password enumeration and Web application scanning as part of their testing.
A penetration test mimics the actions of an actual attacker, exploiting possible weaknesses in your network security, without the usual dangers. Reporting is provided at two levels:
The Executive Overview summarises and articulates technical vulnerabilities in terms of business risk and priority
The Technical Report provides an analysis of vulnerabilities with detailed remediation steps listed to secure your systems
Database Vulnerability Testing
SoftGen can help customers ensure that their Oracle and SQL database systems are not vulnerable to intrusion by hackers. Utilising a mix of commercial and open source tools, our consultants will run automated and hand scripted Vulnerability Assessments and exploitation tests against systems to discover the existing exposure. Testing services include:
Database Exploitation testing to discover weaknesses
Crafted SQL scripts to test against SQL injection, Cross Site Scripting and weak DB policies
Detailed remediation steps to secure the database and underlying infrastructure
Implementing remediation steps and hardening the systems
Wireless Scanning and Injection Testing
Wireless devices are increasingly being used by individuals in organisations to access corporate data. The BYOD device, which can include Laptops, Smartphone’s and tablets are often the least secure devices within an organisation. WAP’s and 3G devices have well known security issues and there are developing security threats with the 4G devices. Testing includes:
Wireless scan for known and rogue WAP’s
Initial assessment of security enabled at each WAP
Test authentication using known device credentials
Employment of packet injection to force de-authentication
Handshaking capture and initialisation packet analysis
Handshake cracking using brute-force and rainbow tables
Specialised Virtual Environment Testing
The rapid adoption of virtualisation and Private, Public or Hybrid cloud computing has radically transformed the information security landscape. To assist with understanding your current Virtual Environment posture, the Virtual Security Check provides security vulnerabilities assessment across your nominated Virtual environment.
The Virtual Security Check is conducted by deploying a purpose-build VMware/Hyper-V security appliance which is specifically customised with the latest industry standard security assessment and vulnerability testing tools. A Security consultant will remotely scan and expertly analyse your vSphere vCenter Server, ESX/ESXi or Hyper-V hosts and Guest OS images to develop a comprehensive security assessment report which identifies any critical operational and security risks discovered within your environment.
Firewall Attack Simulation and Optimisation
SoftGen has developed the capacity to simulate the affect of any attack scenario on your organisation’s firewalls. We do this by loading the rule sets of the organisation’s firewalls into a system that allows us to run simulated attacks on the systems from all entry points, to ascertain the effectiveness of the firewalls rules.
This means that we can ensure that the firewalls are protecting the key systems within your organisation and eliminate redundant and obsolete rule sets that are clogging your network.
In addition, we can perform this firewall audit in minutes. Normal manual audits can take weeks to perform, tying up valuable resources. Our service provides assurance and lower costs.