Incident Response & Forensics

Whether or not your organization is prepared, security breaches have become common occurrences. Hackers succeed, insiders go awry, and all manner of security measures occasionally fail to prevent theft, misuse, or denials of service. Terremark SIS can respond quickly to these situations by fielding trained, certified, and experienced personnel to assist you in every aspect of Incident Response. Our methodology centers around the Incident Lifecycle: preparation, identification, containment, eradication, recovery, and root cause analysis for future prevention. This methodology ensures that security holes are closed and lessons learned are applied. Our expertise also ensures that forensic evidence is collected, labeled, and stored in a way that allows you the flexibility to pursue any legal remedies that may be available.

• Rapid response capability
• Knowledge Transfer as core deliverable
• Insightful Reporting in plain English
• Your liaison with law enforcement
• Practical, effective methodology
• Root Cause Analysis addresses real issues
• Remediation Assistance available
  

Vulnerability Assessment Services

Whether you are launching a new production service, upgrading or expanding existing services, or simply don’t know what your current vulnerabilities are, a Vulnerability Assessment from Terremark’s Secure Information Services team will clarify the overall security posture of your information. Thorough analysis is ensured by covering the IT infrastructure from the ground up: networking equipment, servers and desktops, applications, and human issues such as policies and procedures. The end results are a deep understanding of your security position and remediation recommendations that fit within the context of your business requirements.

• Customized assessment plan
• Certified, experienced security personnel
• Knowledge Transfer as core deliverable
• Insightful Reporting in plain English
• All details are kept in strictest confidence
• Thorough coverage of infrastructure layers
• Policy, process and compliance review
• Internal and External assessment available
• Remediation Assistance available
• Legacy and Web Application Code Review

Incident Preparation

When an incident affects your organization, a response plan is the difference between a minor inconvenience and a major source of expense and liability. By combining industry best practice with tested and practical methodologies, we deliver a best-of-breed solution that fits within the context of your organization’s business. Trust us to craft Incident Response Plans that are realistic, efficient, complete and thorough.

• Knowledge transfer as core deliverable
• Flexible, efficient planning methodology
• Regulatory compliance: Sarbanes-Oxley, GLBA, HIPAA, PCI-DSS
• Scheduled testing assistance available

Penetration Testing

In contrast to a more theoretical Vulnerability Assessment, a Penetration Test will uncover, compromise, and prove issues as exposed to an external or internal attacker. Alongside the baseline provided by a Vulnerability Assessment, Penetration Testing is indispensable in determining the most cost-effective use of security-related resources in an organization. A Penetration Test will illuminate security issues in processes and procedures that a typical vulnerability assessment is unable to reveal. By filling in the gaps of knowledge about the security stance of your information, recurring Penetration Testing can help your organization comply with regulations such as SOX, GLB, HIPPA, FERPA and others, as well as improve the stance of your organization regarding certifications such as ISO 27000 series, IA-CMM and PCI-DSS.

• Customized testing plan
• Insightful Reporting in plain English
• Thorough coverage of most likely attacks
• Alternative and Out-of-Band attacks
• Social Engineering
• Wastebasket Perusal
• Internal and External testing available
• Focus on business-critical infrastructure using Process Dependency Graphs
• Remediation Assistance available