Beacon Performance Consulting

Menu
Menu

Cyber Security & Managed Services

Managed Services

BPC has the resources to maintain servers, network equipment, firewalls, VPN devices, IDS, IPS, DDoS devices / voice switches for its clients at their data centers or even at their desired hosting locations backed up by centralized ticketing mechanism to keep track of the issues and services being maintained.

Engineers at BPC have hands on experience in the following areas:

Planning & Design Expertise:

  • Network planning and designing for data centers, LAN / WAN
  • Infrastructure planning and designing for data centers & BCP / disaster recovery site
  • Requirements analysis for systems / servers / storage (SAN/NAS/DAS etc.)
  • Product selection / comparison / evaluation expertise to minimize the cost with the selection of right products including network, systems, storage, infrastructure

Technical Expertise:

  • Network configuration,
  • firewall / VPN (IPSEC/SSL) on large spectrum of products including CISCO, AVAYA, Juniper, Fortinet, A10, Enterasys,
  • Extreme Networks, Nortel, Maipu, HP, H3C, DLink, Linksys, Huawei, 3COM,
  • Allied Telesin, Sonic Wall, F5, Alteon, Intruguard, Riory, Aruba, Ruckus, TP-Link

System Expertise:

  • Windows Server, installation & configuration for application hosting / database setup with domain / DNS / DHCP/ clustering configuration and support
  • SQL server installation configuration, administration and development services
  • Exchange server installation & configuration
  • TMG installation and configuration
  • Windows virtualization
  • VMWARE (Esx/Esxi), Citrix, XEN
  • Linux server administration for Fedora / Centos / Red Hat / Ubuntu for hosting / database setup
  • IPCoP, smooth wall, squid installation, configuration and support services
  • Migration services
  • Storage management, configuration, replication, backup and day to day operational tasks

Systems Security, Vulnerability Assessment and Penetration Testing

BPC Technologies has a Cybersecurity team comprising of skilled cybersecurity experts who have diverse experience and are equipped with the best-in-class tools.

 

On no obligation basis, we offer to assist you in gaining better understanding of the threats, vulnerabilities, vulnerable systems, services, and risks that can cause degradation in your operations and services, including the identification of internal exposures, external threats, and insecure domains. The outcome of our assessment activity would be:

  • Protecting brand and image by avoiding loss of users’ confidence and business reputation
  • Forming client’s own information security strategy
  • Development of client’s current security posture benchmark
  • Identification of potential breach points
  • Identification of security risks, threats, and vulnerabilities
  • Development of risk treatment/mitigation roadmap

Consequently, from a business perspective, availing our services helps our clients in safeguarding against failures, through

  • Preventing financial loss because of fraud (hackers, extortionists, and disgruntled employees) or through lost revenue due to unreliable business systems and processes
  • Proving due diligence and compliance to the government regulators, users, and stakeholders
  • Identifying vulnerabilities and quantifying their impact and likelihood

Initial Assessment & Reconnaissance

Publicly Accessible Information and Information Leakage
DNS Analysis and DNS Brute-forcing
Foot printing
Scanning

Vulnerability Assessment

Vulnerability Assessment (VA) service is designed to identify security holes within an organization’s IT infrastructure, specifically related to cyber threats. Before the actual penetration testing starts, it is necessary to establish a baseline of all the assets and the vulnerabilities in those assets that can be exploited.
Our team performs vulnerability scanning on all the assets within our scope so that technical and administrative vulnerabilities are identified. Vulnerabilities within our client’s environment are categorized not only according to the CVSS base score and the impact on the confidentiality, integrity, and availability of the information, but such vulnerabilities are also categorized according to the impact on business of the client. Furthermore, vulnerabilities having public exploits or malware available for their exploitation is given higher value as per their calculated risk exposure.
We perform both tool based and manual scanning along with validation of all discovered vulnerabilities and their evidence. We use separate checklists for each of the following types of vulnerability assessment testing

Penetration Testing

Identify the weakest points in the network, such that, businesses can make fully informed decisions about where best to focus the attention and budget to mitigate future risks

Comply with the government, industry or internal corporate standards that require this form of security assessment

Avoid financial, operational, and reputational losses caused by cyber-attacks by preventing these attacks from ever happening through proactively detecting and fixing vulnerabilities

Source Code Analysis

Our cybersecurity team can help application owners and developers to:

  • Avoid financial, operational and reputational loss, by proactively detecting and fixing the vulnerabilities used in attacks against applications
  • Save remediation costs by tracking down vulnerabilities in applications still in development and test before they reach the user environment where fixing them may involve considerable disruption and expense
  • Support a secure software development lifecycle (S-SDLC) committed to creating and maintaining secure applications
  • Comply with government, industry, or internal corporate standard.

Information Security Management System (ISMS) Audit

We conduct ISMS audit to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach. ISMS audit demonstrates any company’s approach towards information security and privacy

  • identify security controls in-scope departments that include application, network, and operating system access control.
  • analyse all relevant policies and SOP documents, network diagrams, applications, systems, network equipment and list of controls, identification of assets in scope of gap analysis.

System Hardening

Server Hardening and OS Hardening
Application Software Hardening
Network Hardening
Database Hardening

Security Risk Assessment

Risk identification
Risk analysis
Risk Monitoring and Control
Risk evaluation
Risk Management

Open-Source Intelligence (OSINT) Investigations

Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (overt and publicly available sources) to produce actionable intelligence. Open source acquisition involves procuring verbal, written, or electronically transmitted material that can be obtained passively. In addition to documents or propriety information available via the Internet or distributed by a human source, others are obtained after government or non-government entities publicly makes internal information make public intently or un-intently.

We provide following OSINT Investigations:

  • Human Intelligence (HUMINT)
  • Imagery intelligence (IMINT)
  • Geo Intelligence (GINT)
  • Social Media Intelligence (SOCMINT)