Continuous Threat Assessment Services


Securus Global Continuous Threat Assessment Services meet  of the great challenges facing most organisations today - keeping up with the constantly changing threats across the entire organisation.

Customised to suit your particular risk profile and business concerns, Securus Global will provdie a regular service to uncover, assess and provide recommendations for your biggest concerns including but not limited to:

Vulnerability Assessment

New vulnerabilities are being discovered, and published, on an ongoing basis; and an organisation has the difficult task of balancing the potential security threat with the burden and administrative overhead of constantly applying patches and fixes to their systems.

The key to effective vulnerability management is understanding how a given vulnerability affects your organisation – in the context of your computing environment. It is only then that you are able to prioritise any remediation activities, and strike a commercially-realistic balance between security and operations.

Securus Global provides a suite of complementary services that can assist organisations in establishing, or streamlining, their vulnerability management process. These services include the following:

System classification and business impact assessment - This crucial first step will identify the different classes of networks and systems in your organisation, and provide a rating in terms of exposure and potential business impact. These ratings will form the basis of key decisions in the vulnerability management process and allow remediation efforts to be prioritised appropriately.

Establish formal policies and processes -Using the information gathered in the system classification exercise, and by also performing a high-level risk assessment on your organisation, we will formally document the vulnerability management policy and associated process. This will include:

  • The methods of keeping up-to-date with new vulnerabilities through industry resources.
  • A decision process for categorising a vulnerability in the context of your organisation.
  • Establishing the remediation timeframe for each category of vulnerability.

Implement tools and resources - If your organisation has already invested in vulnerability management tools, Securus Global can assess the effectiveness of the deployment to ensure that it meets the needs of the agreed vulnerability management process - and provide recommendations where appropriate. Where there are no pre–existing tools, Securus Global is able to leverage its reseller agreements with leading vendors to implement the tools necessary to make overall vulnerability management an easier task.

Password Cracking Service - Recent breaches locally and Australia have occured because end user passwords, despite policies being in place were weak and subsequently compromised causing avoidable reputational damage and costs.

As a regular assurance activity, Securus Global's password cracking service can be used to proactively identify and address end user weaknesses mitigating reputational damage and the need to disclose publically a problem.

Securus Global's offline password cracking service is to identify user accounts whose passwords may be easily compromised in order that user education can be provided as appropriate, or indeed praise where it is clear that users understand the spirit of password requirements. In our experience, real world examples of security awareness benefits provide exponentially greater ROI than theoretical examples.

While penetration testing can help our clients in understanding the security posture of particular environments or applications, these projects often target only a small components of an organisation's entire IT estate.

Also, as a result of commercial realities, penetration tests are generally limited to a particular time window or amount of effort. The downside of this approach is that clients don't get to answer some of the "what would happen if…" questions? In particular what would happen if an attacker with more time and effort allocated to penetration tests were to gain leverage inside the corporate environment. Securus Global's new offline password cracking service is designed to answer this question.

Although many organisations will apply password policies to ensure that users choose passwords complying with length and complexity requirements, users will often select passwords that comply with the letter of the requirements whilst ignoring the spirit of them.

Securus Global's offline password cracking service is to identify user accounts whose passwords may be easily compromised in order that user education can be provided as appropriate, or indeed praise where it is clear that users understand the spirit of password requirements. In our experience, real world examples of security awareness benefits provide exponentially greater ROI than theoretical examples.

Securus Global's Offline Password Cracking service supports many current encryption and hashing algorithms (the latter including hashing implementations using custom salt values). For full details of technical suitability and pricing applicable to your particular requirements, please contact us.