Security Life Cycle

Phase 1


Conduct enterprise risk assessments customized to find the data and protect the data. Automate risk discovery with Halogen.

Phase 2


Merge both enterprise risk assessment and penetration testing to assess the organization. Quantify risks through InterLink

Phase 3


Bring security engineers on as a retainer model to continuously assess the organization. Crowdsource analysis through CISO Marketplace.

Phase 1

Social Engineering

Length of Social Engineering
3, 6, or 12 months engagements.

Type of Social Engineering
Physical and/or remote.

Social Engineering Avenues
Phishing, Vishing, Smishing, Whaling, Spearphishing, and Halogen.

Training for Employees
Educational Videos, Quizzes, and Gamification.
Deliverable through InterLink.




External Network Security Assessment


Continuous Assessment
Active scanning with vulnerability scanners through Halogen.

Cloud Environment
Cloud assessments for Policies and technical misconfiguration.

Elevating Testing
Penetration Testing with Social Engineering on a Quarterly or Semi-Annual Basis.
Deliverable through InterLink.

Web & Mobile Application Security Assessment


OWASP Top 10
Assess your mobile and web applications against OWASP Top 10 on a continuous basis.

Bug Bounty
Implement a bug bounty program for your applications to ensure code quality and elevated testing measure are being utilized.

Automation
Upgrade the Software Development Life Cycle with continuous analysis against infrastructure, source code, and testing.
Deliverable through InterLink.


Phase 2



Internal Network Security Assessment


Hacker’s Mindset
Assess the organization from a hacker’s mindset to determine root cause of risk within the organization. Automation of Risk discovery through Halogen

Domains
Wireless, Virtual, Networking, Servers, Physical, Information Security Program, Workstation, Third Party Applications, and Compliance.

Length of Assessment
One | Semi-Annual | Semi-Annual + Penetration Test | Security-As-A-Service
Deliverable through InterLink.

Custom Penetration Testing


Frameworks
Medical Devices | EMR/EHR | IoT Devices | Casino/Gaming Networks | ATM Machines | SCADA Devices

Assessment
Assessed from Box –> Infrastructure. Ship devices to our Security Innovation Center or onsite at your location. Automation of risk discovery with Halogen and deliverable through InterLink.

Length
Determine the number of devices assessed. 40 hours of testing per device across three months in time.



Information Security Program


Transform Information Security Program
Upgrade the entire Information Security Program into a digital platform to track progress and assign employees.

Compliance Mapping
Map the Information Security Program to specific regulations through our CISO Marketplace whether HIPAA, PCI, NERC CIP 6, ISO 27001, GDPR, PCI, etc.

Policy and Procedure Tracking
InterLink enterprise risk into the Information Security Program to hep quantify the root cause of risks.

Phase 3

Security-As-A-Service (SaaS)


Length of Assessment
Test both the digital assets and human assets on a continuous basis of:
One Month | Three Months | Six Months | One Year.

Simulation
Bring in multiple companies or group of individuals to assess the organization through various threat simulations vectors and advanced testing procedures.

Security Partnerships
Finding security partners through CISO Marketplace to assess devices, infrastructure, employees, or applications.

InterLink
Utilize InterLink to manage partnerships, instantaneous risk acknowledgment, and Security Life Cycle. 


What Makes Vulsec Unique?


Vulsec attacks security risk from a technology standpoint instead of a policy standpoint. Doing so allows us to verify that the infrastructure in place is beholding to the policies that should protect an organization. By incorporating our digital security platform, automated risk discovery, and strong partner network with our methodology we provide a full-service solution to ensure your organization is secure.


Scoping Questionnaire

About Us


Vulsec assesses your organization from an agnostic standpoint to discover, correlate, and mitigate risk. We bring in experience from all industries within the United States and internationally to apply global data privacy laws to protect the company. We create the blueprint that maps risks to solutions to correlate against our CISO marketplace to facilitate the most efficient remediation tactic.

Contact Us


Headquarters
30 Newbury Street, 3rd Floor
Boston, MA 02116

Security Innovation Center
745 Atlantic Ave
Boston, MA 02111

Email: [email protected]
Phone: (617) 648-9815
Fax: (617) 648-9819

Find The Data


Automate risk assessments by continuously scanning the infrastructure with commercial tools and the Vulsec methodology. Assess the Internet for corporate risk, Internal infrastructure, Active Directory, Virtual Environments, and Network devices consistently.

Scoping Questionnaire