Security Assessments

nGuard delivers intensive, scalable assessment services with clear, actionable deliverables.

Organizations planning for a security assessment have to juggle many competing priorities. 

They are struggling to become compliant, and stay compliant, with a number of security standards or regulatory targets. Budgetary pressures are ever-present, but organizations need to ensure that assessments are performed by a solid, reputable firm with expert assessors. As a premier assessment practice, nGuard Managed Assessment Services (MASS) has helped an extensive portfolio of clients address exactly these challenges.

nGuard provides the most complete and thorough set of assessment services available in the industry. With over 25 unique assessment services available, our team of credentialed security experts can address nearly any assessment need you may have. Whether it's a penetration test, a PCI audit, a HIPAA assessment, or anything in between, nGuard has got you covered.

 

Benefits & Services

 Benefits & Services

  • Benefits

  • External

  • Internal

  • Compliance

  • Cloud

  • Mobile

Benefits


nGuard is the clear choice for a superior quality security assessment. Clients choose nGuard for many reasons including:

  • Security Pure Play –  nGuard is a "pure play" company of the security services industry. Delivering expert security services is all we do, and we do it well.
  • Credentialed Experts –  The MASS practice delivers assessments with a team of thoroughly certified, expert assessors. As security subject matter experts, MASS consultants and engineers hold a broad array of certifications including CISSP, CISA, PCI QSA, C|EH, GIAC (GSEC, GCIH, GCIA, GCFW, GWAPT), IRCA ISO 27000, and Security+.
  • GRC Alignment –  Perhaps the biggest challenge for many clients is staying in alignment with the alphabet soup of Governance, Regulation & Compliance (GRC) requirements. For years, nGuard has been helping clients navigate the GRC landscape with specialized assessments tailored to PCI/DSS, HIPAA/HITECH, FISMA, NERC/CIP, GLBA, SOX, and others. nGuard also offers specialized advisory services that provide ongoing guidance after the assessment.
  • Assessment Program Customization –  nGuard knows that the assessment requirements of a Fortune 100 company and a small non-profit company are different. nGuard invests the necessary time to understand our client’s specific requirements and provide tailored solutions that scale to their business specifications.
  • North American Focus, International Reach –  nGuard focuses on clients in North America, but also works with an extensive set of international clientele, delivering assessments across Asia, Europe, South America, and the Middle East.
  • Longevity –  Delivering comprehensive security assessments since 2002, clients know nGuard is a viable, long-term, assessment partner.
  • Unparalleled Responsiveness –  Responsiveness to new and existing clients is another of nGuard’s hallmark values. Our clients sometimes have extremely time-sensitive deadlines. However, our clients know they can trust nGuard to "make it happen."
  • Extensive References –  Given our longevity in the space, nGuard has an extensive array of reference clients. We make these referrals available to organizations considering nGuard for the first time.

 

External Assessments


  • External Penetration Testing – Your Internet perimeter gets attacked all day, every day. Through comprehensive reconnaissance, vulnerability identification, and focused exploitation, nGuard's External Penetration Testing ensures your perimeter security is solid.
  • Physical Penetration Testing – With nGuard's Physical Penetration Testing, measurement of your physical security posture becomes possible for the first time. Using custom methodologies, tactics, and the latest technology, nGuard demonstrates physical security gaps that must be closed to protect the enterprise.
  • External nGuard Vulnerability Management (NGVM) – Solid perimeter security is a process, not a one-time event. For this reason, customers engage external nGuard Vulnerability Management (NGVM) to ensure their perimeter security is maintained in between regular penetration tests. With options for certified PCI ASV reports, nGuard can take care of your PCI quarterly reporting requirement as well.
  • Web Application Penetration Testing – Web applications are windows to critical information in your company, and they are constantly under attack. nGuard's Web Application Penetration Testing uses specialized tools, along with specialized application-centric penetration testing methods, to exhaustively assess the security of these critical applications. 
    Read More 
  • Wireless LAN Penetration Testing – nGuard's Wireless LAN Penetration Testing service plays an invaluable role in securing your wireless environment. By employing a three-pronged assessment methodology, nGuard assesses the wireless LAN infrastructure, wireless endpoints, and rogue access points/devices.
  • Social Engineering – Let's face it: Your people may well be the weakest part of your security program. nGuard's social engineering testing thoroughly examines your personnel's susceptibility to targeted attacks across many different communication mediums and through many different attack vectors.
  • Dialup Penetration Testing – By utilizing best-in-class dialup penetration technology, with nGuard's mature testing methodology, nGuard will find the modem-connected computing resources and quantify the associated risks.
  • Console Auditing – nGuard's Console Audit process takes a look at the configuration security of critical servers, systems, and network devices. Console Audits yield important findings that ensure systems are properly secured at the system or device level.
  • Information Disclosure Assessment – Organizations leak information onto the Net all the time. Sometimes, it's accidental; sometimes, it's intentional; and, in some rare cases, it may even be criminal. nGuard's Information Disclosure Assessment measures the quantity and types of potentially sensitive information that your organization has leaked out onto the Internet.

 

Internal Assessments


  • Internal Penetration Testing – In this modernized age of digitalization, a secure perimeter is simply not enough to protect the organization. The internal networks have to be secure, as well. nGuard's Internal Penetration Testing provides comprehensive internal reconnaissance, vulnerability identification, and focused exploitation. Moreover, nGuard will identify the vulnerable systems and services, providing a detailed plan to correct all the issues found.
  • Internal nGuard Vulnerability Management (NGVM) – New vulnerabilities constantly emerge on your internal networks. With the internal network in constant flux, nGuard Vulnerability Management (NGVM) can provide updates between baseline assessments. This enables valuable feedback on remediation of existing vulnerabilities, as well as identified new critical or high severity vulnerabilities. Furthermore, as an added bonus, Internal NGVM also helps address a critical requirement for PCI compliance.
  • Malware Hacker Detection – Sometimes you need insight into what is coming in and out of the network and whether it might be malicious in nature. With the Malware Hacker Detection (MHD) assessment option, nGuard is able to examine traffic flows on the critical network segments. Using advanced application-aware traffic inspection technology and proven assessment methodology, nGuard is able to identify malware command & control, as well as actively ongoing hacking activity.
  • Network Database Assessment – nGuard's Network Database Assessment option identifies security weaknesses in your most critical databases. Using specialized database security testing technology, nGuard engineers closely examine all aspects of database security as both anonymous and named users.
  • Wireless LAN Penetration Testing – nGuard's Wireless LAN Penetration Testing service plays an invaluable role in securing your wireless environment. By employing a three-pronged assessment methodology, nGuard assesses the wireless LAN infrastructure, wireless endpoints, and rogue access points/devices.
  • VoIP Security Assessment – Voice over IP (VoIP), or IP Telephony, is here to stay. nGuard's VoIP Security Assessment plays a major role that will dramatically enhance your IP Telephony security. Using a custom set of tools and methodology, nGuard examines all aspects of your tactical VoIP security, be they from the PBXs & voice mail servers to the handsets & soft clients.
  • Password Database Testing – The security of your environment, quite often, comes down to the strength of end-user passwords. This means that evaluating your organization's centralized password databases is essential. nGuard's password testing employs specialized password cracking hardware systems, nGuard-custom password dictionaries, and massive pre-computed hash tables to efficiently analyze your password security.
  • Physical Penetration Testing – With nGuard's Physical Penetration Testing, measurement of your physical security posture, for the first time, becomes possible. Utilizing custom methodologies, tactics, and the latest technology, nGuard demonstrates physical security gaps that must be closed to protect the enterprise.

 

Compliance Assessments


  • Strategic Security Assessment – nGuard's Strategic Security Assessment (SSA) is a streamlined process comprised of high-level policy/procedure review and a rigorous structured interview process. nGuard analyzes the customer environment for best practice security controls and, where deficiencies are noted, provides specific remediation recommendations to close the gap.
  • PCI Strategic Security Assessment – For retailers, merchants, or service providers who are new to processing credit card payments, complying with the Payment Card Industry / Data Security Standard (PCI/DSS) can feel pretty daunting. nGuard's PCI SSA service can help organizations validate the scope of their compliance environment, confirm type & level of merchant or service provider, and examine the organization for compliance with all required PCI security controls. 
    Read More 
  • PCI QSA Onsite Assessment – For higher-volume merchants and service providers, the PCI Security Council & acquiring banks require a very specific assessment methodology known as the PCI QSA Onsite Assessment. As a proven, certified PCI QSA firm, nGuard can work with merchants & service providers to demonstrate their PCI compliance while taking a streamlined process that has minimal impact on the business. 
    Read More 
  • HIPAA/HITECH Strategic Security Assessment – Whether a healthcare institution, insurance provider, or a business associate, you need to ensure that you are fully complying with the HIPAA Security Rule & the HITECH Act. nGuard's HIPAA/HITECH Strategic Security Assessment examines your IT & information assets and provides a thorough gap analysis. 
    Read More 
  • Security Risk Assessment – For those customers seeking to formerly measure their information security risk, nGuard offers our Security Risk Assessment. This strategic assessment evaluates your critical information assets, identifying the potential threats, impacts, and probability of occurrence for those threats. When combined with the value of the asset, whether qualitative or quantitative, nGuard helps organizations to understand those assets that are most at risk, along with the specific threats that need to be mitigated first. nGuard's Security Risk Assessment also specifically addresses the GRC targets (HIPAA/HITECH, PCI, etc.) that require regular risk assessments as part of the overarching security program.
  • ISO 27000 Assessment – For those organizations looking to align with the international ISO 27000 security standard, nGuard can help. Using certified consultants, nGuard's ISO 27000 Assessment evaluates the target environments for compliance, identifying both major & minor non-conformities.
  • Data Loss Discovery – The loss of trade secrets, sensitive data, or regulated information (such as credit card and personal health information) is a daily occurrence on the Internet. Furthermore, it's nearly impossible to determine if your employees are compounding the issue by failing to adhere to network acceptable use policies. Using best-in-class, data loss detection technology, nGuard will identify how the organization is at risk. We'll determine how sensitive data is exiting your network, what unproductive or unethical activity is taking place, and more.

 

Cloud Security Assessments


  • Cloud Penetration Testing – Even though your cloud infrastructure is hosted in a separate environment, your cloud perimeter is still attacked all day, every day. Through comprehensive reconnaissance, vulnerability identification, and focused exploitation, nGuard's Cloud Penetration Testing ensures your cloud perimeter security is solid.
  • Cloud NGVM – Maintaining solid perimeter security for your cloud environment is a process, not a one-time event. Our customers engage external nGuard Vulnerability Management (NGVM) to ensure their cloud perimeter security is maintained in between regular penetration tests. With options for certified PCI ASV reports, nGuard can take care of your cloud perimeter's PCI quarterly reporting requirement as well.
  • Internal Penetration Testing for the Cloud – Securing your cloud perimeter is simply not enough to protect your cloud environment. The interior cloud networks must be secured, as well. nGuard's Internal Penetration Testing for the Cloud provides a comprehensive testing framework that identifies vulnerable interior cloud systems & services.
  • Internal NGVM for Cloud Networks - New vulnerabilities constantly emerge on the inside of your cloud networks. With the constant change, nGuard's Vulnerability Management (NGVM) for internal cloud networks can provide updates between baseline assessments. As an added bonus, Internal NGVM addresses a critical requirement for PCI compliance.
  • Cloud Web Application Penetration Testing – Web applications in the cloud are always under attack. nGuard's Web Application Penetration Testing for cloud environments uses specialized tools along with specialized application-centric penetration testing methods. Such elements exhaustively assess the security of these critical applications.
  • Cloud Console Auditing – nGuard's Console Audit process takes a look at the internal configuration security of key cloud systems. Console Audits yield important findings that ensure systems are properly secured, both in running systems and also pre-configured images, which are used for the future provisions of your cloud environment.
  • Cloud Network Database Assessment – nGuard's Cloud Network Database Assessment option identifies security gaps in your critical cloud databases. Using specialized database security technology, nGuard engineers closely examine all aspects of cloud database security.
  • Cloud Password Database Testing – The security of your cloud environment quite often comes down to the strength of end-user passwords. This means that evaluating your cloud environment's centralized password databases is essential. nGuard's Password Database Testing employs specialized password cracking hardware systems, nGuard custom-password dictionaries, and massive pre-computed hash tables to efficiently analyze your cloud password security.
  • Strategic Security Assessment for Cloud – nGuard's Strategic Security Assessment (SSA) for Cloud analyzes your cloud environment for best-practice security controls. Furthermore, where deficiencies are noted, specific remediation recommendations are provided to close the gaps.
  • PCI Strategic Security Assessment for Cloud – For organizations with cloud environments and who are new to processing credit card payments, complying with the Payment Card Industry / Data Security Standard (PCI/DSS) can feel daunting. nGuard's PCI SSA for Cloud can help organizations to validate the scope of the cloud environment, confirm type & level of merchant or service provider, and examine the cloud for compliance with all required PCI security controls.
    Read More 
  • HIPAA/HITECH Strategic Security Assessment for Cloud – This assessment service is appropriate for organizations with cloud infrastructure which process, transmit, or store electronic personal healthcare information (ePHI). Fully complying with the HIPAA Security Rule & the HITECH Act is mandatory. nGuard's HIPAA/HITECH Strategic Security Assessments for cloud environments examines your cloud information assets and provides a thorough gap analysis.
    Read More 
  • PCI QSA Onsite Assessment for Cloud – As a proven, certified PCI QSA firm, nGuard can work with merchants & service providers with cloud environments to demonstrate their PCI compliance. Additionally, nGuard’s streamlined process will have a minimal impact on the business. 
    Read More 

Mobile Security Assessments


  • Mobile App Penetration Testing – Supporting critical apps on mobile platforms has now become mission critical, but security remains job one. nGuard's Mobile App Penetration Testing service helps identify the critical vulnerabilities in your mobile app environment by closely examining both the server & the client.
  • Mobile Web Application Penetration Testing – Mobile apps often rely on web application infrastructure. Such reliance can either be with all-inclusive mobile web sites or web infrastructure presenting APIs & libraries. nGuard's Mobile Web Application Penetration Testing has the capability to examine your unique mobile web environment & identify critical security issues.
  • Strategic Security Assessment for Mobile – nGuard's Strategic Security Assessment (SSA) for Mobile analyzes your mobile environment for best-practice security controls. Where deficiencies are noted, specific remediation recommendations to close the gaps are provided.
  • PCI Strategic Security Assessment for Mobile – For organizations with mobile environments and processing credit card payments over mobile platforms, complying with the Payment Card Industry / Data Security Standard (PCI/DSS) can be an overwhelming reality. nGuard's PCI SSA for Mobile can help you validate the scope of the compliance environment, confirm type & level of merchant or service provider, and examine the mobile environment for compliance with all required PCI security controls. 
    Read More 
  • HIPAA/HITECH Strategic Security Assessment for Mobile – With the pervasive adoption of mobile platforms in the healthcare sector, you have to focus on mobile platforms that process, transmit, or store electronic personal healthcare information (ePHI). nGuard's HIPAA/HITECH Strategic Security Assessment for Mobile examines your ePHI mobile assets and provides a thorough gap analysis. 
    Read More 
  • PCI QSA Onsite Assessment for Mobile – As a proven, certified PCI QSA firm, nGuard can work with merchants & service providers with mobile platforms to demonstrate their PCI compliance. Furthermore, nGuard’s streamlined process will reduce the impact on the business. 
    Read More 

 

Featured Solutions
Let's Get Started

Contact us at 1-866-888-7111 or complete the form below.