CoAspire Vulnerability Scanning and Penetration Testing Service
Boss, we've got a problem...
That's the last thing a boss wants to hear, and the last thing an IT professional wants to report.
If you are a U.S. defense contractor or subcontractor, things got much more complicated if you have a cybersecurity incident. The DFARS rule on network penetration reporting means that in 2017, a single cyber incident could expose you to potential contract terminations, suspension, and even debarment. Every DoD contract put out for bid must include a cybersecurity incident-reporting clause. Now that cybersecurity is an "immediate and top priority" for the Trump administration, you can't afford to be at risk of a network penetration. CoAspire is here to help.
Managing cybersecurity risk is an everyday problem for both small and large businesses. Our computer systems and our employees have vulnerabilities, some are known, many are not. Cybersecurity risk is the real likelihood that a threat or malicious actor will exploit a vulnerability, causing financial or reputational damage.
It is impossible to eliminate all cybersecurity risk, but CoAspire can help mitigate the risk by finding vulnerabilities and implementing controls. CoAspire is well positioned to help companies determine if they need a vulnerability assessment and penetration testing, or not, and can offer this service at very reasonable rates. Please contact us at email@example.com
Everyday we are bombarded by stories about companies and agencies being hacked. In 2015, the U.S. Government's Office of Personnel Management discovered two separate but related cybersecurity incidents that resulted in the loss to foreign agents of personal and security background information of 25 million military members, government employees, federal contractors and their relatives and associates.
So let's not let that happen again, to the government, or to your company. The challenge with small companies is that they don't believe they have the financial resources to protect their networks. Small companies can't afford the high cost of hiring big IT firms to conduct a vulnerability assessment or penetration testing and remediation.
That's where CoAspire can help. Yes, CoAspire professionals can service large clients with complex systems, but we are also scaleable for the small companies that need an assessment and low-cost protection just like every other institution.
CoAspire's Find, Fix and Follow-Up cyber risk, vulnerability and penetration testing service is scaleable across all enterprises. Because our techniques and process is proprietary, we'll give just a quick overview. Most of the activity can be conducted remotely, with little to no interruption of business activity. Here is a brief overview of CoAspire's iterative and scaleable process:
- For a nominal fee, we will meet on-site or virtually (depending on travel costs) and gather system information to perform an initial, cursory risk assessment. Shortly after that meeting we will provide a brief written estimate of the risks that were found and an estimate of the expected costs to move through the Find phase of the project.
- If approved to move forward into the Find phase, We will then perform a more detailed risk assessment, both quantitative and qualitative. We will determine, before exploring for external vulnerabilities and performing penetration testing, where we should be testing, and why. We want to test the vulnerabilities that are most likely to be penetrated, and if penetrated, the ones that are of most value, and greater risk to our clients.
- We will then conduct an external network penetration test, to identify vulnerabilities and misconfigurations.
- Next we will conduct internal network penetration testing by CoAspire's Certified Ethical Hacker team. The team will only proceed with the consent of the company and in coordination with its IT team. The PENTEST team will use passive and active tools, and intrusive and non-intrusive testing.
- At the completion of this Find phase, the CoAspire team will document its findings. The CoAspire team will present a final assessment, an executive report and a technical report and will have recommended fixes to the found vulnerabilities and risks.
- In the Fix phase, CoAspire's technicians will support the client's team to properly fix them and test against vulnerabilities. CoAspire can recommended software and hardware solutions.
- The Follow-Up phase is a return visit by the CoAspire team to ensure the known vulnerabilities were fixed properly. Additionally, the customer may desire to have routine audits performed on the system in the following months to ensure no new vulnerabilities have developed.
The Deliverables will be:
1. An initial (very top-level) risk assessment to help company leadership decide how and if to proceed with the next steps.
2. Upon completion of the Find Phase, an executive report, technical report and recommendations for mitigation solutions.
3. If contracted for the Fix phase and Follow-Up, reports will be generated after both of those phases are complete.
We are pleased to offer this service to both small and large customers. Please contact us at firstname.lastname@example.org if you would like more information, an initial low-cost assessment and an onsite/offsite meeting.