Quicklinks

• About Us
• Our Approach
• Our Expertise
• Our Services
• Why Choose EGS?
• Security Outreach
• Work With Us

EGS provides a comprehensive evaluation of your information security posture

EGS identifies vulnerabilities and determines gaps in your information security environment

EGS leverages a proven LPT methodology that includes assessments, scans and testing

Download Brochure

The best way to determine the security posture of your organization is to test it. EGS offers administrative, logical and physical controls testing to minimize the chances of a network security incident.

EGS leverages the field-proven penetration testing methodology taught in the Licensed Penetration Tester (L|PT) certification course. This methodology includes open source intelligence analysis, policy and procedural content, policy maturity level reviews, and discovery, analysis and testing of potential logical, physical and human vulnerabilities.

Our concentration in specific areas of IT security, coupled with our experience in security training and certification provides organizations with the professional experience, knowledge, and analysis necessary for a comprehensive IT risk assessment, management, and mitigation strategies to protect the information infrastructure.

Summaries of the controls testing performed by our consultants:

Administrative IT Controls Review and Testing

IT Security involves more than just the logical networking components. Policies and procedures also play an important part in a successful IT security posture. EGS reviews the administrative IT control measures in your organization and compares those measures to best practices, FISCAM, FISMA, GLBA, ISO/IEC 27001, or requirements specific to your industry. The result of reviewing and testing Administrative IT Controls is a “Gap Analysis” showing you where you are now, where you need to be in order to achieve compliance, and recommended steps to close those gaps. Need more details? Click here.

Physical and Logical Vulnerability Assessments and Penetration Testing

Ignorance may be bliss, but not in the security arena. You must discover what vulnerabilities exist, where they are, which vulnerabilities pose an actual threat, and determine how much of a threat those vulnerabilities are to your organization's assets and business processes.

Physical Vulnerability Assessments

Logical security by itself is not enough. It does not matter how many network access controls or Active Directory Group Policies you have if I can convince the receptionist to let me into a non-public area of your business or I can walk in through an unlocked back door. I could steal the hardware your data resides on or steal the hardcopy information lying around. We determine potential weaknesses in the physical security controls at your organization and the susceptibility of your employees to to human intelligence collection techniques by attempting to gain unescorted access to sensitive information and non-public areas of your business. Need more details? Click here.

Logical Vulnerability Assessments

Physical security by itself is not enough. It doesn't matter that you have access control cards, armed guards or man-traps if an attacker isn't physically there and your firewall configuration is accessible from the Internet. We determine logical vulnerabilities present in the external and internal network infrastructure and information vulnerabilities, which consist of publicly available information that could assist an attacker in compromising your network or which could pose a reputational risk to your organization. Need more details? Click here.

The mere existence of any vulnerability does not mean that it is a threat to your network. Both physical and logical penetration testing exploit discovered potential vulnerabilities to determine which vulnerabilities present in the organization's network can be exploited and the degree of control or exposure that the organization can expect after a successful exploitation.

Physical Penetration Testing

Finding out that the "smoker's door" is propped open is not enough. Knowing that the guy or gal replenishing the snack machine can walk right past the receptionist is not enough. What if that vendor wasn't really the "snack dude", but someone who wanted information about your business? What if someone "accidentally" came through the "smoker’s door?" What would they be able to see or get access to? How much of your information would be exposed? We determine the extent to which your non-public information and sensitive data could be compromised by someone with unescorted access in your business. Need more details? Click here.

Logical Penetration Testing

Finding out that there are 274 different vulnerabilities on your network is not enough. Which ones can actually be exploited? Of those that can be exploited, which ones allow an attacker to cause damage or expose information? Which ones should be fixed first? What are the options for mitigation if you can't fix it? We determine which vulnerabilities present could result in either network compromise or exposure of sensitive and non-public information. Need more details? Click here.