Even More Creative Than Your Security Threats
Even More Creative than Your IT Security Threats - Full Alasdair Website Coming Soon Incident Response-Security Assessment-Code Review-Fully Staffed-Penetration Testing
Even More Creative than Your IT Security Threats - Full Alasdair Website Coming Soon Incident Response-Security Assessment-Code Review-Fully Staffed-Penetration Testing
Even More Creative than Your IT Security Threats - Full Alasdair Website Coming Soon Incident Response-Security Assessment-Code Review-Fully Staffed-Penetration Testing
Give us all your money or your data gets it

Ransomware

A security vulnerability lets an attacker access your systems. They encrypt every piece of data on your server, which renders it unreadable and useless, until you pay the ransom.

No backups? They got your backups too? Whether it’s a few hundred dollars, or tens of thousands of dollars, you pretty much have to pay the ransom. Maybe the attacker found your most precious intellectual property, and they’re threatening to release it. You have to pay the ransom.

Chances are, only the criminals can get your data back. This is not a fun pill to swallow. Alasdair is here to protect you from ransomware, so you never have to.

Good employees can be tricked into compromising your business

Social Engineering

You can be tricked into compromising your security. Your IT people can be tricked. Your non-technical employees… you bet they can be tricked. Social engineering tactics take advantage of intelligent, savvy people every day. It can ruin a business. Alasdair gets to know the ins and outs of your IT security:

  • Where the critical systems and data are
  • Who has access, and to what degree
  • Business practices and routines that leave you open for attack

When we find your organizational vulnerabilities, we'll recommend a technical change to critical systems, or training for your employees (and executives!), or more likely a mix of both.

Bad code can open up your organization to disaster

Code Vulnerability

It’s a matter of where, not if.

Famous and catastrophic security breaches can be caused by a single errant character in a single line of code. Ever hear of Cloudbleed? One single instance of “==” instead of a “>=” triggered Cloudflare to spill private data all over the Internet. Worse yet, the errant symbol wasn’t even typed by humans – it was machine-generated code.

Almost everyone’s sitting on a vulnerability like this. Even the space shuttle’s software had bugs. It’s just a matter of how serious the problem will be, or how easily an attacker can exploit it.

Alasdair has seen a lot of these simple mistakes. We know where to look, and we know how to test for them. Have us take a look under the hood.

Your Company’s Information Security is Not a Checklist

Alasdair Is Here to Fortify Your Business, Not to Sell Some Software Package

Here’s a checklist:

 CEOs love us
 IT admins love us
 Even the CFOs love us (if they’ve already been hacked and have seen the financial damage)

How often do all three agree on something?

Security Assessments Should Be Even More Creative than the Hacks

Plenty of businesses are compromised by the shotgun-effect of malicious scripts running on compromised machines on the other side of the world.

For everyone else, we have creative criminals. If your IT hardware is more than an hour old, someone has compromised that exact machine countless times. These people constantly poke at similar systems and share their successes online – they are going to know your flaws better than your IT people.

Alasdair approaches vulnerabilities with a lot of the same processes and knowledge. We’re full-time because they’re full time.

When We Run Penetration Testing, Cookie Cutter Doesn’t Cut It

A lot of people call themselves pentesters. They’ll run some kind of scanning software, or a couple of scripts, and print out a stack of boilerplate text and charts that have nothing to do with your business and its vulnerabilities. IT consulting is full of cookie-cutter reports intended to sell you something.

We dig in and come to understand your business. That way we can tell the difference between ugly, life-threatening vulnerabilities, and potential sources of moderate annoyance. Your mission-critical servers, your intellectual property, and your treasured client data are treated with the attention and respect they deserve.

More About: Application Code Review

//Looks good, but it can overrun my_buffer
char temp[64];
strncpy(temp, my_buffer, 64);
printf("Temp contains: %s", temp);

This simple mistake causes a subtle but potentially catastrophic error. By writing exactly 64 characters into a 64-character string, it leaves no room for a null character! So printf will keep printing past the string and into memory (at least until it finds a zero!). You could either limit strncpy to 63 characters or make temp 65 characters to remediate this particular issue. As always, pre-wiping the destination buffer by using memset to zero it out can also help reduce errors, but keep an eye out for subtle buffer overflows like this!

Breaking Your Security So Criminals Don’t Have To

Alasdair actually figures out how to break into your IT, and we almost always succeed. Then we show your administrators how to guard against these attacks.

Maybe we break in from a PC anywhere on the internet, or slip a USB drive into your front desk computer. We might try tricking an employee into divulging sensitive info, or sit in your parking lot with a laptop and break in through your Wi-Fi. Maybe your networked printer is letting anyone waltz in and access your servers!

We keep an open mind because criminals are quite creative.

More About: Penetration Testing

Assess and Reduce your HIPAA Security Risk

Alasdair Security helps you with cost-effective preparation for HIPAA compliance audits.

You might think the Protected Health Information (PHI) you're storing is locked up tight, but a moderately determined hacker might be able to break in - and get your company in a lot of trouble. Computer systems can even wrongfully disclose PHI due to programming errors without any malicious intent - and get your company in a lot of trouble.

More About: HIPAA Risk Assessments

We're Security Consultants, Not a Law Firm!

To make it clear, we don't preform HIPAA compliance audits - we fix your IT security to help you pass your HIPAA audit. Only a lawyer can tell you if you're HIPAA compliant.

Adaptive and Proscriptive/Regulatory Security Frameworks

Adaptive: When your IT infrastructure and business needs are constantly changing, your security framework has to adapt to a wide range of situations. A simple, inflexible security framework will slow you down and encourage your people to break it. Flexibility and adaptation are the only ways to stay protected in the long run.

Proscriptive/Regulatory: When regulatory compliance is the driving force behind your IT security, it has to inform the basis of your security framework. 

Incident Planning – Avoid the Meltdown

Beyond making attacks less likely, we make attacks less costly. We’ll put together an incident response framework based on your business – not on a business-sort-of-like-yours. We’ll give you the toolset to minimize damage and get back on your feet sooner.

Incident Response – Minimize Damage

Once an incident has happened, organizations typically are interested in bolstering their incident response plans to address future issues. Testing those response plans is also key, and we can assist with those needs.

More About: Incident Response and Planning

We Partner with You However it Suits You

Alasdair loves partnering with our clients.

Contact Alasdair Security today to partner with smarter security consultants.