SECURITY ASSESSMENTS

THE FASTEST WAY TO EXPOSE SECURITY THREATS AND VULNERABILITIES

TAKING THE "SECRECY" OUT OF SECURITY

Until now you had to be an IT security expert in order to deliver even basic IT security services. All that changes with the Network Detective Security Assessment Module. This module may be purchased separately, or along with other IT assessment modules.

With the Security Assessment Module, all you need to do is run the Network Detective non-invasive data collector on your client’s or prospect’s domain server. Then, let Network Detective’s proprietary data analyzer crunch the network data and produce a baseline set of network security reports. Brand them as your own, and present them either as a stand-alone, one-time IT security assessment, or as part of a regularly-scheduled managed security service.

Your IT Security Assessment will consist of the following elements:

  • Security Risk Report. This executive-level report includes a proprietary Security Risk Score along with summary charts, graphs and an explanation of the risks found in the security scans.
  • Security Policy Assessment Report. A detailed review of the security policies that are in place on both a domain wide and local machine basis.
  • Share Permission Report by Computer. Comprehensive lists of all network “shares” by computer, detailing which users and groups have access to which devices and files, and what level of access they have.
  • Share Permission Report by User. Organizes permissions by user, showing all shared computers and files to which they have access.
  • Outbound Security Report. Highlights deviation from industry standards compared to outbound port and protocol accessibility, lists available wireless networks as part of a wireless security survey, and provides information on Internet content accessibility.
  • External Vulnerabilities Full Detail Report. A comprehensive output including security holes, warnings, and informational items that can help you make better network security decisions, plus a full NMap Scan which checks all 65,535 ports and reports which are open. This is an essential item for many standard security compliance reports.

Click on the Reports Tab for descriptions of each report and to download samples.

SUPPLEMENT YOUR SECURITY DELIVERABLES WITH NETWORK DETECTIVE INFORM™

Network Detective includes our powerful InForm™ auxiliary report engine. Working from a large library of pre-loaded Best Practice topics and questions, you can:

  • Create check lists to ensure your techs follow your standard IT security procedures
  • Create interview questions to remember to ask your client or prospect during Security Audits
  • Create a data survey of items to manually check or inspect to supplement your automated assessment
  • Add digital photos and images to further enhance the documentation value of your reports
  • Generate a professional IT Security SWOT analysis report from the information you gather during the assessment

Click here to view a quick demonstration of this important feature.

THE NEED FOR IT SECURITY ASSESSMENTS

There is a huge pent-up demand for IT security services that few service providers are taking advantage of primarily because, (a) their clients don’t know what they don’t know, and (b) the service providers don’t feel they have the skills on staff to deliver the service.

The Network Detective Security Assessment Module changes all that. It gives you the tools to both SHOW your clients why they need the service, and also to DELIVER the security service you sell.

Click on the Why Do It Tab for more details and to watch a video on this topic.

OUR REPORTS DELIVER BOTH SECURITY AND OPPORTUNITY!

By performing regular security health checks with Network Detective, you can help your clients protect their assets, guard against downtime, and help them sleep better at night. And every time you deliver the Security Assessment Module reports to your clients, you will be demonstrating your professionalism and in-depth knowledge of their systems, as well as uncovering potential new security projects.

Click on the Service-In-A-Box Tab for more details and to watch a video that shows you a few of the issues that each report can uncover, and how YOU could be turning similar issues into smart recommendations and actions for your clients.

AFFORDABLE FOR THEM. PROFITABLE FOR YOU!

The key to remember is that you don’t necessarily have to do a full security audit in order to ensure that your clients are safe and secure. A comprehensive audit is probably overkill for the vast majority of your clients, and would take you too much time and cost them too much money.

Since the Security Assessment Module is so affordable for you – and can be used for an unlimited number of assessments for a full year – you can easily deliver a “basic security service” that is affordable for your clients and profitable for you. Think about it like taking your car to a quick lube center to check the filters, belts, and fluid levels in your car – to catch little problems before they become big ones – the definition of a managed service.

Click on the Making Money Tab for more details and to watch a video that explains how to monetize the Security Assessment Module.

TRY IT NOW

With our 100% satisfaction guarantee, there's absolutely no risk to you. You have everything to win and nothing to lose. Go ahead and subscribe to the Security Assessment Module right now. Run the scan on your own network or on a few of your client sites. Generate the reports. You'll have a full 30 days to put the tool through its paces. If during that time you decide that this product is not for you, just tell us and we'll cancel your subscription and provide you with a 100% refund of your purchase price. Best of all, the more modules you buy at the same time, the less you pay!

OUR REPORTS SELL YOUR SERVICES!

Once you collect the baseline security data using our agentless scanning tool, the rest is a cakewalk. Just import the scan results into our proprietary risk analyzer, customize the reports with your own company name and branding elements, and run the reports. Subscribe to the Security Assessment Module and you’ll be able to produce an UNLIMITED number of the following reports, on an unlimited number of networks, for a full year.

MAKE OUR REPORTS YOUR REPORTS!

All Network Detective subscriptions include our Enhanced Branding Package, that gives you the ability to control the overall look-and-feel of the reports you generate. With the Enhanced Branding package, you can:

  • Personalize the reports with your company name and logo
  • Change the accent colors to match your own company standards
  • Select from a number of pre-designed report templates
  • Embellish your reports with photos and images from our pre-screened, royalty-free library

CHECK OUT THESE SAMPLE REPORTS TO SEE WHAT YOU GET IN THIS MODULE

Network Security Risk Review. This report includes a proprietary Security Risk Score and chart showing the relative health (on a scale of 1 to 10) of the network security, along with a summary of the number of computers with issues. This powerful lead generation and sales development tool also reports on outbound protocols, System Control protocols, User Access Controls, as well as an external vulnerabilities summary list.
Network Security Management Plan. This report will help prioritize issues based on the issue's risk score. A listing of all security related risks are provided along with recommended actions.
Network Security PowerPoint. Use our generated PowerPoint presentation as a basis for conducting a meeting presenting your findings from the Network Detective. General summary information along with the risk and issue score are presented along with specific issue recommendations and next steps.
External Vulnerabilities Scan Detail Report. A comprehensive output including security holes and warnings, informational items that can help make better network security decisions, plus a full NMap Scan which checks all 65,535 ports and reports which are open. This is an essential item for many standard security compliance reports.
External Vulnerability Scan Detail by Issue Report. A more compact version of the External Vulnerability Scan Detail report that is organized by issues. Devices that are affected are listed within an issue. This report is useful for technicians that are looking to resolve issues, rather than performing remediation on a particular system.
External Network Vulnerabilities Summary Report. This report provides a priority ordered listing of issues by CVSS that allows technicians to prioritize the issues they are working on. It provides an extremely compact view of all issues allow a quick survey of the various issues that were detected in an environment.
Outbound Security Report. Highlights deviation from industry standards compared to outbound port and protocol accessibility, lists available wireless networks as part of a wireless security survey, and provides information on Internet content accessibility.
Security Policy Assessment Report. A detailed overview of the security policies which are in place on both a domain wide and local machine basis.
Share Permission Report by Computer. Comprehensive lists of all network “shares” by computer, detailing which users and groups have access to which devices and files, and what level of access they have.
Share Permission Report by User. Organizes permissions by user, showing all shared computers and files to which they have access.
User Behavior Analysis Report. Shows all logins, successful and failure, by user. Report allows you to find service accounts which are not properly configured (and thus failing to login) as well as users who may be attempting (and possibly succeeding) in accessing resources (computers) which they should not be.
Login History by Computer Report. Same data as User Behavior but inverted to show you by computer. Quite useful, in particular, for looking at a commonly accessed machines (file server, domain controller, etc.) – or a particularly sensitive machine for failed login attempts. An example would be CEO’s laptop – or the accounting computer where you want to be extra diligent in checking for users trying to get in.
Login Failures by Computer Report. Report identifies users who have succeeded in logging in to another machine. Great for auditing/logging purposes to know of all attempts.
Cyber Liability and Data Breach Report. Identifies specific and detailed instances of personal identifiable information (PII) and cardholder data throughout a computer network that could be the target of hackers and malicious insiders. It also calculates the potential monetary liability and exposure based upon industry published research.

SUPPLEMENT THESE REPORTS WITH INFORM™

Network Detective includes our powerful InForm Auxiliary Report Engine. Working from a large library of pre-loaded Best Practice topics and questions, you can:

  • Create check lists to ensure your techs follow your IT security procedures.
  • Create interview questions to remember to ask your client or prospect during an IT Security Audit.
  • Create a data survey of items to manually check or inspect to supplement your automated assessment.
  • Generate a professional IT Security SWOT analysis report from the information you gather during the assessment.

Click here to view a quick demonstration of this important feature.


THE NEED FOR IT SECURITY ASSESSMENTS

There is a huge pent-up demand for IT security services that few service providers are taking advantage of because, (a) their clients don’t know what they don’t know, and (b) the service providers don’t feel they have the skills on staff to deliver the service.

The Network Detective Security Assessment Module changes all that. It gives you the tools to both SHOW your clients why they need the service, and also to DELIVER the security service you sell.

YOUR CLIENTS' NETWORKS ARE CONSTANTLY AT RISK

There are too many ways that a network can be compromised to leave it to chance that nothing wrong is going on "behind the scenes". Key issues:

  • Email-based viruses getting through unprotected mailboxes
  • Worms, viruses and malware infiltrating outbound port/protocol access, backdoors, and "command and control"
  • Trojan applications and phishing schemes

In addition to the potential damage to networks and data, there are other critical business reasons to be tracking and documenting key network security attributes::

  • Employee productivity – wasted by accessing Facebook, ESPN, shopping, porn sites
  • Bandwidth abuse that can be slowing down critical business applications
  • Downloading of pirated software
  • Loss of proprietary business data and information from the inside

INSTALLED SECURITY PRODUCTS ARE NOT ENOUGH

There are a number of very effective tools and techniques that can help you address many of the common threats and problems, including firewalls, virus production tools, Internet Content filtering, and more. However, if any of these tools were 100% effective, there would be no security breaches and we know we’re far away from that. As soon as a known threat is addressed by these tools, a new one emerges. There’s not a product out there in the world today that can create security policies for your clients and enforce that those policies are adhered to.

And if you’re the one who is responsible for specifying, installing, and/or managing these tools, you absolutely need to make sure that they’re working on a regular basis. Even if the hardware and software are performing perfectly month after month, there’s no guarantee that they’ll be working tomorrow.

That’s why your clients need a monthly security check-up.

OUR REPORTS DELIVER BOTH SECURITY AND OPPORTUNITY!

By performing regular security health checks with Network Detective, you can help your clients protect their assets, guard against downtime, and help them sleep better at night. And every time you deliver the Security Assessment Module reports to your clients, you will be demonstrating your professionalism, in-depth knowledge of their systems, and uncovering potential new security projects.

WHAT YOU’LL DISCOVER WITH THE SECURITY ASSESSMENT

IT Security SWOT Report. Running a security assessment once and addressing the first set of issues you uncover is just the first step. You can use Network Detective InForm™ to tag your findings as Internal IT “strengths” and “weaknesses” or as external IT “opportunities” and “threats." Then, with a click of the mouse, you can generate an ultra-impressive and well-organized IT Security SWOT report to give your clients.

Recurring Service Means Recurring Revenue. Remember that your client networks are always changing, and what was secure yesterday might be exploitable or have vulnerabilities today. That’s why you should convince your clients that they need a “regular IT security check-up” performed by you, the trusted technology advisor. Explain to them that:

  • An improperly secured network will spread worms, viruses, and spyware – which can lead to downtime, repairs, and even a breach of data – all of which can be extremely costly.
  • New machines and devices might be added to a network without their knowledge – sometimes even brought in from home. Since these devices, generally, do not share the same corporate security settings and tools, they pose a very real security risk.
  • Users should have their access rights regularly verified and documented to reduce the risk of unauthorized access. Additionally, when a new user joins the company, or an existing user changes roles, there should be a verification process to ensure that the proper permissions are set.
  • Active Directory can be complex. A seemingly innocuous change to Group Policy can have very subtle inheritance – giving users access to network shares and data that they should not have. Do the sales people really need access to the company payroll? Solid documentation is necessary to show who had access to what at any given point in time.
  • Depending on the nature of your clients’ organization, many certifications require scheduled vulnerability scans and user audits to maintain network certification.

For all these, and many more reasons, your clients deserve the protection that you can quickly offer with the Network Detective Security Assessment Module.


AFFORDABLE FOR THEM… PROFITABLE FOR YOU!

The key to remember is that you don’t necessarily have to do a full security audit in order to ensure that your clients are safe and secure. A comprehensive audit is probably overkill for the vast majority of your clients, and would take you too much time and cost them too much money.

Since the Security Assessment Module is so affordable for you – and can be used for an unlimited number of assessments for a full year – you can easily deliver a “basic security service” that is affordable for your clients and profitable for you. Think about it like taking your car to a quick lube center to check the filters, belts, and fluid levels in your car – to catch little problems before they become big ones – the definition of a managed service.

HOW TO SCOPE YOUR MANAGED SECURITY SERVICE

  • A monthly Security Health check-up report. This consists of a spot check of PCs in the environment that you will select at random each month. For each computer tested, the report uncovers Outbound Egress Monitoring for protocols that should be blocked, System Controls, and outbound user access to a list of web sites and content that should be blocked, such as pornographic sites, shareware sites, social media sites, etc. And while there is a default set of sites that are checked by the data collector and scanner, you can add additional sites to this list. Running monthly or quarterly checks allows you to immediately see any changes to the Security Assessment Score.
  • There are two Share Permission Reports. These documents reveal which employees and groups have access to what files and assets. Since many data breaches occur from inside the network, this access must be constantly reviewed.
  • And there is the Detailed Vulnerability Scan and report detail. The comprehensive output includes security holes and warnings, informational items that can help make better network security decisions, plus a full NMap Scan which checks all 65,535 ports and reports which are open. This alone is an extremely valuable report!

HOW AND WHEN TO DO YOUR SECURITY ASSESSMENTS

As with all other Network Detective IT assessments, for the security assessment, you’ll start with our non-invasive data collector and run it on the client’s domain controller to collect the network and Active Directory information. You’ll then want to run it on several individual systems to gather the egress and system information from multiple, random machines that differ each time. Next, bring the data files back to your workstation to import and create the reports. It’s as simple as that.

Like any managed service, the key is to provide regular check-ups - whether that’s monthly or quarterly -- and to provide feedback and reports to your clients to show them the value of your service. There are many ways that you can perform the scans on a regular basis, and of course you will want to leverage existing business or use automation to keep your costs as low as possible. You can run these in the course of a standard scheduled visit, or during a drive-by drop-in, or other scheduled visit.

Of course, you can also initiate the scans and collect the data remotely since there is no reason to actually be onsite. You can script the scans with any of the normal RMM tools, or setup a scheduled task and gather the data when you are ready to run the report. This feature makes the service even more affordable to deliver. But, if you decide you need to include a site visit and do the collection locally, make sure to factor that into your costs and charges.


TEST DRIVE SECURITY ASSESSMENT MODULE FOR 30 DAYS, RISK-FREE

All of our products come with an unconditional 30-Day 100% money-back guarantee. Subscribe to the Security Assessment Module – even if you already subscribe to a different module -- and use it for a full month. If you aren’t thrilled and delighted by the branded reports you can create, just let us know and we’ll refund every penny.