The Green Sheet Online Edition
January 1, 2016 • 16:01:02
Holistic approach to cybersecurity
Redhawk Network Security LLC,
a network engineering and information security firm established in 2001, designed a suite of onsite, remote and online services for businesses. Services include information security assessment, managed security services, security software-as-a-service, security consulting, network monitoring and management, network implementation, and network storage.
The company works closely with clients' IT staff to understand and identify organizational risks. Risks and controls are evaluated based on information security best practices defined in ISO/IEC 27001 and ISO/IEC 27002 specifications, along with guidance from the National Institute of Standards and Technology. Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) and related security standards is evaluated by the PCI Security Standards Council (PCI SSC). These standards provide the framework to ensure the safe handling of cardholder information.
All-inclusive assessments
Redhawk noted that its security analysts review all system assets within scope at client locations. Every aspect of a security program is evaluated, from network architecture, hardware and software configurations to policies and procedures. This hands-on approach employs software tools, manual analysis, interviews and personal observations to determine the program's overall effectiveness. A cloud portal provides detailed and easy to understand assessment reports along with tools for documenting remediation progress and managing vulnerabilities. Recommendations for remediation are provided for all vulnerabilities found.
After the review process, a comprehensive report provides documentation with recommendations to assure the client is following accepted industry best practices for maintaining information security. "Over the past few years we have seen progress in PCI compliance requirements, but we continue to see outdated assessment methods in numerous business sectors, including financial services, healthcare and government, that fail to provide merchants with a clear remediation path," said David Lindemann, Redhawk Vice President of Technology and Products. "Redhawk Network Security addresses this trend by providing our customers with next-generation security assessment services."
Next generation security assessment services
Beyond initial penetration testing and security assessment, maintaining a secure network requires ongoing due diligence and monitoring to mitigate vulnerabilities. Redhawk stated it offers a variety of services and products focused on security, including:
- Network Security Consulting and Audit: Information security consulting for administrative, technical and physical controls
- Information security management consulting: IT audit, penetration testing, social engineering, vulnerability assessment, and disaster recovery/business continuity planning
- Network Security Design: Consulting, design engineering, and installation services for network hardware
- Network redundancy and performance tuning: Troubleshooting and diagnostic services related to network topologies and performance issues
- Network Security Infrastructure design and support: Design, consulting and project coordination; configuration and installation, onsite and remote support services 24/7/365; troubleshooting network and system issues in support of client staff and end users
- Managed Security Services: Managed and monitored firewall and intrusion prevention services – to reduce the complexities of firewall operation while providing essential security and maintenance
- Vulnerability Management: Keep on top of evolving threats and gain visibility into network threats
- Web Application Security: Open Web Application Security Project vulnerability protection and PCI compliance
- Advanced Log Management: Effective log management is imperative for maintaining compliance; it is also a powerful tool for mitigating intrusions and security breaches
Threat Management: Intrusion detection and prevention delivered as a service
Acquirer-centric approach
Redhawk security assessors have Qualified Security Assessor and Certified Information Systems Security Professional certifications and maintain the company's portal tools in conformance with PCI SSC assessment controls and specific acquirer compliance requirements. "The two most critical components in performing any type of PCI assessment is an accurately scoped cardholder data environment and a clear understanding of the acquirer's compliance requirements," Lindemann said. "While we do approach PCI compliance from a focused perspective, we are always looking to improve the industry standard and provide feedback to agencies and ISOs," he added.
Website: www.redhawksecurity.com Contact: info@redhawksecurity.com
Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
