Sakura Sky has introduced a new range of security, penetration, and compliance testing services including vulnerability, configuration, and compliance scanning. Featuring high-speed discovery, configuration auditing, asset profiling, malware detection, sensitive data discovery, and vulnerability analysis.
With a strong focus on cloud services and web applications, our consultant team will provide a written report with actionable items for implementation.
Discovery
- Accurate, high-speed asset discovery
- Un-credentialed vulnerability discovery
- Credentialed scanning for system misconfigurations & missing patches
Broad Asset Coverage and Profiling
- Network devices: Firewalls/Routers/Switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
- Offline configuration auditing of network devices
- Virtualization: VMware ESX, ESXi, vSphere, vCenter
- Operating Systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries
- Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL
- Web applications: Web servers, web services, OWASP vulnerabilities
- Cloud: Deployed as AWS AMI
Control Systems Auditing
SCADA systems, embedded devices and ICS applications
Sensitive Content Auditing
PII (e.g. credit card numbers, SSNs)
Automatic Scan Analysis
Remediation action priority and scan tuning recommendations.
Threats: Botnet/Malicious Process/Anti-virus Auditing
Detect Viruses, malware, backdoors, hosts communicating with Botnet-Infected systems, known/unknown processes, web services linking to malicious content.
Compliance Auditing
- FFIEC
- FISMA
- CyberScope
- GLBA
- HIPAA/ HITECH
- NERC
- PCI (not certified)
- SCAP
- SOX
Configuration Auditing
- CERT
- CIS
- COBIT/ITIL
- DISA STIGs
- FDCC
- ISO
- NIST
- NSA
