Through carefully designed probes and diagnostic tests, including Cadre’s own proprietary testing methodology, Cadre engineers can identify and quantify your exposure to potential information security risks – and find solutions to overcome them. 

Cadre will provide a detailed report of the findings including interpretation and recommendations from our experts that are both customized to your unique situation and flexible enough to meet your needs.

• Security Architecture Review
  In this review we complete a comprehensive analysis of the infrastructure, data handling requirements, administrative processes and business requirements across the enterprise to generate a gap analysis of confidentiality, availability and integrity issues. Cadre also profiles the technical security controls in your infrastructure to produce recommendations for the most effective use of enterprise security resources appropriate to your needs.
• Security Policies, Procedures and Practices Review
  Here Cadre produces a gap analysis of your security policies and procedures against an appropriate matrix of required and recommended practices. Through the use of observation and interviews, Cadre validates the level of compliance for policies and procedures in place in your environment.
• Network Vulnerability Assessment
  Cadre identifies and assesses the exposed hosts, services and applications hosted within your organization’s available infrastructure. The targeted network infrastructure is extensively probed determining the existence of all responding devices and their associated services and vulnerabilities. Security risk analysis is then performed against these findings, creating a customized security profile of the available infrastructure.
• Penetration Testing
  This is a manual network enumeration phase where target hosts are identified and analyzed and the behavior of security devices such as screening routers and firewalls are analyzed. This test includes the active exploitation of vulnerabilities, services, configurations, and applications contained within a specific infrastructure available to remote or local users and network resources. This type of testing involves comprehensive analysis of information available about the targets based on the results of a network vulnerability assessment. The information from the behavior and responses of the targeted infrastructure are then utilized to attack and compromise the targets. All the testing results are compiled, creating a documented security risk profile for the targeted infrastructure.
• Wireless Network Infrastructure Assessment
  Cadre utilizes a methodology for wireless testing that provides a comprehensive view of your site’s wireless security. Testing is typically performed from a number of access points, representing each logical and physical network segment. Testing is performed inside and adjacent to the structures housing the AP work areas, and the wireless infrastructure architecture’s overall security effectiveness is reviewed.
• Server Configuration Assessment
  This assessment provides a more complete view of your servers’ security posture. Analysis of permissions, file structure, access control lists, rule-sets, and target profile allow Cadre to recommend the most appropriate approach for hardening the relevant servers.
• Firewall Configuration Assessment
  Cadre provides a comprehensive analysis of your firewall infrastructure, data handling requirements, firewall administrative processes and business requirements across your enterprise to generate a gap analysis of confidentiality, availability and integrity issues. Cadre also profiles the firewall security controls in your infrastructure to produce recommendations for the most effective use of your enterprise firewall resources appropriate to your business needs. Analysis of security policy rule structure, network and host definitions, network address translation rule structure, IPS/IDS feature configuration, UTM feature configuration, VPN configuration, and administrative access controls allow Cadre to recommend the most appropriate approach for securing your network environment effectively with your firewalls.
• Application Security Testing
  This is the targeted examination of your web application environment to determine security weaknesses and flaws. This testing focuses on locating faults in authentication, session management, input manipulation, output examination, and information leakage. Application coding practices are assessed using the Open Web Application Security Project (OWASP) framework and industry best practices. These results are then organized by level of importance and remediation recommendations are provided for you.
• Authorized PCI DSS Security Assessments
  This service provides validation of compliance to the PCI Data Security Standard (DSS) for a cardholder environment, as defined by the PCI Security Standards Council.  Cadre achieves this by working with your staff to verify that the cardholder environment aligns with the requirements of the DSS. The key components of the validation assessment will be to evaluate the current scope of the environment, the current network architecture, the current payment application(s) and the associated policies and procedures that control the Client’s cardholder environment. Using Cadre’s methodology, we will review the existing cardholder environment and determine if the current environment provides the best framework for the Client to reach PCI DSS compliance based upon the current PCI Security Standards Council’s Security Audit Procedures.
• PCI Self Assessment Questionnaire AssistanceThis is a service designed to assist customers with understanding the PCI Security Standards Council’s DSS and assisting them in completing the PCI Self-Assessment Questionnaire and Attestation of Compliance.  The assessment provides the Client with reasonable assurance that their processes, procedures, hardware, and software comply with PCI DSS requirements, or in the event of non-compliance, identify those areas and the manner in which they are non-compliant and allowing the client to perform the appropriate remediation.