Net@Work
Corporate Capabilities Overview
Top Technology Integrator in North America
Fastest Growing Businesses in the Nation
Founded: 1996Offices: US & Canada Employees:200+Clients: 4,500+
Our Business
3
ERP / CRM / HR Applications
Client Care
Helpdesk
Business Analysts &
Consultants
InfrastructureSupport
EnterpriseContent
Management
System Integration & Development
eCommerce &Web Services
Client
Net@Work Specialists Improve Business Productivity Through Technology Solutions
Products &
Services
Data
Center
Architecture
Server & Client
Virtualization
Cloud computing
& Business Continuity
Wireless
& Mobile Workforce
Managed
Services
Service Level Monitoring &
SupportHelpdesk Security
Printer &
Copier
Management
Infrastructure Division Solutions
4
ITRoadmap
Program & Project Management
Strategic Planning
Microsoft Gold Partner
Dell Premier Partner
VMware Enterprise Partner
Citrix Gold Partner
Cisco Premier Partner
Symantec Enterprise Partner
NetApp Partner
HP Partner
And More…5
Key Vendor Partnerships
Trusted Advisor
Cloud Computing
Project & Program Management
IT Strategy and Roadmap
Virtual CIO
IT Operational Effectiveness
Vendor Management
Infrastructure Assessments
Business Process Reviews
Business Continuity Audits
Security Audits
Software and Technology Selection
Gap Analysis of Business Practices
We Help You Navigate Through Technology by Providing Strategic, Product Agnostic IT Consulting and Services
6
7
Project Implementation Process
Assess
Gap Analysis
Plan &
Design
Pilot
ImplementInventory Systems
&Business Drivers
Define What is Needed to
Transform and Implement
Changes
DELIVER Options Including ROI & Cost Benefits
Deploy a Pilot / “POC”
to Minimize Risk
Our Phased Approach Ensures Success
Production Deployment
Ensures Application Availability 24x7x365
Reduces Technology Complexities
Addresses Ongoing Strategic Technology
Challenges & Business Planning
Supports Demanding End-users, Multiple Devices
& Locations
Provides Constant Administration, Patches &
Security Updates
Maintains ‘Living’ Documentation & Compliance8
Managed ServicesWhy?
Our Managed Services Program
Typical IT Support
•Re-Active
•Call Support Company When You Need Them
•Unpredictable
•High Risk of Downtime
Managed Services
•Pro-Active
•Scheduled Maintenance
•Fixed Cost
•Paid Monthly
•Unlimited Helpdesk
• In-Depth Monitoring
9
Typical IT Support or Our Managed Services
How Managed Services is Accomplished
Determine if and where technology gaps exist in environment & provide specific and detailed recommendations
-2-Stabilize &
Standardize
-3-Manage
-4-Remediation
- 5 -Scheduled
Reviews
Ensure architecture and products are standardized and supportable so business applications can run optimally
Provide proactive maintenance and support to ensure minimize interruptions; adhere to best practices and SLA’s
When technology interruptions or outages occur, provide remediation to resolve issues
Periodic reviews to discuss previous events, upcoming maintenance activities, future business initiatives, new technology, etc
-1-Assess
Review & RecommendImprovements:
Implement Recommendations:
Monitor and Manage:
Return to Normal Operating Conditions:
System Reviews:
Monitoring
If Critical Thresholds are Exceeded
Operating System Services - email / SQL running
Server & Workstation Performance & Monitoring -RAM, Disk, CPU etc.
Network Device Up/Down
Task Completion Notification - Backups, AV -Daily, Weekly, Monthly
Incident Tracking
Automated Monthly Performance Reports
Periodic Technology Reviews and Recommendations & discuss client business plans
What We Are Watching and Reporting for You
Managing
Network Equipment - Ongoing Support
Unlimited Remote Engineering Support
Administrating Active Directory Tasks
Administrating Exchange
Patching & Updating Server O/S
Escalating to 3rd Party Vendors/ISPs
Ensuring Anti-Virus is updated and active on Servers
Creating & Maintaining IT Asset Info
Reviewing System Logs
What We are Managing for You
Help Desk
Workstation troubleshooting, triage & re-imaging
Password resets
Support for Windows based applications - Office & Outlook
Anti-Virus support
Connectivity support
Mobile device support
Printer troubleshooting
Ability to Use of remote control to resolve issues
Limited support for custom applications
How We Are Supporting Your Users
Monitoring Platform
Proven Experience
Track Record of Success
IT From a Business Perspective
Ample Staff with Deep Technical Skills
We Design Highly Flexible, Scalable and Resilient Technology Platforms; Allowing You to Compete in your Industry
Strategic Differentiators
15
16
Net@Work Client Names
Healthcare Montefiore Medical Center Mount Sinai Hospital Cornell Medical Center NYP eClinicalWorks Equinox Fitness Clubs NY Blood Center Commercial Deloitte & Touche Cushman & Wakefield, Inc. Thomson Reuters Anchin Block & Anchin Daewoo International Corp Euro RSCG Worldwide The Deal.com Van Cleef & Arpels New Yorker Hotel
Management
Financial Morgan Stanley SAC Capital Advisors China Construction Bank The Royal Bank of Scotland Israel Bonds York Capital Churchill Financial Management MBTA Retirement Fund
Public Sector Metropolitan College of New York School of Visual Arts The Juilliard School NYC Comptrollers Office Office of the Chief Medical
Examiner UJA Federation
Net@Work Client Logos
17
Thank You
We look forward to partnering with you!
Table of Contents
19
1) Why perform an IT security risk assessment ?
2) What is included in an IT security Assessment ?
3) What is Net@Work’s methodology & strategy
4) What types of threats are tested ?
5) What approaches for external vs. internal apps?
6) Net@Work sample audits
7) Recommended ongoing services
Why perform a security risk assessment ?
20
As a valued asset, information must be managed and
protected from internal and external threats.
In its simplest form, we identify and evaluate potential
threats, resulting in a ranking of risks and develop
strategies to mitigate those risks.
Our assessments propose a range of security controls
focused on safeguarding information assets.
What is included in a security risk assessment ?
Technology Review of existing Security Policies
Internal and External Network Vulnerability Assessment
Third-Party/Vendor Security Analysis
Mobile / Remote Connections
Security Countermeasure
System O.S. and Service Classification
Administration Privileges & Compliance Verification
Reporting Executive/Board Level Summary Risk Categorization - HIGH, MEDIUM, LOW
Technical Reports
Core Engineering Team Review of results
Onsite Consultation and Remediation Strategy
Planning & Implementation for corrective measurements
2
1
Net@Work’s methodology
•Net@Work performs a comprehensive vulnerability scan for all systems and applications
•Net@Work analyzes and categorizes vulnerabilities discovered
•Net@Work will re-evaluate the levels of risk presented by each vulnerabilities and
provide a fully detailed report which will include the following sections:
1) Synopsis and risk categorization HIGH, MEDIUM, LOW
2) Description of vulnerability
3) Risk factors
4) Corrective measures
5) Potential impact of counteractive actions
6) Recommendations to improve configurations and architectures reviewed
Net@Work’s Strategy
Scan
Evaluate
Categorize
Exploit
Report
ImplementScan all systems
Vulnerability Assessment Report
Categorize vulnerabilities
In Written Report
Define pen test scope with client to further
refine vulnerability categories & Perform scan
Review Pen Test
Report data
with client staff
Corrective
Measures
Kick-off Meeting / Project Initiation
What are the different approaches for External facing apps vs. internal apps?
Internal Systems1) On site interviews to further clarify security concerns and training
requirements
2) Perform vulnerability scans with administrative privileges (non-intrusive)
3) Document vulnerability scan results
4) Categorize vulnerabilities
5) Review data with client staff
6) Perform penetration testing (non-intrusive)
7) Document pen test scan results
8) Categorize vulnerabilities and security gaps
9) Review data with your staff
10) Discuss and prioritize remediation of vulnerabilities and security gaps
External Systems1) On site interviews to further clarify security concerns and training
requirements
2) Perform TCP/UDP port scan (non-intrusive)
3) Document services and open ports from scan
4) Categorize vulnerabilities for open ports
5) Review data with client staff
6) Perform penetration testing (non-intrusive)
7) Document pen test results
8) Categorize vulnerabilities and security gaps
9) Review data with your staff
10) Discuss and prioritize remediation of vulnerabilities and security gaps
Net@Work sample audits are attached below
What about ongoing services ?
26
Net@Work recommends period assessments to ensure ongoing security.
This should be performed annually at a minimum, but quarterly is recommended.
Additionally, for clients with external facing web sites, we recommend solutions similar to
RSA FraudAction.
FraudAction is a service geared toward stopping and preventing phishing, pharming
and Trojan attacks that occur in the online channel. Offered as an outsourced, managed
service, RSA FraudAction enables organizations to minimize resource investment while
deploying a solution quickly.
FraudAction offers complete fraud protection against phishing, pharming and Trojan
attacks - including 24x7 monitoring and detection, real-time alerts and reporting, forensics
and countermeasures, and site blocking and shutdown. Today, more than 300 organizations
have selected FraudAction to protect their customers against the latest online threats.
For more information please see http://www.rsa.com/node.aspx?id=3020