We offer assessments and advisory services to clients from all industries.
View AllOur managed detection and response (MDR) service built on a platform that helps quickly identify and eliminate security threats.
Learn MoreDetect and Defeat security threats in record time with our expert team.
Learn MoreComprehensive security assessments and advisory of your cloud deployments.
Learn moreComprehensive initial assessments and ongoing monitoring of your third party business partners.
Learn moreBehavior-based detection with over 250 unique process behaviors to keep your business safe.
Learn MoreAn intelligence feed to tag and funnel internet traffic into manageable patterns.
Learn MoreWe integrate with over 100 of the most common and powerful tools to ensure threats are identified and eliminated.
Learn MoreThe foundation for our services: a team dedicated to Research, Intelligence, and Offensive Tactics.
Learn MoreUsing a tailored approach to security assessments, testing, and training, our team of Certified Information Systems Security Professionals (CISSP) helps organizations understand how to secure their critical systems. Whether you’re a Fortune 500 company, a small local business, or anything in between—BTB will help take your information security to the next level.
In the context of information security, a governance assessment helps determine if your company’s investments and goals are aligned with the overall goals of the company.
Our assessment takes into consideration more than just the function of information technology within your organization. We take a holistic approach to understanding other influences as well.
Some of the other contributing factors we review include:
We take a look at what’s working (and what’s not) to advise on the best approach to improving your security posture while also maintaining any required compliance.
We work with clients to establish a baseline scoring mechanism (or an alternative metric) that will allow you to demonstrate year-over-year improvements to your leadership team.
Your organization has likely invested a lot of money in intrusion detection and prevention systems (things like firewalls, antivirus software, or anti-spam/spyware) and training your team to use these tools effectively. Penetration testing is the best way to evaluate if these investments are effectively working together to protect your internal systems.
In essence, we attempt to “hack” your systems and data by exploiting vulnerabilities to assess the security posture of your organization. Our team understands the architecture used in all sizes of organizations, so we engineer an attack plan based on your unique environment. We perform a logical, physical, and social analysis of the environment to identify security vulnerabilities.
We use tactics such as:
Our technical testing methods range from simple password guessing to complex buffer overflows or SQL injection. Social engineering and physical testing methods may include designing phishing emails and sites, calling help desk personnel, and piggy backing into an entryway. We not only leverage existing tools and techniques, we also develop many of the tools and techniques used to exploit vulnerabilities in your environment.
We want to help you understand how an attacker might target your information resources, employees, and facilities as well as how to defend your organization from these attacks.
Do you have questions about penetration testing? Download our Penetration Testing overview for more information.
This type of assessment helps you identify potential threats to your business by extensively reviewing your existing information technology environment.
We are nothing if not thorough. We provide you with a comprehensive list of actionable security concerns to address, along with expert recommendations as to how you should fortify your security.
We consider all major aspects of your current IT infrastructure, including:
As we conduct your vulnerability assessment, we gain an understanding of your business, how technology supports it, and how to effectively secure it. We are not simply looking for weaknesses—we are also identifying strengths in your security program. We want to help you leverage those strengths to mitigate any uncovered weaknesses and improve your overall security posture.
Want to learn more? Download our Vulnerability Assessment overview.
This assessment is designed to ensure that your application is properly designed and deployed to provide the intended business logic, security controls, and protection of data that it presents.
We work to uncover any and all vulnerabilities present in your application and its environment. Our expert team reviews your application and works alongside you to identify and eliminate security risks within your application.
We start by conducting interviews with key personnel and business owners, then we take steps to assess:
Download our Web & Mobile Assessment overview for more information about this service.
This assessment is essentially the same as an application security assessment, but it is specifically targeted at mobile applications.
As with our other security assessment services, we are very thorough. With BTB, you can be sure that the security of your mobile application will be rigorously tested (without breaking the bank).
Our assessment includes:
Our team works to identify strengths and weaknesses in all aspects of your mobile application—from business logic to user experience—and then we provide you with an actionable list of security findings and recommendations for mitigation.
Check out our Web & Mobile Assessment overview for more information.
The concept of Bring Your Own Device (BYOD) has gained traction in recent years because of its inherent productivity, convenience, and cost benefits for many organizations. While it’s an appealing option for many businesses, the BYOD philosophy has a much higher risk of information security and privacy concerns with employees using their personal devices for sensitive data. This assessment helps to identify to what extent BYOD within your organization may be putting your data at unnecessary risk.
We want to enable you to enjoy the positive benefits of using BYOD while mitigating the associated negative implications on the information security of your organization.
During our assessment, we cover:
Our experienced team helps you quickly assess your in place controls, define your strategy, and integrate technology and processes for your organization.
Your firewall is still one of your most important tools for protecting your network. It is your first line of defense against attacks, so it needs to be appropriately installed, maintained, and regularly assessed by a professional since temporary rules, acquired devices, or improper administration can lead to an inadequate rule base. Assessing your firewall helps identify security vulnerabilities so you can take action to fix them.
One of our certified information security experts reviews your firewall and makes recommendations for improvement. We’ve tailored this service to address these typical concerns:
After the assessment is complete, we provide you with a detailed analysis to help reduce risks and increase security between defined zones.
It provides you with an expert view of the function, technical configuration, architecture, patching, monitoring, and administration of the DataBase Management Systems (DBMS) that run your organization. This type of assessment can be conducted on MSSQL, Oracle, DB2, Notes/Domino, MySQL, or any other database systems.
Our certified professionals will help you ensure that your key data is protected as part of your security strategy.
Our assessment includes:
We will efficiently identify the strengths and weaknesses in all aspects of your database architecture, from policy to implementation and provide you with an actionable list of security findings and recommendations for mitigation.
As the name implies, a physical security assessment takes a look at what measures are being taken to keep your employees, critical areas, equipment, and information safe. While technical controls can be implemented to restrict logical access to an information resource, physical controls are just as important to prevent theft or destruction.
We attempt to infiltrate your facilities using common tactics that actual intruders might use. We evaluate how an attacker might bypass any current security equipment to gain access to your equipment or data, assessing things such as:
We evaluate the controls in place, identify gaps and areas of improvement, and establish a remediation plan to improve your organization's physical security strategy.
Risk assessments (or IT risk assessments) help identify the security threats that pose the greatest risk for an organization.
We help you create a baseline for your IT risk management program so you can track improvement over time. The process is tailored to evaluate your environment against security best practices (e.g., ISO 2700x) as well as specific regulatory requirements (e.g., GLBA, HIPAA, FISMA, SOX). We complete the assessment through:
A risk assessment will provide a better understanding of the risks posed to information systems, so we can provide actionable recommendations for applying appropriate security controls.
A virtualization assessment tests the security posture of virtualized infrastructures.
We take a look at physical and logical architecture, as well as hypervisor security and administration. Our team completes a thorough review of security policies, administrative practices, and operational procedures, including:
We want to help you improve security of virtualized environments without losing the positive benefits of using the technology.
A cloud readiness assessment determines to what extent your organization could safely and securely transition to a cloud-based environment without undue risk to your data.
We will perform a comprehensive review of your cloud goals, operations, and technology and highlight the risks and appropriate mitigation techniques to support the secure use of a cloud environment. Our thorough investigation includes:
We want to give you the guidance you need to safely function in your current cloud-based environment (or set you up for success in transitioning to one).
Shared Assessments is a program that provides organizations with a way to obtain a detailed report about a service provider's controls for security, privacy and business continuity. Service Providers that store, process, or transmit Personally Identifiable Information (PII) are inevitably being asked to complete a variety of questionnaires to evaluate the in-place controls for security, privacy, and business continuity. By utilizing Shared Assessments, service providers, and assessment firms save time, resources, and money by reducing redundancies, and increasing efficiencies in the vendor assessment process.
We can help you identify and remediate the gaps, and put you on track for utilizing the Agreed Upon Procedures (AUP) consistent with service provider evaluations. The Shared Assessment service offers AUP, standards that are used when conducting an onsite audit of a managed service provider. The benefit of this service is that the service provider can then share the report with multiple clients, alleviating the need for separate audits or responding to additional client questionnaires.
In the context of information security, social engineering is using psychological manipulation techniques in an attempt to gain access to data (for example, phishing emails).
We utilize social engineering as part of our Penetration Testing service, or as a stand-alone exercise. We use tactics such as phone calls or phishing exercises in an attempt to solicit sensitive information, or even attempt to physically breach your building or secure area. We identify gaps and make recommendations that can be used to improve employee awareness and physical security.
We provide training at all levels within your organization to help establish a well-rounded security awareness program in any industry. Our training comes in a variety of convenient formats—both on- and off-site— such as classroom-style sessions, web-based meetings, or computer-based training. Our training services are flexible to meet your needs. We can educate your team about:
This assessment evaluates the increasingly complex sets of connections, roles, rules, and access permissions that comprise an organization's Virtual Private Network (VPN).
We deliver an independent review of your organization's technical infrastructure, policies, and administrative procedures. During this test, we assess:
We make practical recommendations to optimize and enhance the effectiveness of your VPN.
A wireless security assessment identifies vulnerabilities within your wireless infrastructure.
We provide a comprehensive wireless security assessment to identify the wireless vulnerabilities present in your environment. We conduct interviews with key personnel, and then evaluate:
A breach threat assessment examines the current state of security within your organization and evaluates your ability to respond to threats or incidents.
We help you develop a programmatic and methodical approach in defense and incident response that’s adaptable to evolving threats and technology over time.
This type of assessment evaluates an organization’s ability to appropriately respond to security incidents (from full blown data breach investigations to low level virus or malware outbreaks).
We help you build and prepare your own incident response function through training, documentation development and review, simulated exercises, and third-party assessment services. We help you arm your organization and staff with techniques and procedures to better defend your company and respond to security incidents. We assist you with: