Services

A HUMAN AND PERSONALIZED SERVICE. NOT A RIGID CONTRACT

We understand that cybersecurity services requirements might be different in every organization. UTMStack SOC team will act as an extension of your IT team. Unlike traditional SOC services, we will work shoulder by shoulder with your IT resources and provide best practice recommendations, take action to block attacks, and perform assessments and preventive analysis.

A DARK AND DANGEROUS PLACE

The Dark Web is made up of digital communities that sit on top of the Internet. While there are legitimate purposes to the Dark Web, it is estimated that over 50% of all sites on the Dark Web are used for criminal activities, including the disclosure and sale of digital credentials. Far too often, companies that have had their credentials compromised and sold on the Dark Web don’t know it until they have been informed by law enforcement — but by then, it’s too late.

HOW DOES THIS HAPPEN?

When your employees use their work email on third-party websites, like the types listed below, it makes your business vulnerable to a breach. With our Dark Web Monitoring, we can detect if your company is at risk due to exposed credentials on those websites.

WHAT YOU CAN DO TO PROTECT YOUR BUSINESS?

By utilizing Dark Web Monitoring Services, a combination of human and sophisticated Dark Web intelligence with search capabilities, you are able to identify, analyze and proactively monitor for your organization’s compromised or stolen employee and customer data.

HOW WE PROTECT YOUR BUSINESS

We connect to multiple Dark Web services including Tor, I2P, and Freenet to search for compromised credentials, without requiring you to connect to these high-risk services directly. Provides intelligent awareness of compromised credentials before breaches occur.

WHY IT’S IMPORTANT

Compromised credentials are used to conduct further criminal activity. Employees often use the same password for multiple services, such as network login, social media, and SaaS business applications, exponentially increasing the potential damage from a single compromised credential. Limited visibility when credentials are stolen; over 75% of compromised credentials are reported to the victim’s organization by a third party, such as law enforcement.

$1495 seems like a low price. The XYZ firm charged us about 3 times that for our last vulnerability assessment. How do we know that your assessments are exhaustive and effective?

UTMStack has been working hard with financial institutions in numerous parts of the world since 2016. During this time, it has gained an outstanding reputation as one of the main providers of consulting services for banks, hospitals, real estate, among others. That said, we are happy and able to provide you with a list of customers’ references should you ask for them. Our auditing personnel is made up of consummate professionals who have years of experience in the Healthcare, Banking, Transportation, real estate, and education industries.

One of the features that sets us apart from other companies is the way in which we organize our IT auditing teams. We have had the privilege of constructing teams that consist of personnel specialized in different areas of security. Our teams generally include experienced personnel in the management of complex network environments and personnel with a more traditional IT auditing experience, because they usually have a better insight into internal control systems and auditing practices.

During the assessment services, you will work with one of our experienced IT technical auditors, which gives our firm the ability to thoroughly analyze the findings in our review in conjunction with your internal IT personnel or with your external network services provider. Furthermore, we also filter false positives or errors stemming from our automatized tools before providing you with the final report; which puts us ahead of the many other service-providing firms that have the tendency to force the burden of filtering all the false positives onto your organizations’ security personnel.

Frequently Asked Questions (FAQs)

What does the vulnerability assessment cover and how is it performed?

This service is designed to assess external vulnerabilities and offers coverage of up to 100 IP (Internet Protocol) addresses owned or controlled by your organization. In order to implement this service, you must assign it to the IP addresses on which you want the tests to be performed. These will be performed using our automated testing solutions toolkit.

What is an exploitative assessment and a non-exploitative assessment?

The IT industry has not yet set standard terms to describe the specific characteristics of vulnerability assessment tests. We generally use the term non-exploitative assessment to refer to an assessment that only goes as far as detecting and discovering the vulnerabilities in your system without actively demonstrating the various ways in which those vulnerabilities may be exploited while the term exploitative assessment refers to an assessment that will, after discovering the vulnerabilities in your system, actively demonstrate how a noxious entity might exploit those vulnerabilities to harm your system or specific file archives.

What tools will you use to perform the test?

We use tools that form part of the Kali Linux distribution such as Burp Suite, DirBuster, NMAP, SQLMap, and OWASP ZAP. The tool or tools that are selected to perform the task may vary and are suited to the organization’s respective security specialist or expert’s perception since they are accurately assessed according to the environment in which they are going to be used. As a rule, we will only use subscription-based tools to guarantee the updating of files and consequently, ease the detection of recently arisen vulnerabilities.

How frequently will the test be performed?

The general recommended practice is that every organization should perform a vulnerability assessment test at least once a year or after any important changes in the organization’s operations or patch solutions. Our $1495 fee covers one single assessment at any time of your choosing. We also offer frequent testing intervals at a discounted price. An internal vulnerability assessment is one of the most effective means to verify the efficacy of any parch administrations.

Why $1495?

After a careful evaluation of this service, we settled on this very fixed price for 3 main reasons, first, it was an effort to beat our competitors that offer the same services at extremely high prices, secondly, we believe that $1495 represents a clear and matching price for the service we provide and thirdly to make it affordable to our potential clientele, especially taking into account the current rough economic climate. Please note that the pricing, though may seem low, does not at all affect the quality of our service.

How will you receive the findings of the Vulnerability Assessment test?

We issue a formal report of all of our review services. This report will include a general description of the outcomes of the test, as well as any recommendations that may be made regarding the possible solutions. A copy of the complete results of the test will be attached to that report. In order to maintain a standard format, we issue all our reports in electronic format (PDF) through our email. It usually takes us about a week time to publish the report having passed it through our internal quality control function, however, expedited issuance of reports is available upon advance request. You can feel free to contact us if you would like to receive a sample report of the external Vulnerability Assessment test.

How long does a single vulnerability assessment take?

The usual estimated time for a single assessment is generally one week prior to having signed a letter of commitment with our client. During that time we compile the necessary documents of the results. In the instance where the client needs an urgent test, they can let us know so we can immediately tend to their needs.

Cost-effective Penetration Testing

In the last couple of years, there has been a general improvement in much of the world’s economic prospects. However, there has been a decline in the per capita income of several developing countries.

As service providers, we at UTMVAULT understand the economic challenges we face in today’s world. However, the validation of IT systems’ security within each organization should not fall victim to the times despite the choices that must be taken to uphold the institutional viability within each organization.

Our qualified staff has, over the years, acquired experience in performing IT review and testing services as well as working on the security assessment of internal networks and systems in over one hundred financial institutions across the world.

Based on our experience with the aforementioned financial institutions, we have been able to see a variety of prices and descriptions of “penetration testing services,” ranging from the use of simple tools to multi-layered tests on the penetration and exploitation of the vulnerabilities found, entailing days or weeks of work. This in turn has allowed us to notice how prices can dramatically vary with respect to the different service providers.

It was through the understanding of the above that inspired us to create UTMVAULT, a product that would offer the same quality service at a price for much less than the industry standard. This allows us to be able to stand against the market’s competition yet at the same time provide an invaluable service. Taking all aspects into account we made a decision to value its “penetration testing service” at a price of only $ 995

In order to clear any possible doubts, you may have regarding the “penetration testing service” we offer, the following is a compiled list of the most frequently asked questions that usually come from our clientele. Also, please feel free to go through our terms and conditions for further information.

Frequently Asked Questions (FAQs)

What does the penetration test cover and how will it be performed?

This service is a test designed to detect vulnerabilities against external penetration, which may or may not exploit the vulnerabilities detected during the process. This covers up to 25 IP (Internet Protocol) addresses owned or controlled by your organization. In order to implement this service, you must assign it to the IP addresses on which you want the tests to be performed. These will be performed using our automated testing solutions toolkit.

What is an exploitative and non-exploitative test?

In IT security jargon, the term ‘penetration test’ is used to refer to tests that are run on a system with the aim of actively detecting vulnerabilities. A penetration test can be exploitative or non-exploitative. A non-exploitative test is one where the penetration test only goes as far as discovering the system’s vulnerabilities and later on informs your organization as to the presence of those vulnerabilities, and exploitative test on the other hand is one that goes a little further beyond the mere detection of vulnerabilities. It demonstrates the ways in which an external entity might be able to exploit your organization’s vulnerabilities.

What tools will you use to perform the test?

The representative tools we have used with our customers include Metasploit, OWASP, among others that come preinstalled inside the Kali Linux distribution we use for our tests. The tool or tools that are selected to perform the task may vary and are suited to the organization’s respective security specialist or expert’s perception since they are accurately assessed according to the environment in which they are going to be used. As a rule, we will only use subscription-based tools, to guarantee the updating of files and consequently, ease the detection of recently arisen vulnerabilities.

How frequently will the test be performed?

As a general rule of thumb and in line with good maintenance practices, it is recommended that organizations perform a penetration test after any change in the configuration of their secure servers, or as a result of the installation of any new foreign acquired hardware. An external penetration test is the only way to effectively verify that the said changes did not result in the creation of new vulnerabilities. Our $995 service fee covers the performance of a single test at a time of your choosing. We also offer more frequent testing intervals at a discounted price per test performed. Periodic testing for external penetration also has the advantage of demonstrating the efficacy of your systems’ general monitoring programs in front of regulating authorities.

Why $995?

Looking at the variability of existing prices for this service and the existing competitiveness, we decided to create an offer that could compete with the rest of the suppliers, based on the value and needs of the institutions. We think that setting the price at $ 995 serves to be competitive and affordable for our customers, especially considering the current economic climate.

What is the time frame for a performance of a penetration test?

Generally, we carry out penetration tests within a week prior to having signed a commitment letter with the client. In the instance where the client needs an urgent test, they can let us know so we can immediately tend to their needs.

How will you receive the findings of the penetration test?

We issue a formal report of all of our review services. This report will include a general description of the outcomes of the test, as well as any recommendations that may be made regarding the possible solutions. A copy of the complete results of the test will be attached to that report. In order to maintain a standard format, we issue all our reports in electronic format (PDF) through our email. It usually takes us about a week time to publish the report having passed it through our internal quality control function, however, expedited issuance of reports is available upon advance request. You can feel free to contact us if you would like to receive a sample report of the external penetration test.

I have over 25 IP addresses to test – can UTMVAULT provide testing services for my organization?

Certainly. You just need to request an estimate, in order for us to elaborate a personalized proposal of your particular environment, and the number of addresses that are going to be tested. We do frequently provide tests for organizations with more than 25 different IP addresses; however, we find that most companies have less than 25 addresses requiring testing, which is why we have established our price rate at this level.

A remote Disaster recovery Site for your data.

UTMStack disaster Recovery Sites ensure that your data will be safe in a disaster event. UTMSatck encrypts and replicates your DR data across multiple regions in the United States or Europe depending on your requirements.

Our US Datacenters have the following compliance certifications

ISO/IEC 27001: 2013 certificate, expires June 25, 2020
ISO/IEC 27001: 2013 attestation
Type 2 SOC 1 (AICPA SSAE No. 18 and IAASB ISAE 3402 Standards)
Type 2 SOC 2 (AICPA SSAE No. 18)
Type 1 HIPAA and HITECH
Europe Datacenters are GPDR compillant.