The Data Center Industry


Work with Mercury Z professionals that have over 20 years of experience in professional equipment management & data center solutions!

Security Services

Mercury Z offers data center specific security services such as scans, testing services, and facility breach exercises, as well as general security services, which are beneficial to apply to your whole business. Security is a growing concern for data centers as well as for enterprises with increasing headlines detailing recent cyber attacks. The need for constant upgrades of old and current systems also leaves exploitable vulnerabilities, some of which can be easily remedied to deter attempts. Data centers and enterprises must invest in security measures to minimize potential vulnerabilities in their systems, hardware, and personnel.

Mercury Z offers a range of security services including VA scans, Pen Testing, and Social Engineering Services to identify gaps in your security and to make recommendations on how to resolve them. You can also benefit from Risk Assessments to determine the current status of your data center, a Facility Breach Exercise to test its physical security, as well as Wireless Testing and Forensic services.

Vulnerability Assessment / Scan (Tier 1)

Using public domain tools and custom scripting, Mercury Z provides you with an internal and/or external scan of your data center to identify known vulnerabilities. By revealing what these vulnerabilities are, you will be in a better position to assess the level of your current risk and make more informed decisions as to what improvements need to be made.

The Mercury Z process:

  • Obtain publicly available information on your internet exposure
  • Perform initial scan to identify live hosts and confirm targets
  • Internal and/or external scan of each IP address/Live Host in the test plan (computers, networks, webapps/servers) – internal scans initiated from appliance located within your network
  • Close-out report that ranks vulnerabilities from critical to low, with recommendations for remediation of vulnerabilities

Learn More About Security Services!



--
Data-Center-Security-Services

Penetration Testing / Ethical Hack (Tier 2)

Mercury Z conducts an initial Vulnerability Assessment to identify specific attack vectors. Once vectors are identified, a certified ethical hacker will attempt to exploit the identified vulnerabilities.

The Mercury Z process:

  • Includes all components of the Vulnerability Assessment
  • Tests your security tools by exploiting identified vulnerabilities via real-world attack vectors to attempt to gain unauthorized access to internal servers/applications
  • May attempt to escalate exploited privileges and perform password cracking
  • Close-out report with demonstrated targets that were breached

Social Engineering Services

Social Engineering involves a non-technical method of hackers tricking people into divulging personal information or breaking normal workplace security protocols to obtain privileged data. This can be over the phone, via the Internet, or even in person.

Email Phishing service

Mercury Z provides you with an email phishing service whereby a prepared email is sent out to the client’s employees to test their awareness and reactions to an attempt to gain privileged information from them. Hackers typically achieve this by pretending to be a trustworthy entity, and using misleading emails or hypertext links to a false website.

The Mercury Z process:

  • Consultation – working with Mercury Z to determine the ‘targets’ (departments, employees, executives, etc.)
  • Create the email – agree on the content and layout of the email to be sent
  • Create authentication server – a custom webpage is prepared to collect all of the responses to the email
  • Send the email – the prepared email is sent and the server then captures actions and credentials as provided 
  • Delivery of report and follow-up discussion – a report of the number of responses and the information they contained is compiled by Mercury Z and then presented to the client. Through a consultative process, Mercury Z discusses the issues presented in the report and makes suggestions as to potential steps to take to improve security. Typically, a security seminar for training and further education is highly recommended.

Pretexting service

Pretexting is a king of social engineering whereby a hacker uses non-technical methods to manipulate an employee into providing secure credentials. This is typically done by creating a scenario where the hacker pretends to be in a position of authority and attempts to trick an employee into providing confidential information. To combat this risk, Mercury Z provides a Pretexting service that establishes a scenario to test employees. This allows you to better assess your organization’s exposure to this kind of risk, as well as educate employees into adopting a more risk-aware mindset.

The Mercury Z process:

  • In consultation with a Mercury Z Consultant, discuss specific areas to target, which can include finance, operations, and HR among others.
  • The Mercury Z Consultant will learn about your business from you and information freely available in the public domain, which will be used to develop a call scenario to attempt to obtain privileged information.
  • Following the completion of the Pretexting service, you will be sent a report detailing those who have failed the test and the ID/PWD combinations that were given.

Social Engineering Security Seminar

Through a customized course on security, Mercury Z can create a seminar that focuses on your organization’s needs. This can be educational for all employees on the subject of Social Engineering (email phishing, pretexting, etc.). It can be specifically catered towards executives through a separate class if requested.

Mercury Z’s seminar can be delivered on-site with a session in the morning, and another in the afternoon. The Mercury Z Security Consultant delivering the seminar will be available between sessions to answer any general security questions. A video of the seminar can be recorded and customized with the corporate logo and an executive introduction. This can be used to facilitate remote worker training, new hire, and future training/refresher purposes.

Other Security Services

Risk Assessment & Gap Analysis

Mercury Z provides a risk assessment and gap analysis service for data centers or businesses operating data centers including in other industries, to ensure that they meet the correct regulatory standards that is required of them. Whether it’s HIPAA, PCI, SSAE16 or other standards, if a business fails an audit, they can be subject to thousands or even millions of dollars in fines, not to mention lost business and corporate bad will. A compliance review and gap analysis through Mercury Z’s Security Services can help you to make sure that your company is prepared. Mercury Z will take you through a step-by-step process that reviews your systems for compliance, assesses the level of risk, and provides a report with a detailed gap analysis with steps for remediation.

Facility Breach Exercise (SSAE16)

Mercury Z offers you a Facility Breach Exercise so that you can test your physical security policies and procedures. Whether this exercise is targeted at a data center or a corporate environment, these policies should be documented and followed precisely. This exercise can be used to satisfy a segment of a gap analysis if you are seeking SSAE16 attestation.

  • Working with you to define the appropriate facilities and methods to “breach.”
  • Following the completion of the exercise, you will receive documentation of the facility breach with details on the extent that this breach was enabled by process or personnel.

Web Application Testing

Mercury Z’s Web Application Test is a multi-tiered effort building upon the vulnerability and penetration testing of the physical server and its software. This test provides confirmation that the development of an application has not introduced any additional vulnerabilities based upon the coding. Mercury Z can perform a full-scale security analysis of your web applications to determine your network’s risk of web intrusion. You will also receive recommendations on how to remediate any vulnerabilities.

Wireless Security Testing

A Wireless (WiFi) Security Assessment through Mercury Z analyzes your network’s wireless infrastructure and tests for potential vulnerabilities so you can be aware of potential back-door intrusions. In order to ensure that your network is better protected from newer and more improved methods of hacking, a wireless security testing service will allow you to expose these potential threats. An additional area of concern includes the introduction of “rogue” or unauthorized Access Points (APs) to the environment. These rogue APs are not subject to the same controls as the authorized ones and therefore represent a significant risk. Mercury Z’s Wireless Security Testing locates these and enables you to have them removed.

Forensics

Network forensics monitors and analyzes computer network traffic to gather information, legal evidence, and intrusion detection. When cyber intrusions occur, Mercury Z can place a certified network security expert on your team to conduct a thorough investigation to discover the source of the attacks or other problem incidents and follow the process through the court system if necessary. We can help guide your organization to a safer and more protected presence on the web.

Get in Touch!

Telephone: (919) 439-5000
Email: info@mercuryz.com
www.mercuryz.com
1150 SE Maynard Rd
Cary, NC 27511

facebook linkedIn facebook

redlogo100