The Financial Industry


Identify and resolve network vulnerabilities, optimize and expand networks, all with Mercury Z services!

Financial Security Services

With the increasing use of complex systems and networks to improve and speed up operations, the financial industry has made itself very vulnerable to attacks. The rise of reported cyber attacks on businesses large and small across all industries, has made increased investment in security services a necessary and vital measure. Mercury Z provides a number of security services that help you identify any current exploitable vulnerabilities in your networks, and make recommendations on the steps you need to take.

In addition to Vulnerability Scans and Penetration Testing, we also offer Risk Assessment & Gap Analysis to determine whether you are meeting the relevant industry standards including PCI compliance. Mercury Z's Social Engineering Services test and verify the level of awareness your employees have with regards to security, and our security seminars can further educate and inform personnel of the potential risks.

PCI Compliance

Mercury Z can help you meet Payment Card Industry Data Security Standards by offering you key security services, and guiding you through a potentially complex process. We can help ensure that you take the right steps towards providing your customers with a secure data transfer environment, by working with you to check off PCI Compliance requirements. Mercury Z can provide assistance in finding the right experts for you to verify that you have met the relevant requirements and performed the necessary scans.  We can find you the following security entities to assist you in this process:

Approved Scanning Vendor (ASV) – vulnerability scans of externally facing payment devices

Qualified Security Assessor (QSA) – a certified consultant conducts an on-site assessment

To better understand the terms and requirements of PCI compliance and how to obtain it, our Mercury Z security consultants are available to you to explain how it works and the next steps you need to take. For more information on the Mercury Z PCI Compliance service, please click here.

Mercury Z security consultants also recommend more frequent Vulnerability Assessments and Penetration Testing as well as Social Engineering services to identify any vulnerabilities that your business may currently have and to advise on remediations.

Learn More About Security Services!



--
Financial-Security-Services

Risk Assessment & Gap Analysis

Mercury Z provides a risk assessment and gap analysis service for businesses operating data centers, to ensure that they meet the correct regulatory standards that is required of them. Whether it’s HIPAA, PCI, 3rd Party Audits, SSAE16 or other standards, if a business fails an audit, they can be subject to thousands or even millions of dollars in fines, not to mention lost business and corporate bad will. A compliance review and gap analysis through Mercury Z’s Security Services can help you make sure that your company is prepared. Mercury Z will take you through a step-by-step process that reviews your systems for compliance, assesses the level of risk, and provides a report with a detailed gap analysis with steps for remediation.

Facility Breach Exercise (SSAE16)

Mercury Z offers you a Facility Breach Exercise so that you can test your physical security policies and procedures. Whether this exercise is targeted at a data center or a corporate environment, these policies should be documented and followed precisely. This exercise can be used to satisfy a segment of a gap analysis if you are seeking SSAE16 attestation.

  • Working with you to define the appropriate facilities and methods to “breach.”
  • Following the completion of the exercise, you will receive documentation of the facility breach with details on the extent that this breach was enabled by process or personnel.

Vulnerability Assessment / Scan (Tier 1)

Using public domain tools and custom scripting, Mercury Z provides you with an internal and/or external scan of your enterprise to identify known vulnerabilities. By revealing what these vulnerabilities are, you will be in a better position to assess the level of your current risk and make more informed decisions as to what improvements need to be made.

The Mercury Z process:

  • Obtain publicly available information on your internet exposure
  • Perform initial scan to identify live hosts and confirm targets
  • Internal and/or external scan of each IP address/Live Host in the test plan (computers, networks, webapps/servers) – internal scans initiated from appliance located within your network
  • Close-out report that ranks vulnerabilities from critical to low, with recommendations for remediation of vulnerabilities

Penetration Testing / Ethical Hack (Tier 2)

Mercury Z conducts an initial Vulnerability Assessment to identify specific attack vectors. Once vectors are identified, a certified ethical hacker will attempt to exploit the identified vulnerabilities.

The Mercury Z process:

  • Includes all components of the Vulnerability Assessment
  • Tests your security tools by exploiting identified vulnerabilities via real-world attack vectors to attempt to gain unauthorized access to internal servers/applications
  • May attempt to escalate exploited privileges and perform password cracking
  • Close-out report with demonstrated targets that were breached Social Engineering involves a non-technical method of hackers tricking people into divulging personal information or breaking normal workplace security protocols to obtain privileged data. This can be over the phone, via the Internet, or even in person.

Social Engineering Services

Social Engineering involves a non-technical method of hackers tricking people into divulging personal information or breaking normal workplace security protocols to obtain privileged data. This can be over the phone, via the Internet, or even in person.

Email Phishing service

Mercury Z provides you with an email phishing service whereby a prepared email is sent out to the client’s employees to test their awareness and reactions to an attempt to gain privileged information from them. Hackers typically achieve this by pretending to be a trustworthy entity, and using misleading emails or hypertext links to a false website.

The Mercury Z process:

  • Consultation – working with Mercury Z to determine the ‘targets’ (departments, employees, executives, etc.)
  • Create the email – agree the content and layout of the email to be sent
  • Create authentication server – a server is prepared to collect all of the responses to the email
  • Send the email – the prepared email is sent and the server then captures responses
  • Delivery of report and follow-up discussion – a report of the number of responses and the information they contained is compiled by Mercury Z and then presented to the client. Through a consultative process, Mercury Z discusses the issues presented in the report and makes suggestions as to potential steps to take to improve security. Typically, a security seminar for training and further education is highly recommended.

Pretexting service

Pretexting is a king of social engineering whereby a hacker uses non-technical methods to manipulate an employee into providing secure credentials. This is typically done by creating a scenario where the hacker pretends to be in a position of authority and attempts to trick an employee into providing confidential information. To combat this risk, Mercury Z provides a Pretexting service that establishes a scenario to test employees. This allows you to better assess your organization’s exposure to this kind of risk, as well as educate employees into adopting a more risk-aware mindset.

The Mercury Z process:

  • In consultation with a Mercury Z Consultant, discuss specific areas to target, which can include finance, operations, and HR among others.
  • The Mercury Z Consultant will learn about your business from you and information freely available in the public domain, which will be used to develop a call scenario to attempt to obtain privileged information.
  • Following the completion of the Pretexting service, you will be sent a report detailing those who have failed the test and the ID/PWD combinations that were given.

Social Engineering Security Seminar

Through a customized course on security, Mercury Z can create a seminar that focuses on your organization’s needs. This can be educational for all employees on the subject of Social Engineering (email phishing, pretexting, etc.). It can be specifically catered towards executives through a separate class if requested. Mercury Z’s seminar can be delivered on-site with a session in the morning, and another in the afternoon. The Mercury Z Security Consultant delivering the seminar will be available between sessions to answer any general security questions. A video of the seminar can be recorded and customized with the corporate logo and an executive introduction. This can be used to facilitate remote worker training, new hire, and future training/refresher purposes.

Other Security Services

Web Application Testing

Mercury Z’s Web Application Test is a multi-tiered effort building upon the vulnerability and penetration testing of the physical server and its software. This test provides confirmation that the development of an application has not introduced any additional vulnerabilities based upon the coding. Mercury Z can perform a full-scale security analysis of your web applications to determine your network’s risk of web intrusion. You will also receive recommendations on how to remediate any vulnerabilities.

Wireless Security Testing

A Wireless (WiFi) Security Assessment through Mercury Z analyzes your network’s wireless infrastructure and tests for potential vulnerabilities so you can be aware of potential back-door intrusions. In order to ensure that your network is better protected from newer and more improved methods of hacking, a wireless security testing service will allow you to expose these potential threats. An additional area of concern includes the introduction of “rogue” or unauthorized Access Points (APs) to the environment. These rogue APs are not subject to the same controls as the authorized ones and therefore represent a significant risk. Mercury Z’s Wireless Security Testing locates these and enables you to have them removed.

Forensics

Network forensics monitors and analyzes computer network traffic to gather information, legal evidence, and intrusion detection. When cyber intrusions occur, Mercury Z can place a certified network security expert on your team to conduct a thorough investigation to discover the source of the attacks or other problem incidents. We can help guide your organization to a safer and more protected presence on the web.

Get in Touch!

Telephone: (919) 439-5000
Email: info@mercuryz.com
www.mercuryz.com
1150 SE Maynard Rd
Cary, NC 27511

facebook linkedIn facebook

redlogo100