Our Services

See what decades of enterprise experience and IT knowledge can do for your organization. Below are some of the cybersecurity and other IT services we provide to the commercial, public, and military spaces in all verticals. Discounts and pro bono services are available for qualified charities and non-profits.

Vulnerability Assessment or Penetration Testing?

A vulnerability assessment is typically an automated scan to check for open ports either through the Internet or inside a network. The primary purpose is to identify known vulnerabilities with exploits and present a list to the customer to resolve. A penetration test starts with with a vulnerability assessment. The tester then actively attempts to exploit the vulnerabilities found to gain access. The penetration test report includes not only the evidence that the vulnerability can be exploited but also remediation options.

CYBERSECURITY ASSESSMENTS

General scanning of devices, networks, wireless, Cloud, software, servers, etc. for vulnerabilities.

PENETRATION TESTING - CLOUD

Emulating hackers by attempting to access discovered vulnerabilities in Cloud and API connections, such as Amazon Web Services, Microsoft Azure, and SalesForce.

PENETRATION TESTING - ACTIVE DIRECTORY

In-depth testing against Microsoft (or 3rd-party) Active Directory to identify unneeded permissions, vulnerable service accounts, and Golden Tickets.

PENETRATION TESTING - INSIDER THREATS

Also known as White Box Testing, this is an "assumed breach" scenario. Using a known user account on a single computer with only User privileges, the test attempts to escalate privilege and move laterally. This emulates insiders threats and Malware.

PENETRATION TESTING - INTERNET

Using Open Source Information (OSINT), testers attempt to locate and hack corporate resources using only information found on the Internet. This is also known as External Black Box testing. Includes WordPress testing.

THREAT HUNTING

Analysis of logs, systems and networks for Indicators of Compromise (IOC). Includes Baselining using customer's Security Incident and Events Management (SIEM) system.

COMPLIANCE

Validation of compliance regulations for PCI DSS, HIPAA, GDPR, SOC 2, etc. NOTE - Stewart Consulting is not an APPROVED SCANNING VENDOR.

POLICY REVIEW

Build and verify corporate IT Risk and cybersecurity policies, such as Disaster Recovery (DR), Business Continuity (BC), Incident Response (IR), etc.

GENERAL IT CONSULTING

Training, phishing campaigns, seminars, speaking engagements, physical security assessments. etc.

Stewart Consulting does not at this time offer certified forensics services that could be used in legal proceedings. Any evidence identified would require law enforcement validation before being allowed as evidence.

Ready to Get Started?

If you’re ready to have a conversation about how we can help with your IT and Cyber Security needs? Reach out to us!