VartaiSecurity Logo

About

Vartai Security, LLC is an Information Security consultancy based in Tampa, FL with the goal of helping clients to both understand and mitigate risks to their perimeter and internal network environments. We offer a wide array of services from standard internal and external penetration testing and web application assessments to customized black box/evasive and scenario-based assessments. Our assessments go far beyond a scan and aim at finding flaws only discoverable through hands-on manual testing. We work to tailor each assessment to the client's environment and the risks inherent to their core business.

 

The Vartai team holds over three decades of collective experience in the Information Technology and Information Security industries. Our practitioners hold highly regarded industry certifications such as the Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), as well as various Microsoft and Cisco vendor certifications. We have spoken at security conferences, delivered seminars and training courses, and published open source security tools and research.

About

Vartai Security, LLC is an Information Security consultancy based in Tampa, FL with the goal of helping clients to both understand and mitigate risks to their perimeter and internal network environments. We offer a wide array of services from standard internal and external penetration testing and web application assessments to customized black box/evasive and scenario-based assessments. Our assessments go far beyond a scan and aim at finding flaws only discoverable through hands-on manual testing. We work to tailor each assessment to the client's environment and the risks inherent to their core business.

 

The Vartai team holds over three decades of collective experience in the Information Technology and Information Security industries. Our practitioners hold highly regarded industry certifications such as the Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), as well as various Microsoft and Cisco vendor certifications. We have spoken at security conferences, delivered seminars and training courses, and published open source security tools and research.

Services

Network Penetration Testing

The goal of a network penetration test is to mimic the actions of a real-world attacker. An external penetration test starts from an authenticated perspective as a user on the internet with the goal of breaching perimeter security controls and gaining a foothold in the internal network as well as gaining access to sensitive data.

An internal penetration test typically starts from the perspective a non-credentialed attacker on the internal network. The goal of this type of assessment is to assess risks within the internal environment that could be exploited should an attacker is able to gain internal access to the network environment. The tester typically starts with minimal information about the internal network and must obtain a foothold, escalate privileges within the Active Directory environment and ultimately gain access to any ""flags"" or sensitive data as determined by the client.

Web/Mobile Application Assessments

The goal of a web/mobile application assessment is to mimic the actions of a real-world attacker against a specific, or set of applications. Web applications continue to be the largest external attack surface for companies both large and small and minor vulnerabilities can often be chained together to gain access to sensitive data or internal network access. This type of assessment includes manual and automated testing to assess all aspects of the application as well as the underlying infrastructure.

Vulnerability Assessments

An internal/external vulnerability assessment consists of automated vulnerability scanning followed by manual validation of scan results. The goal of the assessment is to validate and recommend vulnerabilities for remediation without performing full exploitation, lateral movement or privilege escalation such as during a penetration test.

Custom Security Assessments

Vartai is able to customize any type of assessment based on client needs. For example, a more mature environment may require a more evasive penetration test (also known as a red team assessment) from a ""black box"" perspective. Testers are given zero advance knowledge of the internal network and the end goal is to achieve certain ""flags"" as determined by the client, not extensive coverage of nearly every possible vulnerability in the environment. This type of assessment also serves the purpose of testing detection capabilities of internal security teams.

Vartai also performs remote social engineering and phishing assessments, malware review, and reviews of Endpoint Detection and Response (EDR) solutions to test both their configurations and capabilities to detect a variety of attacks.

Security Compliance/Audit Readiness

Vartai can assist with your security compliance needs (i.e. SOX, NIST 800-53, etc.) and also assist clients with pre-audit tasks.

Custom Development Solutions

Vartai develops custom solutions including vulnerability management dashboards and dashboards to provide an ongoing point-in-time view of your organization's security posture via a variety of metrics ingested from both commercial tools and custom scripts.

Virtual Hands-On Training

Vartai offers hands-on training in the form of simulated Active Directory based labs to assist in developing the capabilities of both internal red and blue teams. Labs can be built and customized based on customer needs and varying skill levels of teams.

Community

Vartai is committed to giving back to both the greater information security community as well as the local community in the Tampa Bay area. Vartai consultants are involved in a variety of organizations which provide mentorship and free online training for individuals around the globe starting out in the information security industry as well as those working to enhance their skillset. Vartai also places special importance on giving back to the local community by volunteering time at events for veterans groups and working to assist disadvantaged youths with gaining practical technical experience which may translate to a career in a variety of industries.

CONTACT US