NMI LLC — Information Security Services
NMI solves the most difficult problems of security, governance, risk management, and compliance.
NMI first performed a penetration test in 1994. Since that time, NMI has performed thousands of security tests for hundreds of customers ranging from small businesses to the world's largest companies.
The NMI Difference
- Expert research (identifies 20-50% more critical vulnerabilities)
- Consistent reporting across all types of tests
- Service after the test (including post-remediation report updates)
- Superior deliverables accessible to all audiences
- Testing team with extensive programming experience
- More experience than most organizations (including those much larger than NMI
NMI conducts intelligence gathering (discovery) and an automated scan of the scoped systems. NMI security experts use this information as the basis for comprehensive research and analysis (many companies simply provide an annotated report of the automated scan findings). NMI's expert research and analysis reduces nuisance findings and obvious false positives. Results are reported using NMI quantitative risk assessment.
NMI performs a vulnerability scan, and then uses a combination of automated tools and human expertise to attempt to gain unauthorized access to the scoped systems. A penetration test significantly reduces false positive findings. Because a penetration test has more permissive rules of engagement, NMI often identifies vulnerabilities that are not detected by a vulnerability scan. Results are reported using NMI quantitative risk assessment processes.
An application test provides assurance that your applications, and especially web-served applications, are secure. NMI uses automated tools and over 50 years of combined programming expertise to analyze applications for security flaws. NMI looks for parameter and boundary checking errors, excessive privileges, SQL and HTML injection, cross-site scripting, and other problems in HTML, scripts, and other executable code. Results are reported using NMI quantitative risk assessment processes.
NMI analyzes the actual configuration of selected systems and networks as a trusted insider (a configuration analysis of your network design is sometimes referred to as a Network Architecture Review). The configuration analysis can be performed independently or as a complement to the other tests described on this page. Configuration analysis identifies problems that are not apparent from external testing, and is the only way to categorically disprove the existence of certain vulnerabilities. Results are reported using NMI quantitative risk assessment processes.
NMI uses phone, web, electronic mail, and on-site covert research and subversive access attempts (referred to as pretexting) to test the strength of your policies, staff training, and technical controls. Social engineering identifies failures in security awareness and information handling practices that may allow an attacker to obtain valuable information from unsuspecting or uninformed employees. Results are reported using NMI quantitative risk assessment processes.
Security architecture means the development of secure enterprise information technology solutions, not just security-specific solutions. NMI security architecture and implementation solutions consider security in the context of business needs and risk tolerance as an integral part of every solution's life cycle.The NMI Difference
- Strategic business vision
- Unmatched technical expertise
RAPID enterprise security architecture process
- Shortest time to functional specification
- Fastest & most cost-effective implementation
- Guaranteed business acceptance
- Deployment structured for minimal business disruption
- Minimize bureaucratic overhead
- Complete solution documentation
- Support throughout the entire solution life cycle
Enterprise Security Architecture
NMI will design or enhance your enterprise security architecture (ESA), and work with you to integrate your ESA with every organizational function (not just technology- and security-related projects). NMI offers a unique combination of project management, business management, enterprise governance, and security architecture skills. NMI will:
- Develop your enterprise security architecture as an overall framework, and integrate that framework with your normal business functions in a cost-effective way that ensures stakeholder and user buy-in.
- Apply your security architecture to design solutions for specific business needs, ensuring that every solution is secure and meets business requirements, your risk appetite, and the needs of stakeholders and users.
Security Solution Architecture
The development and implementation of an enterprise security architecture (ESA) is important, but you often need a specific information security solution developed and deployed as quickly and cost effectively as possible. NMI provides the expertise and the security architecture experience necessary to design and implement technology- and security-specific solutions including(but not limited to):
- Secure network architecture
- Identity Management (IM)
- Public Key Infrastructure (PKI)
- Multi-Factor & Biometric Authentication
- Reduced Sign-On (RSO) & Single Sign-On (SSO)
- Security Event & Incident Monitoring (SEIM)
- Border protection (firewalls, VPN)
- Intrusion detection (IDS)
- Intrusion prevention (IPS)
- Secure domain name service (DNS, DNSSEC)
- Secure electronic mail (POPS, IMAPS, SMTPS)
- Malicious Software control
- Junk and SPAM control
- Legacy Systems Security Enhancement
Information Security & Information Technology Support
NMI LLC has the broad multi-platform, multi-protocol expertise to support any information security and information technology environment. Services are available 5x8 and 7x24 on a retainer or fixed-price contract basis.The NMI Difference
- Support for all manufacturers and operating systems
- Support for all network architectures and protocols
- Special expertise with IBM i-Series and z-Series platforms & applications
- Services available on a 5x8 or 7x24 basis
- Average 30 minute callback for level 2 and level 3 support requests
- Average 8 hour on-site support (48 contiguous U.S. states & southern Canada)
General Security & Technology Support
Take advantage of the full range of NMI's security, technology, and software engineering capabilities by phone or email (with scheduled on-site work as necessary).
- Support for security and technology configurations & initiatives
- Phone support available on a 5x8 basis with average next-business-day callback
- Electronic mail support available on a 5x8 basis with average same-business-day response
- Schedule on-site work for projects of any size
Secure Software Engineering
NMI is one of the few security consulting companies with extensive software engineering experience. You may think you don't need or don't want custom software—but whether you are an entrepreneur with a dynamic web site or a large corporation with complex information technology solutions, you already have custom software. The only question is whether you will control custom software development or whether it controls you.The NMI Difference
- Security technology integration
Over 50 years of combined software engineering experience
- Rapid application development (RAD) process
- Rigorous version & change control
- Extensive quality assurance
- Complete, high-quality documentation
- Ongoing maintenance and support
- Cross-platform development (any combination of platforms)
- Multiple language development (any combination of languages)
- Service oriented architecture (SOA) design
- Expertise with midrange and mainframe systems
- Systems programming (including assembly language for any platform)
- Enterprise messaging architectures
Dynamic Web Content
Dynamic web content means custom software engineering. NMI will implement a formal software engineering process for your dynamic web development that ensures security and change control but provides the greatest possible freedom for developers. NMI supports all server models, databases, programming languages, and markup languages.
Cloud-Based Applications & Services
NMI has the expertise to help you develop and deploy cloud-based products and services, and to ensure those products and services will meet rigorous vendor due diligence, governance, and compliance requirements.
Legacy Application Support
How many times has the mainframe died since 1970? Yet many organizations still depend on their midrange and mainframe applications, and despite repeated efforts have not found solutions as robust and reliable on other technologies. NMI's extensive experience with midrange and mainframe environments and software development ensure that your legacy applicable will remain robust and reliable over time.
Languages & Platforms
How can NMI claim it supports all languages and platforms? NMI software engineers average more than 20 years of software engineering experience, and follow a rigorous program of continuing education. With this level of expertise and continued learning, NMI can assimilate new platforms and programming languages at an expert level without any impact on project performance. NMI's experience ranges from mainframes to embedded systems, and from direct machine language entry to modern fourth- and fifth-generation programming languages. Following is only a partial list of the programming languages, platforms, and environments supported by NMI:
Operating Systems & Platforms
- iOS (iPhone, iPad)
- z/VM (z-Series)
- z/OS (z-Series)
- i/OS (i-Series)
- Sun Solaris
- SCO UnixWare & OpenServer
- MacOS & OS X
Programming Languages & Platforms
- J2EE (JSP, Servlets, EJB)
- .Net (ASP, Visual Basic, C#, VC++)
- C and C++
- Markup languages (HTML, WML, XML, etc.)
- Assembler (all supported platforms)
- Microsoft SQL Server
- IBM Universal Database (DB/2, Informix)
RAPID and TrustPath are trademarks of NMI LLC.