IT Security Healthchecks

More than an IT Health Check

mRr3b00t

Purpose

Our security assurance and testing services go way beyond a basic vulnerability scan. We work with you to understand your business context and the architecture of the service. We look at the threat landscape, your data flows, and assets to determine the best approach to assuring you have a strong security posture.

We test both from an external and from multiple internal positions to ensure you understand the current state position for risks both the service and its upstream and downstream interfaces.

Scope

We ensure the scope is reflective upon your risk landscape and threat profile. We tend to start with a wide view to ensure we do not miss something which later comes back to bite you.

External Testing

We conduct external perimeter testing focusing on areas such as:

  • Phishing
  • Mail Flow and Mail Services Security
  • Remote Access Services such as VPNs and Remote Working Solutions (e.g., RDP)
  • Web Applications and APIs
  • Firewalls and other supporting services

We do this using black, grey, and white box perspectives. We also strongly recommend using an assume breach mentality with regards to scoping and assessment.

Internal Testing

Our internal baseline testing includes:

  • Active Directory Auditing
  • Active Directory Exploitation Testing
  • Desktop Build Reviews
  • Server Build Reviews
  • Vulnerability Assessment
  • Asset Inventory
  • Mobile Device Audits
  • Firewall Reviews
  • Wireless Networking Reviews
  • Network Segmentation Testing
  • Lateral Movement Analysis

We do not believe in taking unnecessary risks, we therefore where possible attempt to assess a large breadth of an estate (we aim for ~90% coverage subject to requirements and conditions). In the cyber security world, it is the things you don’t know that tend to lead to incidents.

Outcomes

  • We work with your team to contextualise our findings to your business
  • Where appropriate we provide walk through exploitation demonstrations
  • We break down weaknesses (vulnerabilities) based on the number, type, and severity, we apply a consultant analysis and if appropriate a CVSS base score.
  • We outline the findings and provide remedial guidance.

Our output reports are one element, however the key to success with these activities is to ensure your team understand the vulnerabilities, how they arrived in the environment and understand how identity, protect, detect, and respond to these. The aim here is to try and avoid vulnerabilities being introduced or re-introduced to the environment. We support this with a high communications approach.