Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy

IT Security Healthchecks

More than an IT Health Check

mRr3b00t

Purpose

Our security assurance and testing services go way beyond a basic vulnerability scan. We work with you to understand your business context and the architecture of the service. We look at the threat landscape, your data flows, and assets to determine the best approach to assuring you have a strong security posture.

We test both from an external and from multiple internal positions to ensure you understand the current state position for risks both the service and its upstream and downstream interfaces.

Scope

We ensure the scope is reflective upon your risk landscape and threat profile. We tend to start with a wide view to ensure we do not miss something which later comes back to bite you.

External Testing

We conduct external perimeter testing focusing on areas such as:

  • Phishing
  • Mail Flow and Mail Services Security
  • Remote Access Services such as VPNs and Remote Working Solutions (e.g., RDP)
  • Web Applications and APIs
  • Firewalls and other supporting services

We do this using black, grey, and white box perspectives. We also strongly recommend using an assume breach mentality with regards to scoping and assessment.

Internal Testing

Our internal baseline testing includes:

  • Active Directory Auditing
  • Active Directory Exploitation Testing
  • Desktop Build Reviews
  • Server Build Reviews
  • Vulnerability Assessment
  • Asset Inventory
  • Mobile Device Audits
  • Firewall Reviews
  • Wireless Networking Reviews
  • Network Segmentation Testing
  • Lateral Movement Analysis

We do not believe in taking unnecessary risks, we therefore where possible attempt to assess a large breadth of an estate (we aim for ~90% coverage subject to requirements and conditions). In the cyber security world, it is the things you don’t know that tend to lead to incidents.

Outcomes

  • We work with your team to contextualise our findings to your business
  • Where appropriate we provide walk through exploitation demonstrations
  • We break down weaknesses (vulnerabilities) based on the number, type, and severity, we apply a consultant analysis and if appropriate a CVSS base score.
  • We outline the findings and provide remedial guidance.

Our output reports are one element, however the key to success with these activities is to ensure your team understand the vulnerabilities, how they arrived in the environment and understand how identity, protect, detect, and respond to these. The aim here is to try and avoid vulnerabilities being introduced or re-introduced to the environment. We support this with a high communications approach.

Recent Posts

  • Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)
  • The Long Game: Persistent Hash Theft
  • The Hacker on a Train
  • Adopting an Attacker Mindset to Defend Healthcare
  • Caught: A Hacker Adventure

Recent Comments

No comments to show.

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Fiction
  • Getting into Cyber
  • Guides
  • Hacking
  • IOT
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited