So, you have invested in the latest generation of security appliances with their application aware policy capabilities, integrated IDS/IPS and URL filtering. All your endpoint devices have been deployed with the newest Advanced Malware Protection agents using the latest machine learning technology. You subscribe to the CVE feed and have a well-defined procedure to patch your entire environment at the first hint of a zero-day exploit. System and policy changes are required to go through rigorous change control, and if that’s not enough all your employees have been subjected to intensive information security training. One might think it’s time to relax put your feet up and grab yourself a nice cup of tea or favorite adult beverage.
But wait, even with all this technology, policy, and procedure in place are your IT assist’s really safe? Well the answer to that is a resounding “Err, maybe”. One way to get a more definitive answer to that question would be to put your network and security policies to the test and have a qualified security expert (like one of our fine engineers here at LookingPoint for example) perform a security assessment against your environment.
“OK, but other than peace of mind and validation of your work and procedures why else would you bother with investing in getting that security assessment?” I hear you cry. Well I guess that really depends on your appetite for surprises. Personally, I love a good birthday surprise, but I’m less keen on surprises that come in the form of security gaps within my environment. Those I would rather know about prior to being called into the CIO’s office on a Monday morning to explain how come all our systems have been infected with the latest iteration of ransomware, and why all the company’s intellectual property is now encrypted. Time to dust off and implement that business continuity plan you have been diligently working on for the last few months. You do have a business continuity plan, right? Well, failing that you could just invest in some Bitcoins and pay off our new-found network squatters, I’m sure he or she is the honorable type and will unencrypt our data as soon as that payment has been received! Either of the above two scenarios do not really sound that appealing to me and I suspect that my Christmas bonus is going to take a hit because of this little incident. I do hope I make it to Christmas!
This is where a thorough and regular security assessment comes to the rescue. A security assessment can highlight and remediate gaps within your environment before a potential adversary gets the opportunity to exploit them.
Here at LookingPoint we offer three tiers of assessment.
Configuration Assessment (Basic)
Network Security Configuration Assessment includes an analysis of the effectiveness of a company’s or specific system’s security controls.
Configuration reviews can be performed on the following types of systems:
- Internet Router(s) providing connectivity to outside networks
- Intrusion Detection System(s)
- Domain Name Server(s)
- E-mail server(s)
- Application Server(s)
- Web Server(s)
A Network Security Configuration Assessment can help save your company time, money and the embarrassment of a bad audit by finding discrepancies before an audit occurs and before an attacker does. In addition, by allowing LookingPoint to perform the assessment for you, you receive the most accurate and unbiased report of your strengths and weaknesses in the network security arena.
Ethical Hacking (Enhanced)
Ethical Hacking enables clients to quickly identify, assess and remedy security holes. Devices attached to the network are evaluated to detect technical vulnerabilities. Ethical Hacking is accomplished by performing scheduled and selective probes of the network’s communication services, operating systems, key applications, and network equipment in search of those vulnerabilities. Our specialists analyze the vulnerability conditions and provide a detailed report including corrective actions.
Ethical Hacking is a battle simulation to determine what vulnerabilities have not been addressed in your network. By locating vulnerabilities before the bad guys do, Ethical Hacking will increase the level of confidence of the company’s security measures. In particular, Ethical Hacking:
- Provides a “battle-test” for your network, systems, and applications
- Provides a more “realistic” test than a paper-based assessment
- Provides a proactive approach to mitigating risk
- Enhances the quality assurance process
- Demonstrates the need for and effectiveness of security
Security Assurance & Risk Assessments (Premium)
Security Assurance & Risk Assessment includes an analysis of the effectiveness of a company’s or specific system’s security controls. Our service includes adaptive techniques to work with organizations to review the risk associated with a company’s overall security design, implementations of sensitive e-commerce applications, and overall risk identification to ensure that proper security controls are utilized.
A Security Assurance & Risk Assessment can help save your company time, money and the embarrassment of a bad audit by finding discrepancies before an audit occurs and before an attacker does. In addition, by allowing LookingPoint Security to perform the assessment for you, you receive the most accurate and unbiased report of your strengths and weaknesses in the information security arena. LookingPoint has developed this process to assess information security processes and controls in order to ensure that organizations preserve the integrity, confidentiality and availability of their information and computing resources.
Hopefully the above gives you some idea of why we here at LookingPoint strongly recommend putting your network and security policies to test by performing a security assessment. After all, when it comes to security ignorance really is not bliss. Contact the LookingPoint team to learn more about how we can assess your network and security policies.
Written By: Chris Marshall, LookingPoint Senior Solutions Architect - CCIE #29940