Configuration Reviews

By having access to a resource, we can ensure it is configured in-line with industry standards or best practices or provide recommendations around what needs to be improved if it doesn’t meet these.

Cloud Security Review

If you’re running in one of the major cloud providers we likely have the expertise to perform an assessment of either your entire tenancy or a restricted resource set. Our main goal will be to look at the security controls being applied but will also identify any egregious cost centres or misuse of services if we spot them.
Example include:
  • AWS
  • Azure
  • GCP

Firewall Review

From the configuration of the Firewall device to the rule sets that are being applied, we can make sure there are no inherent flaws which will allow unintended traffic, or exploitation of known vulnerabilities in the device.
Examples include:
  • DMZ ingress and egress to internal networks and the internet
  • Internal network segmentation
  • Application specific local firewall rules

Host Review

A myriad of tools exist to harden both Windows and Linux hosts to ensure that they are fit for purpose without being permissive even if they are compromised. We can perform assessments which take into consideration the requirements of the host while still encouraging secure configurations.
Example include:
  • Workstation Review
  • LInux Server Review
  • WIndows Server Review

Mobile Device Management Review

There are many aspects to deploying a Mobile Device Management policy to ensure it is effective without limiting legitimate actions across a broad range of devices. We’ll review both the configuration and how it affects an enrolled device to ensure it meets requirements while still effectively securing a device.

Database Review

Databases add another layer of security to a system but require careful configuration of users, their associated roles, and the structure of any business logic which has been implemented at this level. We can perform an assessment of all these aspects to provide a comprehensive overview of a database’s security.

Physical Security Review

Want to know how your physical security could be improved? We can perform a walk-through of your site to look at the types of security controls that have been implemented to determine if they have known bypasses which could be used to gain unauthorized access.

Software Dependency Analysis

Almost all modern software is built on top of different frameworks, libraries, scripts, snippets, or other externally sourced components be they open source or proprietary. This creates dependency chains which need to be managed beyond simply using the component in your software and configuring it properly. We can look at these chains to determine not only if packages are up to date, but also if they are still being actively maintained and not vulnerable to being taken over through known attacks which could then compromise your application.

Security Device Review

If you have another type of device or system providing security controls which you need assessed? Let us know along with the broader context and expectations for the device and we can likely help.
Examples include:
  • Web Application Firewall (WAF) rulesets
  • Network Firewalls
  • Endpoint protection products
  • IDS/ IPS rulesets and configurations

Want to know more? Contact us now.

[email protected] | 0800 150 805