Configuration Reviews
By having access to a resource, we can ensure it is configured in-line with industry standards or best practices or provide recommendations around what needs to be improved if it doesn’t meet these.
|
Cloud Security Review
If you’re running in one of the major cloud providers we likely have the expertise to perform an assessment of either your entire tenancy or a restricted resource set. Our main goal will be to look at the security controls being applied but will also identify any egregious cost centres or misuse of services if we spot them.
Example include:
Example include:
- AWS
- Azure
- GCP
Firewall Review
From the configuration of the Firewall device to the rule sets that are being applied, we can make sure there are no inherent flaws which will allow unintended traffic, or exploitation of known vulnerabilities in the device.
Examples include:
Examples include:
- DMZ ingress and egress to internal networks and the internet
- Internal network segmentation
- Application specific local firewall rules
Host Review
A myriad of tools exist to harden both Windows and Linux hosts to ensure that they are fit for purpose without being permissive even if they are compromised. We can perform assessments which take into consideration the requirements of the host while still encouraging secure configurations.
Example include:
Example include:
- Workstation Review
- LInux Server Review
- WIndows Server Review
Mobile Device Management Review
There are many aspects to deploying a Mobile Device Management policy to ensure it is effective without limiting legitimate actions across a broad range of devices. We’ll review both the configuration and how it affects an enrolled device to ensure it meets requirements while still effectively securing a device.
Database Review
Databases add another layer of security to a system but require careful configuration of users, their associated roles, and the structure of any business logic which has been implemented at this level. We can perform an assessment of all these aspects to provide a comprehensive overview of a database’s security.
Physical Security Review
Want to know how your physical security could be improved? We can perform a walk-through of your site to look at the types of security controls that have been implemented to determine if they have known bypasses which could be used to gain unauthorized access.
Software Dependency Analysis
Almost all modern software is built on top of different frameworks, libraries, scripts, snippets, or other externally sourced components be they open source or proprietary. This creates dependency chains which need to be managed beyond simply using the component in your software and configuring it properly. We can look at these chains to determine not only if packages are up to date, but also if they are still being actively maintained and not vulnerable to being taken over through known attacks which could then compromise your application.
Security Device Review
If you have another type of device or system providing security controls which you need assessed? Let us know along with the broader context and expectations for the device and we can likely help.
Examples include:
Examples include:
- Web Application Firewall (WAF) rulesets
- Network Firewalls
- Endpoint protection products
- IDS/ IPS rulesets and configurations