IT Security Design Assessments

An IT Security Design Assessment provides management with an accurate understanding of the organisation's overall security posture, identifies weaknesses, and provides a prioritised list of recommendations to mitigate those weaknesses and vulnerabilities.

As part of the assessment, we review servers, endpoints, firewalls and switches, and Internet facing services. We can also review cloud-based services to ensure that they are configured securely.

Acumenis assessments take a pragmatic approach, identifying weaknesses that may be exploited to progress through each stage of an intrusion, including:

  • Initial Attack Vectors, such as exposure to malicous attachments and websites, or weaknesses in remote access technologies
  • Persistence Techniques, which allow attackers to remain in an environment, often unnoticed
  • Privilege Escalation Techniques, which are used by attackers to gain more control over systems
  • Credential Hygeine, to prevent passwords from being cracked or exposed
  • Lateral Movement, whereby attackers or malware tries to spread from one machine to another

In addition, we review the measures that are in place to detect such an attack, and how well the organisation is positioned to adequately respond to an incident.

Network Vulnerability Scans

Just how vulnerable are your company's internal and external networks? Hackers have an irritating quality - persistence. They continually work to identify introduced weaknesses and ways to operate undetected within a company's systems. Many businesses fall victim to attacks, simply because they have not consistently ensured their networks are secure over time.

Once an environment's design has been improved and systems have been hardened, regular vulnerability scans provide assurance that systems remain protected and that weaknesses have not since been introduced. A routine check can ensure vulnerabilities are patched, before an attacker can exploit them.

Network Penetration Testing

Penetration testing goes a step further than vulnerability scanning. This process involves Acumenis systematically testing a network's defences. We use the same techniques commonly used by hackers and attempt to breach your systems. This exercise is often helpful immediately after network security has been improved as it helps to identify remaining ways in which defences can be circumvented.