Security Assessments

As the volume of data and our dependency on that data continues to increase, so does the critical importance of securing that data. Network and Cyber Security is an arms race. To get ahead in this environment you need to not only ensure your environment is built on solid foundations, but to assess your current position and plan intelligently for the future. In the field of Security, it is best to be proactive rather than reactive.

A sound approach prior to planning changes or further investment is to have a comprehensive assessment of your current Security strategy. A Security Assessment to analyse your current Security strategy, your requirements, potential threats and how you deal with those threats is a wise choice.

  • Ensuring your security platform is equipped to deal with ever-evolving threats
  • Security that scales with your companies needs
  • Paving the way for prudent investments
  • A Security strategy that doesn't bottleneck the business

How our Security Assessments work

 

The first step is to meet and liaise with the stakeholders over the full scope of the assessment. The initial meeting allows us to gain an informed level of understanding of the business, core practices, resources and aims. The goal is to establish the main focus of the assessment and what the business wants to receive from the process. During this process we formally agree on the key aspects and overall structure of the assessment to ensure the needs of the customer are met.

The assessment itself is framed around three core phases; Discover, Assess and Review.

During the Discover phase we look at your overall security configuration, including a physical check of your network devices. What resources are available? How is everything managed? How has the firewall been configured?

In the Assess phase we’ll be focusing on why your security is the way it is. Why has your firewall been set up in this way? Is the hardware and software End-of-Life? What are the benefits and risks of the configuration? How does the current environment scale to your future goals? What are the potential areas for improvement?

Finally, the Review phase, where we will compose and present a comprehensive report on your security. This will include a detailed break down of our findings and recommendations. We will present the report to stakeholders, reviewing the contents of the report together and going over options for the future.

What we look for

 

The basis of a well executed assessment starts with identifying the business goals that are driving the engagement. These goals can be any combination of addressing areas of weakness, capacity planning, an upcoming security refresh and / or a health check to ensure that you’re getting the most from your current investment.

For many of our customers, the assessment goes on to serve as a foundation which allows them evaluate emerging technologies with increased confidence. Where they can bring value, how they can be integrated and the way in which they will impact the environment. From providing a better user experience, streamlining management or increasing ROI.

Once the business goals are reviewed, we delve deeper into the technical elements surrounding standardisation, as well as rationalising the resources that are in play. This starts to form a design with the right pieces laid out in a clear and concise manner. The project then flows right into aligning best practices. Used as a reference point, best practices can help demonstrate the depth of optimisation achieved within the environment.

Benefits

Reduce costs – quickly identify potential savings on your security solution(s)

Increase ROI – get the most out of your current solution and intelligently plan future investment

Identify weaknesses – discover problem areas and prevent potential breaches before they happen

Vulnerability check – test solution against known security vulnerabilities

Firewall stress testing – ensure your Firewall(s) are running to the best of their ability and ensure the configuration follows best practices

Strategy – helping you prepare a comprehensive plan for the future

Discover

Review Strategy and Firewall Architecture with stakeholders

Review existing documentation

Review non-firewall Security Layers

Review Authentication, Authorization over network & security devices

Firewall Topology, Hardware and Software versions

Firewall Rules

Firewall Performance/Capacity/Sizing

Management protocols (SNMP, NTP, SSH, HTTPS, SYSLOG) and Backups

Review External, DMZ, Extranet, and Internal security boundaries

Assess

Analyse collected Information

Analyse Firewall Solution, Ruleset optimization following Vendor best practices

Identify issues and level of risk respectively

Review

Produce Firewall audit documentation

Produce report with findings and recommendations

Present & Review assessment report with stakeholders

Collaborate through Design Workshops

What you get

 

Working regularly within multiple industries lets our team experience a vast array of different security setups on a regular basis. We engage directly with leading vendors in their respective sectors. We utilise this broad web of information to look at your security from multiple angles. What you get is a vendor agnostic team, keen to provide an impartial outside perspective catered to your specific requirements.

Regular client engagement throughout the assessment process. It is not in our mind set to assume. We prefer to ask and gain information so that we can ensure all sides are focused in the same direction.

Delivering balanced results that speak to both the business leaders and technology leaders of the company is of paramount importance to us. Our Firewall eHealth Report starts with clearly outlining the previously agreed upon business and technical goals of the engagement. This is then followed by an introduction to the Tesrex team working on the project.

Executive Summary

The Executive Summary is aimed at the business side of the house. Our Executive Summary is internally reviewed by a business focused individual as a pre-emptive check to ensure it’s not encumbered with overly technical information. The information here should outline the issue, its impact to the business and recommendations to move past these obstacles.

Recommendations Summary

A Recommendations Summary, which is focused towards the technical staff. Our team will provide a summary of their findings from a technical perspective. Each recommendation can be further explored for specific details and screenshots showing the findings in action. This allows the internal team to segment the findings to various teams for review as per the organisational structure.

All of our findings, including both summaries are wrapped up into our final comprehensive report.

The Report

 

Our Firewall eHealth Report provides comprehensive insight into your security. Our reports are built around a pre-defined structure designed to cover all the bases whilst being easy to digest. The report will feature the customers specific focus points as defined in the original scope.

Using vendor best practices as a baseline and taking into consideration the original scope, our reports typically include:

  • Review the security network diagram
  • Review of current implementation and configuration
  • Review the Firewall hardware performance
  • Hardware and Software EOL status, Inventory
  • Review of security risks identified
  • Conclusions and recommendations

After the final report is delivered, it will be presented to the stakeholders. This is an opportunity to go through and review the findings with our consultants and to receive our independent feedback on what to do next.

If you’d like to see a sample report please get in touch with us.

What comes next?

 

Sitting down to review the findings naturally opens up more questions. This is where we really start to collaborate with a series of Design Workshops. These sessions are driven based on the priority order for the findings which need to be addressed. Our Design Workshops naturally blend into roadmap review and updates which keeps all sides of the business pointed in the same direction.

We’ve found that our customers get a lot of value from the relationship by allowing our team to perform discovery and exploration for future planning. Our team truly enjoys participating in these discussions and working closely with our customers in order to get these initiatives off the ground and across the finish line.

The end result is an optimisation of the budget whilst ensuring the technologies you bring on board are the best fit for your organisation.

Find out more

If you’d like to find out more about our Security Assessments, our Assessment process, or to receive a sample report please get in touch with us.