200813-0226

INDE SECURITY ASSESSMENTS

Security Assessment to validate security controls

Solution fit

The Inde security assessments are designed for companies who want to understand their current security posture and maturity level.

Some questions for your consideration are:

  • Do you understand how your organisation operates and have identified what your critical assets are?
  • Do you have sufficient security controls in place to not only protect these assets but detect compromise against them?
  • When was the last time your organisation validated your implemented security measures to confirm they are still effective today?
  • If a bad actor gained access to your environment, do you have the tooling, resource, and capability to detect this compromise and remediate?
  • Does your organisation have legal or compliance requirements that require you to take “reasonable care” with IT security?

Solution overview

At its most fundamental level, our security assessment output will enable an organisation to assess what can be done to improve its security stature and ensure appropriate mitigations are implemented where they’re most needed.

In addition to using traditional security control validation methods, our assessments also employ hands-on assumed breach testing to validate (and demonstrate) high-risk areas of vulnerability or exploitability. This can be complimented by our Incident Simulation service to provide even deeper insight into your incident preparedness.

Our assessment involves review of the following core areas:

  • Environment Architecture
  • Active Directory
  • Group Policy
  • Server and Workstation settings (environment hardening)
  • Network
  • Firewall
  • Public Cloud (Azure tenant / primary subscription)
  • Office 365

The Inde assessment is modeled on the CIS (Centre for Internet Security) Controls which consist of 20 controls across the following three categories:

  • Basic
    • Inventory and Control of Hardware Assets.
    • Inventory and Control of Software Assets.
    • Continuous Vulnerability Management.
    • Controlled Use of Administrative Privileges.
    • Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers.
  • Foundational
    • Maintenance, Monitoring, and Analysis of Audit Logs.
    • Email and Web Browser Protections.
    • Malware Defences.
    • Limitation and Control of Network Ports, Protocols, and Services.
    • Data Recovery Capabilities.
    • Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches.
    • Boundary Defence.
    • Data Protection.
    • Controlled Access Based on the Need to Know.
    • Wireless Access Control.
    • Account Monitoring and Control.
  • Organisational
    • Implement a Security Awareness and Training Program.
    • Application Software Security.
    • Incident Response and Management.
    • Penetration Tests and Red Team Exercises.

The information gathered in relation to the CIS Controls will form a prioritised set of actions that collectively form a defence-in-depth set of best practices that mitigate the most common attacks against systems and networks.

The primary reason Inde utilises the CIS framework for our assessments is due to its focus on identifying the most fundamental and valuable actions that every enterprise can take in order to protect themselves and detect environment compromise.

WANT TO LEARN MORE?

Fill out the form and one of our experts will be in touch soon.