We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

Transcription

1 We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business security and related architecture. A review is a multi-staged process of a business architecture. It enables the identification of areas which could become insufficient for their current requirements and could be modified to better meet the needs, or even where the current infrastructure is able to provide additional protection and facilities. This review provides a fresh, independent and vendor neutral view gained from past experiences with an extensive range of satisfied customers. The review will be customised on a project basis, but generally includes the following three key stages: Phase 1 - Discovery During this phase meetings are held with key business stake holders and team leaders. Common areas to be looked at are: Desktop, Device, and Server Management All products will be identified including the following: o Approximately how many devices are in use and what software versions are present? o What kind of automated imaging of devices is in use? o What kind of managed Firewalls and endpoint protection is in use for desktop and servers o How are security and vendor patches tracked and implemented? o What kind of encryption is in place for devices? o Are unmanaged devices such as tablets and smartphones able to connect to the network and infrastructure and how is their access controlled? o What kind of virtualisation technologies are in use? Identity & Access Management This will cover what is in place and planned including: o How are users and devices authenticated to the network?

2 o What kind of tools are in use for provisioning of users and how is this controlled? o Is there a single or multiple directory service in use and what products and version levels are used? o How are controls between general users and administrative access divided? o How are external customers, partners and clients given access? Security & Networking This is a general high level security review including: o What kind of Firewalls, proxy servers, routers and other security and networking access devices are in use and what versions are they currently at? o How is network access controlled? This includes looking at VLANs, VPNs (traditional and SSL), Wireless access and multi factor authentication o What kind of controls are in place for server to server communication? Areas covered include looking at technologies as Kerberos, VLAN tagging and 802.1x o How are key infrastructure services provided protected such as DNS and DHCP? o How are devices monitored for critical issues? IDS, IPS, SNMP, log monitoring etc. o Monitoring and control for internet access and bandwidth as well as content ( , Web, IM, FTP, etc.) filtering system o Is an internal PKI in use and how is it used, protected and monitored? o What audit and Log systems and analysis is in place? Data Protection and Recovery The methods for data protection such as backups and recovery will be analysed. IT and Security Process This part of a review is optional and depends on an organisation type looking at areas including: o What regulations and controls are the organisation controlled by, such as Sarbanes-Oxley (SOX), Basel 2, PCI and the ISO27000 suite (27001, 27002)? o Provisioning and change management systems. o Incident response. Enterprise Content Management This is customised to each environment but includes: o How is data controlled? o What kind of monitoring of data access is in place?

3 Phase 2 Post Discovery Written Review During this phase, a full written report of findings will be produced. This report includes, but is not limited to: Overview - For each area classifying the protection and suitability of systems as: o Needs urgent review/updating. o Needs short term review. o Meets or exceeds requirements. People and processes o Analysis of Security education procedures for system users. o Evaluation of the User as Information Security stakeholder. o How are company resources provisioned to users? o How is change management dealt with? o Organisational security policy, procedures and guidelines. o System configuration baselines and guidelines. o Incident detection processes. o Security incident response procedures. Recommendations This looks at the environment as a whole. In a similar way to the overview recommendations, this includes a prioritised list of recommendations for the organisation to ensure that they stay on-top of security and infrastructure. Common recommendations may include: o Consolidation and upgrading of Firewalls. This often cuts costs and adds additional protection. o Use of additional product features in existing products. o Changes to process and controls in place. o Desktop and server upgrades. Phase 3 Stake holder reviews and future planning In a similar way to the discovery phase, meetings will be held with key business stake holders and team leaders. From this work a vendor neutral plan to implement agreed upgrades and changes will be put in place. This work will vary from internal changes, assisting and managing the changes to recommending specific external vendors. We can also project manage these changes on your behalf. ZeroDayLab strongly recommend an independent 3 rd party Architecture & Infrastructure review to enable you to fully understand, audit, and document your security posture. Our trained consultants will work with you to agree the best possible methodology to derive the very best meaningful results.

4 About ZeroDayLab At ZeroDayLab, every day is spent helping make our client s infrastructure and applications, and data more secure through the intelligent combination of highly trained consultants and leading edge, complimentary security technologies. We are passionate about IT Security and believe in Total Security Management. At ZeroDayLab we take a holistic approach to Total Security Management. Our skilled and experienced consultants can provide help, advice, training and support on a whole range of IT security solutions such as: IT Security review of policies, planning, continual improvement, mitigation, risk assessment, financial modelling, social engineering, vendor review. Vulnerability Assessment of your desk top, servers and infrastructure Penetration Testing of all your internal and external web applications Architecture and Infrastructure review with recommendation and remediation ISMS, SIEM 2; Governance, Risk & Compliance Forensic analysis Business continuity, Brand Protection Source code review Education & Training Technical support, knowledge transfer, Privileged User Management, Traceability, Access control Advanced Threat Protection, White and Black listing, End point protection ZeroDayLab is the trusted advisor to many of Europe s leading organisations and Government agencies. We have a passion for IT Security borne out of 100s of successful and complex customer engagements in the UK, Ireland, Europe, Middle East, North America and Asia Pac over the last 10 years. We understand how important security is to you and how tight current budgets are. So we will maximise your ROI by delivering value for money, practical services and solutions of the highest and most consistent quality to surpass your project needs. My team looks forward to sharing our vision with you and helping you to defend against the malicious attacks that come from both inside and outside of your environment. Kevin Roberts Managing Director Tel: +44(0) Mob: +44(0) kroberts@zerodaylab.com

5 All of our consultants hold a wide range of industry standard qualifications to the highest level, such as CREST, CHECK, CISSP, RSE, IA Certification (CLAS) CESG Approved, and where appropriate are fully security cleared to Government standards to work on projects of all natures.