Phase 1 Discover “What’s the state of my network?” Network Mapping
Perimeter network mapping detects and identifies servers, desktops, routers, wireless access points and other networked devices visible from the internet and produces a topology report which includes host specific information like dns name and operating system.
Internal network mapping does the same for all devices that are not visible to the internet. This can be done from different locations within your network, including the DMZ, to determine the effectiveness of segmentation efforts.
The combination of internal and external mapping produces a complete view of your entire network and serves multiple functions by detecting rogue devices and network misconfigurations that may otherwise go unnoticed, providing a comprehensive inventory of devices and active ip addresses on your network, and by establishing a specific list of hosts for the Vulnerability Analysis.
Vulnerability Analysis
The Vulnerability Analysis produces customizable, comprehensive reports including a summarized, risk-focused Executive Report, a specific Technical Report with threat, impact and remediation information, and Industry Baseline Reports such as the SANS Top 20 and RV 10 reports. Details for each vulnerability include severity level, description of the threat, impact if compromised, and a recommended solution.
The initial Vulnerability Analysis will also serve as a benchmark for trending with ongoing scans.
Business Impact Analysis
Following the vulnerability scan, we will present your report and together we can analyze it in the context of your business and your budget and can set priorities for safeguard implementation.
Phase 2 Protect “How can I make it better?”
Safeguard Selection
Based on the Business Impact Analysis and Vulnerability Analysis, we will work with you to select safeguards that meet your security and budgetary requirements. Our goal is to work with what you already have in place to provide the safest architecture and configuration and to recommend new hardware/software only when necessary.
Safeguard Implementation
Once you’ve decided which safeguards you would like to use and approve any architecture changes, we will work create a plan to implement the new secure design. Our main focus in this process is to reduce the impact that any changes might have upon your daily business activities. Often, we’ll schedule such changes during off hours to achieve this goal.
Availability Optimization
Availability is a cornerstone of security and the catalyst for many of the security improvements you will make to your network. Backups, redundancy, and disaster recovery are all availability solutions that apply to different needs and networks. We will work with you to find the availability solutions that make sense to your company because even the most secure system is useless if it’s not available when you need it.
Phase 3 Ensure “How do I keep it that way?”
Ongoing Vulnerability Analysis
As stated in the initial Vulnerability Analysis description, the first scan will serve as a benchmark to measure improvements made during the Protection process. Follow-up and ongoing Vulnerability Analysis scans ensure that issues get resolved per the remediation guidelines and that, as new vulnerabilities emerge, your network stays protected.
Standardization
Standardizing systems is essential to the security, reliability and manageability of a network. Once existing vulnerabilities are resolved, we can help you create standards for the secure configuration of new devices.
Configuration & Network Management Systems
Once systems are standardized, Configuration Management is required to keep them that way. Configuration management can be as simple as a procedure that is followed any time changes are made or as elaborate as a system dedicated to the purpose.
A network management system gives you the ability to monitor the health of your network and the systems in it. These systems will be tailored to meet your needs and budget.
Secure Architecture
It is easiest to create secure environments before services are up and running so, as you add new systems and functionality, we are available to help with designing security into the planning process.