Thorough security assessments and reviews of your key vulnerabilities

Identifying the security posture of your networks and operating systems is often a key building block to formalising a strong cybersecurity strategy.

Whether your development team is looking for reassurance that they have securely set up network devices with a Configuration Review, or you require an in-depth Vulnerability Assessment, IRM covers various different security assessments and reviews to suit your requirements.


VPN Assessments

To provide reassurance that your VPN is secure when you have employees working remotely, a VPN Assessment is the best way to test the security of the various components.

IRM’s VPN Assessment will test the security of the external VPN service and its components, specifically the solution employed by the organisation. There are many different types of VPNs of which IRM is experienced in testing. For Government clients, our Government Assurance team can carry out a Manual V assessment to ensure that the solution is configured according to CESG standards.

⇒ Contact us about VPN Assessments

Firewall Reviews

Firewalls are used by almost all organisations but are completely void if they are not configured effectively, leaving you highly vulnerable to attack.

An IRM Firewall Review will include the following elements: firewall configuration, firewall rulesets audit and firewall networking mapping. Combining these three areas will ensure your firewall is set up to provide a secure barrier for network traffic.

⇒ Contact us about Firewall Reviews

Configuration Reviews

In order to provide a greater level of assurance that network devices – such as servers, workstations, firewalls, routers –  are securely configured, we carry out security on-host configuration review to ensure they are configured in line with security best practice.

Where available, we base our security reviews on the Center for Internet Security (CIS) best practice standards. The CIS is a non-profit enterprise that is a distributor of consensus best practice standards for security configurations to “harden” your system.

Once our technical consultants are given administrative access, they will be able to enumerate the exploitable flaws to provide you with a set of remediation actions and recommendations.

⇒ Contact us about Configuration Reviews

Code Reviews

The source code of an application is the human programmer’s definition of how a system should behave. Unfortunately, this human element introduces a significant scope for error that is often seen through well-known security vulnerabilities and conditions, such as buffer overflows.

Our Code Review service will ensure that any mistakes that have been overlooked at fixed. We will work closely with your development team to comprehensively review code including:

  • Addressing security risks associated with poor coding practice
  • Identifying project components carrying the most significant business risk
  • Providing recommendations to mitigate identified business risk factors
  • Formalising a final report including an executive summary and a risk and recommendations table

⇒ Contact us about Code Reviews

Infrastructure Reviews

An infrastructure review involves an external/internal assessment of the company’s IT estate. We simulate a malicious user or attacker using various methods to exploit vulnerabilities and give you a clear picture of your security posture.

There are various stages to the phases of a infrastructure review, which often involves:

  • Reconnaissance – gathering vital information about vulnerabilities of the targeted network before conducting a test
  • Explore – understanding the information security posture of your organisation’s technology, systems and infrastructure portfolio
  • Scan – determining operating systems and network services, allowing us to test accurately
  • Enumerate – identifying your organisation’s users, applications and services in operation
  • Access and Escalate – utilising the information gathered in previous phases to access systems, escalate privileges and leverage access to other systems
  • Report – gathering evidence to prove extent of intrusion, providing a final report with a summary of risks and recommendations

⇒ Contact us about Infrastructure Reviews

Build Reviews

A build review assess whether your organisation is susceptible to a cyber-attack based on the security vulnerabilities in your operating systems.

We base our server build reviews upon industry best practice standards.

We use information gathering scripts on the systems in scope, in order to gather comprehensive configuration information about the servers, which will then be analysed with reference to best practice guidelines. Areas of weakness will be highlighted and recommendations for improvements provided.

Areas covered by the assessment will include (but are not limited to) operating system support and patching levels, user accounts and user privileges, password complexity levels including password hash cracking and installed anti-virus and local firewalls.

⇒ Contact us about Build Reviews