Thorough security assessments and reviews of your key vulnerabilities

Identifying the security posture of your networks and operating systems is often a key building block to formalising a strong cybersecurity strategy.

Whether your development team is looking for reassurance that they have securely set up network devices with a Configuration Review, or you require an in-depth Vulnerability Assessment, IRM covers various different security assessments and reviews to suit your requirements.

Configuration Reviews

In order to provide a greater level of assurance that network devices – such as servers, workstations, firewalls, routers –  are securely configured, we carry out security on-host configuration review to ensure they are configured in line with security best practice.

Where available, we base our security reviews on the Center for Internet Security (CIS) best practice standards. The CIS is a non-profit enterprise that is a distributor of consensus best practice standards for security configurations to “harden” your system.

Once our technical consultants are given administrative access, they will be able to enumerate the exploitable flaws to provide you with a set of remediation actions and recommendations.

⇒ Contact us about Configuration Reviews

Code Reviews

The source code of an application is the human programmer’s definition of how a system should behave. Unfortunately, this human element introduces a significant scope for error that is often seen through well-known security vulnerabilities and conditions, such as buffer overflows.

Our Code Review service will ensure that any mistakes that have been overlooked at fixed. We will work closely with your development team to comprehensively review code including:

  • Addressing security risks associated with poor coding practice
  • Identifying project components carrying the most significant business risk
  • Providing recommendations to mitigate identified business risk factors
  • Formalising a final report including an executive summary and a risk and recommendations table

⇒ Contact us about Code Reviews

Infrastructure Reviews

An infrastructure review involves an external/internal assessment of the company’s IT estate. We simulate a malicious user or attacker using various methods to exploit vulnerabilities and give you a clear picture of your security posture.

There are various stages to the phases of a infrastructure review, which often involves:

  • Reconnaissance – gathering vital information about vulnerabilities of the targeted network before conducting a test
  • Explore – understanding the information security posture of your organisation’s technology, systems and infrastructure portfolio
  • Scan – determining operating systems and network services, allowing us to test accurately
  • Enumerate – identifying your organisation’s users, applications and services in operation
  • Access and Escalate – utilising the information gathered in previous phases to access systems, escalate privileges and leverage access to other systems
  • Report – gathering evidence to prove extent of intrusion, providing a final report with a summary of risks and recommendations

⇒ Contact us about Infrastructure Reviews

Build Reviews

A build review assess whether your organisation is susceptible to a cyber-attack based on the security vulnerabilities in your operating systems.

We base our server build reviews upon industry best practice standards. 

We use information gathering scripts on the systems in scope, in order to gather comprehensive configuration information about the servers, which will then be analysed with reference to best practice guidelines. Areas of weakness will be highlighted and recommendations for improvements provided.

Areas covered by the assessment will include (but are not limited to) operating system support and patching levels, user accounts and user privileges, password complexity levels including password hash cracking and installed anti-virus and local firewalls.

⇒ Contact us about Build Reviews

Download the brochure

Ensure that security keeps up with the changing demands of your business. Download our Security Testing Service Overview Brochure to learn more about what we offer.

Download

Get the latest updates & resources

Sign up to our newsletter and get access to all of our resources, security tips and news

Sign up to the newsletter

Complete your details to subscribe to our weekly newsletter.