Network & Security Assessment
How secure is your Network?
We put a company’s security systems to the test, identifying the vulnerabilities and critical points of the IT infrastructure through a thorough Network & Security Assessment. Our Assessment is an analysis process that differs from others because it does not aim merely to produce a cold list of vulnerabilities, but cross-references this information with other reference parameters. In this way we take a “snapshot” of your systems, networks and business procedures, giving you a clear picture of the validity and effectiveness of the technical solutions implemented so far and of how they are managed. The result is a comprehensive report that shows not only the critical issues, but also guidance on priority and risk factor in relation to the business context. It also indicates the actions that should be taken to remediate the issues (Remediation List).
Do you think you’re safe?
In the interconnected world we live in, immersed in IoT, with Industry 4.0 and the new dimension of services operable through Wireless, 4G or 5G technologies, pressured by the time to market of innovation, we are losing the sound approach of “validation”, that is the maturation time needed to ensure that newly built processes, technology and systems prove to be secure enough as well as efficient.
It is therefore inevitable that any IT system may be subject to vulnerabilities that can be exploited by criminal organizations through increasingly sophisticated cyberattacks. It is in this context that Cybersecurity becomes a key factor for the success of businesses, through the ability to limit or eliminate security flaws, proving to be reliable suppliers attentive to protecting the data that Customers entrust them to process.
We test a company’s security systems by attempting to breach them, simulating an adversary’s attack: not only identifying vulnerabilities, but also indicating which actions an attacker could take. We provide an external view of systems, networks and business procedures, enabling a validation of the effectiveness of their implementation and management; we show what the impact of a real attack would be, while also highlighting possible improvements.
Why choose our Network & Security Assessment service
Sundata can rely on a team of certified professionals with high skills and many years of experience, able to truly test the security level of your company. By adopting articulated mindsets and operating methods, the fruit of years of experience in the sector and through state-of-the-art tools and techniques, we can measure your organization’s security score on multiple levels.
The specialists of the Sundata team use conventional and unconventional attacks to attempt to compromise the agreed objectives, operating in a controlled environment so as to avoid any activity that could harm the company’s business.
The result is a highly realistic and sophisticated test that, within predefined rules of engagement, gives the company an important tool to identify its weak points and develop an adequate remediation plan.
How the Network & Security Assessment service works
Vulnerability Assessment (VA)
To highlight the potential attack surface of an IT network or an industrial network (OT), through the automated scanning of a defined perimeter.
Network Infrastructure Security Analysis
A series of parameters will be analyzed based on the company’s context and core business: Misconfiguration or Design flaws; Firewall Design Review; Common Vulnerabilities and Exposures (CVE) check; Vulnerability scanning; Network scanning; Weak authentication or encryption protocols; VPN, Wireless, any 802.1x authentication methods; Centralized Authentication, Authorization and Accounting; AAA Review; Protocol coherency; Attack Awareness (IPS/IDS); Principal evasion technics; IPS/IDS design and Log review; Control Plane Policing/Security; Infrastructure Device Access, CoPP; Rogue DHCP/Client Detection; Rogue detection both wired and wireless.
Infrastructure Physical Security
The physical access points of the facility and the standard equipment for data protection will be analyzed: Cameras; locks; restricted physical access to IT & Data Infrastructures.
Infrastructure Monitoring and Management
The infrastructure monitoring and management systems, if present, will be analyzed in order to identify the organization’s level of governance over the IT structure and its ability to react to any attacks or data breaches: Central Monitoring/Alerting Capabilities; Management Platform utilization/capabilities; Syslog Capabilities; Controls, retention, management; Host End Monitoring/Management; Host detection/monitoring; Software Management; Deployment processes for upgrades/patches; Configuration validation capabilities; Lab Environment; EoL/EoS hardware and licensing; Process for Lifecycle and licensing compliance; Configuration Management and Centralized Configuration Backup; Configuration backups; Centralized Configuration Automation; Configuration change capabilities; Configuration Change Management Workflow; Change Control Management; Performance Monitoring and Analysis; Netflow Capabilities; Bandwidth Planning Capabilities; Client Experience Capabilities; L4-L7 Visibility – Baseline Capabilities; Packet Capture Capabilities.
Red Teaming (RT)
To measure the real defensive capabilities of your infrastructure, as well as the effectiveness of monitoring systems and the reaction to a hostile event, through an activity carried out in a controlled environment. It is a genuine cyberattack simulation in which the Red Team works in synergy, using all the techniques at its disposal, with the ultimate and sole goal of compromising the client’s perimeter.
CyberSecurity Gap Analysis (CGA)
To assess the maturity level of the organizational security measures in place within the organization compared to best practices and reference frameworks such as ISO27001, CIS, NIST, AgID, etc.
Security Awareness Training (SAT)
To spread maturity and awareness through classroom training for employees on essential topics such as the risks of phishing, password strength, safe browsing, data and device security, etc.
Take on the innovation challenge. Together.
Get in touch: we assess your infrastructure and design the Cloud strategy that best fits your business and governance goals.
Request a consultation →