Network Security Assessment
With our deep understanding of network security and the vulnerabilities that threaten your environment A-lign provides our clients with a range of security related services. Our services focus on both the application and network layer of our clients’ information system. Through the automated and manual techniques employed by A-lign, vulnerabilities in web applications, such as those listed in the Open Web Application Security Project (OWASP) Top 10 Project, are identified. A-lign also focuses on vulnerabilities present in network devices, such as firewalls, routers and switches as well as the core servers in the environment running Windows, Linux or UNIX operating systems. The assessments are conducted in the following phases:
Through the use of automated vulnerability assessment tools, A-lign can analyze your network devices to pinpoint weaknesses that could lead to system compromise. In addition, A-lign employs manual techniques to deep dive on critical network devices and to focus on vulnerabilities not identified by the automated scanning tools. A-lign validates the vulnerabilities to eliminate false positives that may be reported by the vulnerability scanning tools. The vulnerability scans are scheduled and configured to minimize the impact on the target network. This assessment is used to identify potential vulnerabilities in the network to guide the system administrators in the remediation process to mitigate the risk of network and data compromise.
These testing procedures can be performed “blind”, meaning the security professional is not provided information about the network; or “open”, meaning the security professional is provided information such as network diagrams, IP addresses and server lists to guide the approach taken by A-lign’s security professional. The type of assessment depends on the purpose and the security controls being tested as part of the project.
In order to replicate a real-world attack by an unauthorized user, A-lign utilizes the information gathered during the vulnerability assessment phase to attempt to gain access to the network. The A-lign security professional employs manual techniques to exploit vulnerabilities in the environment due to unpatched or misconfigured systems.
The penetration test provides your organization with an understanding of the exploitable threats in your environment. It also can be used to test the incident and threat identification and response plan of your security department.
Providing our clients with actionable information is the goal of the network assessment services. From the information gathered during the vulnerability assessment and penetration testing A-lign prepares a Security Assessment report including the following sections:
Executive Summary: A-lign’s understanding of technology and business processes allows us to create a report that translates the technical vulnerabilities identified during the engagement in to the risks they present to the business. The executive summary is a snapshot of all of the technical data into actionable, risk based recommendations for management to analyze.
Technical Summary: Vulnerability scanners and assessment techniques identify real issues with the environment as well as false positives. A-lign’s security professionals analyze the information gathered during the engagement and remove the false positives to present a clear picture of the issues in the environment. We also analyze the risk caused by the vulnerabilities based on our understanding of your environment and provide a risk ranking, independent of that assigned by the scanning tools. The technical summary provided by A-lign will include the real threats to your environment, including screen shots and test results, with recommendations on how to address them.
Please call 1-888-702-5446 for further information, or contact us here.