Understand where you are
to know where you need to go.
A mature information security program is built on an organization's understanding of risk in the context of the needs of the business.
Assessing the current state of your IT infrastructure allows you to fully understand the weaknesses and vulnerabilities in your Information Security Program. The intelligence gathered through assessments establishes a foundation to help determine what updates and changes are needed to create a strong cybersecurity plan.
As your cyber posture matures, assessments should be conducted and measured against the initial benchmark to determine the effectiveness of changes to your Information Security Program.
Take the first step: Assess
To know where you are going, you first have to know where you are. Assessing your current cybersecurity posture is important to understanding current threats and vulnerabilities and what adjustments need to be made to a ensure your infrastructure is secure
Solis360™ Security posture assessment
Solis360 is a series of security assessments that are used to build a high level overview of an organization’s current cybersecurity posture. These assessments are focused on reviewing technical controls and gaps within the network, firewalls, and Microsoft 365 environment, and whether any vulnerabilities or compromises exist.
The information gathered from this review can be used to:
- Determine immediate and future projects
- Guide time and budget expenditures
- Ensure your security needs are keeping up with changing technology and the demands of users and clients
- Ensure compliance with regulatory requirements*
At the completion of the Solis360 Assessment, an Executive Summary detailing any patches or upgrades for immediate deployment as well as recommendations for future security enhancements will be presented. Findings are based on the analysis and review of the organization’s cybersecurity maturity as compared to industry best practices and the NIST Cybersecurity Framework.
*Additional assessments may be recommended or required, per the specific regulations and compliance needs of your industry.
If your organization that has specific assessment needs, perhaps for compliance reasons
These assessments are tailored to review a variety of cloud-bases services, from small SaaS offerings, to full Azure or AWS architectural assessments. Typical components of these assessments include: Security Policies, Identity and Access Management, Storage Accounts, SQL/Database Services, Networking, Virtual Machines, and any native Security/Compliance features.
Scanning for indicators of any previous or current compromises within the environment, then determine the best course of action to remediate threats in progress.
The risk assessment is a process of identifying all of an organization's assets and their associated vulnerabilities, identifying the potential threats to those vulnerabilities and the amount of exposure to those threats, which defines the inherent risk to those assets. Additionally, current controls are evaluated to determine the residual risk for the associated asset.
When performing a review of the current firewall configuration our goal is to determine the posture of the firewall based on its capabilities and security services as well as best practice.
Assessing the domain structure and security policy configurations.
This assessment reviews the current configuration of Microsoft 365 environment, also known as Office 365, with the intent of identifying its use and overall security posture. We look at what security controls and features are available vs utilized as well as their effectiveness and comparison to security best practices.
Vendor assessments should be performed on vendors to assess their soundness, which will allow for the determination of level of risk associated with each vendor. Vendors should be reviewed on a regular cadence based on their criticality to the organization and their access to organizational data and assets.
An effective Vulnerability Management Program ensures that monthly vulnerability assessments are conducted against both internal and external assets. Assessments provide identification of system misconfigurations, identification of expiring SSL certificates and other issues that patching alone would not identify and resolve.