Understand where you are
to know where you need to go.
A mature information security program is built on an organization's understanding of risk in the context of the needs of the business.
Assessing the current state of your IT infrastructure allows you to understand the weaknesses and vulnerabilities in your Information Security Program. The intelligence gathered through assessments establishes a foundation to help determine what updates and changes are needed to create a strong cybersecurity plan.
As your cyber posture matures, assessments should be conducted and measured against the initial benchmark to determine the effectiveness of changes to your Information Security Program.
assess your cyberSecurity posture
To know where you are going, you first have to know where you are. Assessing your cybersecurity posture is important to understanding current threats and vulnerabilities and what adjustments need to be made to ensure your infrastructure is secure. Assessments are focused on reviewing technical controls and gaps within the network, firewalls, and server environments, as well external risks including employee and vendor vulnerabilities.
The information gathered through assessments can be used to:
- Determine immediate and future projects
- Guide time and budget expenditures
- Ensure your security needs are keeping up with changing technology and the demands of users and clients
- Ensure compliance with regulatory requirements
At the completion of any Solis Assessment, an Executive Summary detailing any patches or upgrades for immediate deployment as well as recommendations for future security enhancements will be presented. Findings are based on the analysis and review of the organization’s cybersecurity maturity as compared to industry best practices and the NIST Cybersecurity Framework.
WHAT ASSESSMENTS DO YOU NEED?
Solis Security offers a variety of assessments to give your organization insight into every facet of its cybersecurity posture. The type of assessments your organization may need is dependent on three key factors: your current cybersecurity profile, industry or data type regulations or other compliance requirements (such as insurance policy requirements), and your overall IT infrastructure.
In the table below, we offer some guidance for basic assessments your organization might need.
BASELINE: If you are early in the process of strengthening your security posture and need to set initial benchmarks create a growth plan.
ADVANCED: Compare against benchmarks and assess more complex data points.
MATURE: Verify that the Information Security Program in place is effective and aligned to industry regulated standards.
PENTESTING: Pentesting is the process of actively trying to exploit vulnerabilities in different areas of your infrastructure. Recommended for the most complex environments or for organizations that are compelled to perform Pen Tests to meet insurance or regulatory requirements.
|MICROSOFT 365 ASSESSMENT||optional|
|SECURITY RISK ASSESSMENT|
If your organization that has specific assessment needs, perhaps for compliance reasons
These assessments are tailored to review a variety of cloud-bases services, from small SaaS offerings, to full Azure or AWS architectural assessments. Typical components of these assessments include: Security Policies, Identity and Access Management, Storage Accounts, SQL/Database Services, Networking, Virtual Machines, and any native Security/Compliance features.
Scanning for indicators of any previous or current compromises within the environment, then determine the best course of action to remediate threats in progress.
The risk assessment is a process of identifying all of an organization's assets and their associated vulnerabilities, identifying the potential threats to those vulnerabilities and the amount of exposure to those threats, which defines the inherent risk to those assets. Additionally, current controls are evaluated to determine the residual risk for the associated asset.
When performing a review of the current firewall configuration our goal is to determine the posture of the firewall based on its capabilities and security services as well as best practice.
Assessing the domain structure and security policy configurations.
This assessment reviews the current configuration of Microsoft 365 environment, also known as Office 365, with the intent of identifying its use and overall security posture. We look at what security controls and features are available vs utilized as well as their effectiveness and comparison to security best practices.
Vendor assessments should be performed on vendors to assess their soundness, which will allow for the determination of level of risk associated with each vendor. Vendors should be reviewed on a regular cadence based on their criticality to the organization and their access to organizational data and assets.
An effective Vulnerability Management Program ensures that monthly vulnerability assessments are conducted against both internal and external assets. Assessments provide identification of system misconfigurations, identification of expiring SSL certificates and other issues that patching alone would not identify and resolve.