By combining multiple views, SecureState can perform Architecture Reviews that will assess your network, operating system, web service, or web application from a security perspective. This includes, but is not limited to: the review of the applicable configurations, access controls, communication channel review, component placement, hardening techniques, and security controls.
Configurations: SecureState reviews the device, application, and service configurations in context of the applicable Architecture Review. These configurations are reviewed for adherence to security best practices as well as identification of configuration flaws that weaken the organization’s security posture.
Access Controls: SecureState reviews the effectiveness of the access controls that the Architecture is using. Many times we identify access controls that can easily be bypassed due to flaws within the design and implementation.
Communication Channel Review: Most devices are not an island. This means that they are normally part of a complex network in which they communicate with other devices; and other devices communicate with them. These communication channels are reviewed in order to verify that communication is in alignment with security best practices.
Component Placement: Device placement is a critical component to correct architectural design. SecureState reviews the architecture in order to verify that each device is in an optimal position for effective secure communication. During this part of the review, segmentation and component placement are analyzed.
Hardening Techniques: Attacks generally occur when Minimum Security Baselines (MSBs), or patch management programs and policies are implemented. MSBs are the frontlines to all attacks and provide additional steps that may be performed to harden systems. SecureState will review the current hardening techniques and offer recommendations for improvement, however, we will not develop hardening techniques for individual systems.
Security Controls: Current security controls are reviewed in context of security best practice, mitigating controls, and defense. Security controls are an important part to any architectural design and SecureState can help measure the effectiveness of these controls.