Skip Ribbon Commands
Skip to main content
Home > Services > Risk Management > Architecture Review

RISK MANAGEMENT

Architecture Review


Essentials

Architecture Reviews provide insight into the access controls, management, redundancy, vulnerabilities, and visibility of your organization’s network, servers, and web applications. This is accomplished through in-person interviews, architecture design reviews, and configuration reviews. The SecureState approach compares the current topology and configurations to industry best practices, looking for potential incorrect configurations, server placement, and overall design flaws. The Architecture Review illuminates the design’s security risks of the organization and applicable countermeasures. Additionally, Architecture reviews can be tailored to focus on any part of your environment. Some of the common Architecture Reviews include: Network, Operating System, Web Server, Web Service, and Web Application level reviews.

Benefits

From being subject to compliance frameworks and standards, to ensuring the security around critical business operations, to planning for data center migrations; there are numerous motivating factors for performing an Architecture Review. The Review provides an excellent way to identify potential security flaws within the overall organization as well as a “sanity check” for newly designed web applications, servers, and network infrastructures prior to implementation.

Expertise

 SecureState has subject matter experts in many unique environments. SecureState’s internal pool of diversified backgrounds can provide insight where others may fail; therefore, distinguishing itself as the right team to address a myriad of design concerns.

Did You Know?

  • Network architecture reviews should be performed annually on internet DMZ’s
  • Network architecture reviews should be performed prior to a new network design is moved into production
  • Network architecture reviews are a great way to understand the network topology and security of recent acquisitions
  • Web application architecture reviews should be performed on newly designed complex websites before they are placed in production
  • Operating System level architecture reviews should be performed when migrating the workstation environment from one operating system to a different base operating system

Our Approach and Methodology

By combining multiple views, SecureState can perform Architecture Reviews that will assess your network, operating system, web service, or web application from a security perspective. This includes, but is not limited to: the review of the applicable configurations, access controls, communication channel review, component placement, hardening techniques, and security controls.

Configurations: SecureState reviews the device, application, and service configurations in context of the applicable Architecture Review. These configurations are reviewed for adherence to security best practices as well as identification of configuration flaws that weaken the organization’s security posture.

Access Controls: SecureState reviews the effectiveness of the access controls that the Architecture is using. Many times we identify access controls that can easily be bypassed due to flaws within the design and implementation.

Communication Channel Review: Most devices are not an island. This means that they are normally part of a complex network in which they communicate with other devices; and other devices communicate with them. These communication channels are reviewed in order to verify that communication is in alignment with security best practices.

Component Placement: Device placement is a critical component to correct architectural design. SecureState reviews the architecture in order to verify that each device is in an optimal position for effective secure communication. During this part of the review, segmentation and component placement are analyzed.

Hardening Techniques: Attacks generally occur when Minimum Security Baselines (MSBs), or patch management programs and policies are implemented. MSBs are the frontlines to all attacks and provide additional steps that may be performed to harden systems. SecureState will review the current hardening techniques and offer recommendations for improvement, however, we will not develop hardening techniques for individual systems.

Security Controls: Current security controls are reviewed in context of security best practice, mitigating controls, and defense. Security controls are an important part to any architectural design and SecureState can help measure the effectiveness of these controls.

What Makes Us Different

  • The staff at SecureState includes consultants who have designed, implemented and supported complex enterprise networks
  • Results from the network architecture review are reviewed by SecureState’s Profiling Team to receive an attacker’s view of the network
  • For environments with compliance or regulatory requirements, SecureState’s Risk Management Team works with our Audit and Compliance team to ensure the recommendations made address the appropriate compliance and regulatory requirements