In an average office environment, lots of different devices are used. Moreover, it is not always clear what software is installed where, and who has which access privileges. This makes it challenging to get a picture of the overall security of your internal network. What’s more, this information deficit results in blind spots when it comes to security. This can cause serious problems. Use our IT Infrastructure Assessment to identify vulnerabilities in your IT architecture and reduce the risk of incidents.
Are you wondering:
- Which parts of my IT systems (on-premise or cloud) are vulnerable to hackers, ransomware and other current cyber threats and how can I secure them/make them safer?
- Is my IT infrastructure accessible to those with malicious intent? Is our WiFi secure?
- What damage could attackers do if they penetrated our network?
- What data could they capture? What could they do with it?
- Through which systems/access points are we vulnerable?
- Are the current security measures in place on our company network sufficient to withstand current cyber threats such as ransomware?
An IT Infrastructure Assessment answers these questions for you.
What is an IT Infrastructure Assessment?
There is hardly a company or organisation in our society today that does not depend on an "internal network” to a greater or lesser extent. Organisations' IT infrastructures are where the most sensitive and vulnerable information is often stored and used, and these are the systems employees use every day. In many cases, they can also be accessed via the internet, and represent an attractive attack surface for malicious parties. In an internal network security test, we map out your entire IT infrastructure – where necessary – and perform a security test on those systems. From your office WiFi to your CRM system, from payroll system to Office 365. On-premise or in the cloud, our security specialists test in the same way that an attacker would view potential access points and opportunities for attack. They also investigate what information they can obtain once they are inside.
What do we do in an IT Infrastructure Assessment?
First we decide together which systems need to be tested: the scope. This depends on the size of the organisation, which systems are present, and whether there are any specific security questions that need to be addressed. We always start with a kick-off session on location, during which the configuration of the network and the facilities in place are discussed with a technical person and the responsible business manager on the client side. The security specialist then carries out a series of security tests. These examine threats, risks and vulnerabilities from different perspectives:
- Perspective of actor from the internet;
Is it possible to gain access to the internal network and/or sensitive information from the internet?
- Perspective of actor in the building;
Is it possible to gain access to the internal network and/or sensitive information within the building?
- Perspective of actor who is able to connect to the internal network over WiFi;
Is it possible to gain access to the internal network and/or sensitive information remotely via a WiFi connection?
- Perspective of actor with access to internal network without an account;
Is it possible to gain access to sensitive information on the internal network without a valid employee account?
- Perspective of actor with access to the internal network and employee account;
Is it possible to gain access to sensitive information on the internal network with an employee account with limited access privileges to which the employee should not have access?
Examples of IT infrastructure components to be tested
External assessment: investigating systems and services which are accessible from the internet.
Internal assessment: investigating internal systems and services, WiFi networks, user privileges and the basic design of the Active Directory.
Comprehensive Active Directory assessment: in-depth investigation of the organisation’s Active Directory structure.
Microsoft Azure AD and Office 365 assessment: investigating common security issues in the use of Microsoft Azure AD and/or Office 365.
Virtual workplace assessment: Investigating virtual workplaces, such as Citrix or thin client solutions.
Workstation/laptop assessment: checking a workstation/laptop for best practice security settings.
Attack simulation: performing an attack simulation in order to test the correct functioning of monitoring and detection systems.
Ransomware simulation: performing a ransomware simulation in order to chart the organisation's resilience to ransomware.
What do you get after an IT Infrastructure Assessment?
Na afloop van de test leveren wij een praktisch en uitgebreid rapport op, welke de securityspecialist die de test heeft uitgevoerd op locatie zal toelichten. Je IT-infra (zowel on-premise als in de cloud) heb je hiermee volledig in kaart en je kan op basis van de uitkomsten van de security test de juiste
At the end of the test we deliver a practical and comprehensive report, which the security specialist who carried out the test will explain on location. This adds up to a complete picture of your IT infrastructure (both on-premise and in the cloud). Based on the results of the security test, you can take the appropriate measures to protect that infrastructure against cyber security risks.
You will also know how resilient you are to current cyber attacks such as ransomware attacks. You can use the findings and recommendations from the report to set up/modify the security policy within your organisation, and to confirm the necessity of monitoring its implementation. In addition, you can demonstrate whether you meet the requirements of ISO27001 regarding information security or compliance with other laws and regulations such as NEN and PCI-DSS.
Interested in our IT Infrastructure Assessment for your organisation? Please contact us at firstname.lastname@example.org, call us on +31 (0)88 733 13 37 or submit your details using our contact form and we'll call you back as soon as we can.
We have a lot of regular customers because both parties recognise the added value of long-term cooperation. Our clients choose Computest because of the good working relationship they enjoy with us, our flexibility and the extensive security knowledge of our security specialists which they are happy to share. In addition, organisations specifically choose Computest for this service, because:
- The presence of a security specialist on site during the execution ensures direct knowledge transfer to your IT staff.
- Unlike many other providers, Computest does not rely solely on automated tooling but above all draws on the insight and experience of its specialists, gained in part through R&D research.
- Computest carries out broad security testing in which all risk-sensitive components within the internal network are comprehensively investigated.
- Computest has a standardised approach that results in reproducible tests and high quality.
- Computest offers a personal approach, with a security specialist who is always available for questions and personally discusses the final report with the organisation.
- Computest has specialist knowledge in the field of IoT security.