Regular reviews of IT systems and policy helps to ensure that your operations are not exposing your organisation to undue risk. Inde’s assessment framework is built on a comprehensive set of controls derived from industry contributed data and learnings from real-world security incidents and aims to develop a security roadmap that is easily understood at all levels of your organisation.
Our approach to Security Assessment engagements is both theoretical and hands-on, identifying security flaws, verifying the effectiveness of implemented security measures, and making certain that all measures will continue to be effective after implementation and tuning. All assessments are supported by Offensive Security Certified Professional (OSCP) qualified engineers. Inde can also perform security and health reviews of specific infrastructures and services such as core networking and network appliances, cloud and server platforms, Active Directory, PKI, Exchange, and SQL.
Environments fall in to one of two groups in relation to Inde’s security assessments and determine the level of testing that is undertaken.
For environments where organisations utilise Cloud and SaaS services, have uncomplicated internal networks, and with no workloads remaining on-premises, we carry out a cybersecurity hygiene assessment. The cybersecurity hygiene assessment comprises of a security and best practice review of your Cloud Platform, CIS Critical Security Controls assessment, and optional Detection and Disruption Testing to validate EDR capabilities.
For more complex environments with on-premises Directory services, document storage, and business critical workloads, we carry out an assume breached assessment. The assume breached assessment includes all components of the cybersecurity hygiene assessment with the addition of Domain and Network review, Network firewall review, and Adversary Emulation.
|
|
Cybersecurity Hygiene |
Assume Breached |
|
Cloud platform security review |
X |
X |
|
CIS Critical Security Controls audit |
X |
X |
|
Detection and Disruption testing |
X |
X |
|
OSINT and perimeter exposure |
X |
X |
|
Privileges and Access |
X |
X |
|
Network architecture |
|
X |
|
Group Policy |
|
X |
|
Host builds |
|
X |
|
Environment hardening |
|
X |
|
Attack surface reduction |
|
X |
|
Environment reconnaissance |
|
X |
|
Adversary profile research & development |
|
X |
|
Identification of vulnerabilities and exploitable vectors |
|
X |
All security assessments carried out by Inde’s security team provide you with actional, evidence based, recommendations and remediation advice in report form.
