Exceptional security assessments start with a thorough understanding of your business and require knowledge of the entire operational environment, from business processes to policy mandated levels of trust. We could run a few tools and print out thick reports that made it look like we did a big job but we choose to do manual analysis and focus on the areas that matter the most to you. This allows us to return to you a report that is relevant to your organization and has value.
Clients who request this service are often trying to address these questions?
- How are we doing?
- Is my information secure?
- We have many issues, what do we fix first?
- Can I get a second set of eyes on my systems?
- We know we have many security controls in existence — are they also working effectively?
- How are we doing compared to similar companies and to best practices?
- Can I satisfy my IS/IT regulatory compliance requirements?
- Can I get a baseline security assessment to prioritize our risk and give recommendations for risk mitigation?
How does it work?
Our team travels to your location to do on-site data collection and analysis. Then we do additional work off-site to research specific issues regarding your infrastructure and document our findings and recommendations. We schedule projects so that we are typically on-site for less than a calendar week and we usually deliver reports within two weeks of commencing the on-site work.
What is the scope of an Internal Network Security Assessment?
While each project is custom-scoped depending on your needs, a typical scope includes:
- Network Architecture and Segmentation
- Authentication and Access Control
- Firewall and Router Configuration
- Patch Management & Software Bugs
- System Configuration Settings and Hardening
- Confidential Data Handling
- Physical Security
- Spyware, Malware, Anti-Virus
- High Availability and Single Point of Failure Analysis
Echelon's security assessments services include:
- Penetration Testing
- Web Application Security Assessments
- Internal IT Security Assessments
- Social Engineering
These services do vary to address various compliance issues, including: PCI, FFIEC, GLBA, HIPAA, etc.
It’s about the people and the passion. Whether we are assessing your security, creating free security audit tools ,or doing groundbreaking security research to help our clients better understand security risk, our team is passionate about security. With a proven team, leveraging a risk-based approach that focuses discovery and analysis on areas