|
|
PSA - Perimeter Security Assessment & Penetration Testing -
Provides assurance that Internet-facing networks and systems are protected from hackers/malware (aka the hacker's perspective).
{read more}
external vulnerability assessment
manual validation
penetration testing
practical remediation advice
|
External |
| |
|
|
BVEA - Blind Visibility and Exposure Analysis -
Blind Internet footprint analysis to ensure that only the information and systems needed for business purposes are exposed to the Internet
{read more}
blind assessment
reconnaissance
cyber-attack surface minimization
chatter analysis
reputation/infection analysis
|
|
|
DDOS - Distributed Denial of Service Assessment -
Simulated distributed denial of service attack (DDOS) to test the resilience of networks and systems to real distributed attacks, including validation of DDOS prevention measures.
{read more}
Simulated DDOS
breaking point analysis
performance degradation analysis
DDOS prevention validation
latency
throughput
|
|
|
O365SA - Office 365 Security Assessment -
Ensures protection against unauthorized access to wireless networks and traffic, as well as segregation of guest access from corporate networks and systems. Also identifies potential back-doors through rogue access points.
{read more}
Configuration review
log analysis
data analytics
|
External/Internal |
|
|
WSA - Wireless Security Assessment -
Office365 is a mission critical and super-sensitive asset, and its security is vital to the security of the rest of the organization. The Office365 Security Assessment (O365 SA) is an in-depth review of the security of a client’s Office365 configuration, including analysis of threat activity, identification of vulnerabilities and weaknesses, and recommendations for additional protection measures to enhance security.
{read more}
User/guest wireless assessment
encryption strength
auth strength
rogue access points
wireless segregation
wireless infrastructure vulnerabilities
|
|
|
WASA - Web Application Security Assessment -
Credentialed and non-credentialed vulnerability assessment and penetration testing to validate the security measures in place to protect web applications against outside attackers, malware, privilege escalation and account hijacking.
{read more}
Application testing
outside attackers
authorized users
privilege escalation
account hijacking
credentialed testing
|
|
|
CloudSA - Cloud Security Assessment -
In-depth, platform specific review of cloud-based application infrastructure and underlying components to assess compliance with security best-practices. Platforms include Amazon Web Service, Google Cloud Platform, Microsoft Azure and more.
{read more}
Security best-practices assessment
configuration policy review
manual reviews of configurations
|
|
|
CASA - Critical Asset Security Assessment -
Internal vulnerability analysis and penetration testing of mission-critical assets including applications, servers, routers, and switches for validation of layered-security and defense in depth.
{read more}
internal vulnerability assessment
manual validation
penetration testing
practical remediation advice
|
Internal |
|
|
LANSA - LAN Security Assessment -
Provides assurance that LANs are well secured including end-user systems such as desktops and laptops. As well as LAN servers, and other LAN devices.
{read more}
internal vulnerability assessment
manual validation
penetration testing
practical remediation advice
|
|
|
NISA - Network Infrastructure Security Assessment -
Beyond network-based testing, this assessment utilizes benchmarking and analysis of the configurations of firewalls, routers, switches, and other networking devices to ensure these systems are set-up to best protect the networks they enable and that they themselves are protected from breaches to prevent being used to propagate attacks.
{read more}
Configuration scoring
configuration benchmarking
manual review
feature analysis
security ROI
|
Platform-specific |
|
|
ADSA - Active Directory Security Assessment -
In-depth review of Active Directory configuration and GPO settings that drive security for in-scope domains and their affiliated OUs, groups, computers, users, and service accounts.
{read more}
GPO settings analysis
manual review
review of users
review of groups
review of service accounts
|
|
|
MSSA - Microsoft Server Security Assessment -
Detailed, platform-specific review of the configuration of Microsoft Servers to ensure these critical systems are configured to minimize exposure and maximize security.
{read more}
Analysis of registry settings
manual review
review of enabled services
review of installed programs
|
|
|
NIXSA - UNIX/Linux Server Security Assessment -
Detailed, platform-specific and “flavor”-specific review of the configuration of UNIX/Linux servers to verify that these systems are configured to maximize security and minimize exposure to cyber-attacks.
{read more}
Analysis of config files/settings
manual review
review of running processes
review of installed packages
review of patch levels
|
|
|
VSA - Virtualization Security Assessment -
The VSA examines the configuration of virtual hosts, virtual machines, virtual networking and virtual storage to provide recommendations for improving security.
{read more}
Virtualization configuration review
|
|
|
SocEng - Social Engineering -
Targets the human element to test awareness of users to potential security threats, by performing simulated phishing, planted media, pretext calling, and social networking attacks, and to test exposure to social engineering.
{read more}
Social engineering
simulated attacks
phishing
pretext calling
social networking
|
Organizational |
|
|
PPPA - Policies Procedures and Practices Assessment -
Ensures that documented IT policies and procedures, and associated practices, are aligned with best-practices and applicable regulatory requirements. The PPPA is a gap analysis and the first place to start towards compliance with best-practices, regulatory requirements, and standards, such as HIPAA, SOC, PCI, CIPv5, NIST, ISO, DFARS, GLBA, SOX, etc.
{read more}
Policy review
Procedures review
Practices review
documentation review
IT interviews
gap analysis
compliance
best-practices
regulatory requirements
|
|
|
RA - Risk Assessment -
Combination of qualitative and quantitative analysis to determine the top threats to information security, biggest vulnerabilities, and largest opportunities for risk reduction through cost-benefit analysis
{read more}
Top-down
strategic
Risk assessment
asset inventory
vulnerability analysis
threat model
|
|
|
PhySA - Physical Security Assessment -
Assessment of facilities and properties to analyze the key security measures that govern physical security that are required to control access to buildings and to protect the people and data within them
{read more}
Physical security
walkthroughs
facilities
properties
|
|
|
DLPA - Data Loss Prevention Assessment -
Identifies unprotected transmission and non-compliant storage of sensitive data that could result in unwanted disclosure or data loss and the potential for costly breach notification and response
{read more}
Data loss prevention
Traffic monitoring
spidering
file searches
|
|
|
BBPen - Advanced Black Box Penetration Testing -
A premier service that simulates real-world cyber-attacks against your organization. The BBPen is a capture-the-flag exercise using technical and social pen testing techniques to test how well protected you are against breaches
{read more}
Penetration testing
black box
capture-the-flag
blind
social engineering
technical pen testing
|
Other |
|
|
CustomSA - Custom Security Assessment -
Illumant can work with you to define security assessments that are customized in scope, for any target systems, networks, devices or applications that you require beyond our pre-defined assessment offerings.
{read more}
Custom assessment
|
