Illumant - Security Assessments and Compliance

True strength is understanding your weaknesses.

Our Assessments

Our assessment services offer clients the chance to view security weaknesses from a wide variety of angles. Beyond just reporting technical vulnerabilities, we also identify root causes and help solve strategic and systemic problems, which prevents re-occurrence of vuln erabilities.

Comprehensive
Detailed remediation advice
Best-in-breed tools
Manual testing and validation

Key Differentiators

Non-disruptive, negligible impact to staff
Easy to follow and detailed remediation advice
Manual testing to uncover what scanners miss

Assessment Offerings

	PSA - Perimeter Security Assessment & Penetration Testing - Provides assurance that Internet-facing networks and systems are protected from hackers/malware (aka the hacker's perspective). {read more} external vulnerability assessment manual validation penetration testing practical remediation advice	External
Your message was received! We will send a quote shortly. Get a quote on our PSA service now. Enter your email and the number of external systems/hosts you want tested. Email @ Systems
	BVEA - Blind Visibility and Exposure Analysis - Blind Internet footprint analysis to ensure that only the information and systems needed for business purposes are exposed to the Internet {read more} blind assessment reconnaissance cyber-attack surface minimization chatter analysis reputation/infection analysis
	DDOS - Distributed Denial of Service Assessment - Simulated distributed denial of service attack (DDoS) to test the resilience of networks and systems to real distributed attacks, including validation of DDoS prevention measures. {read more} Simulated DDoS breaking point analysis performance degradation analysis DDoS prevention validation latency throughput
	O365SA - Office 365 Security Assessment - Ensures protection against unauthorized access to wireless networks and traffic, as well as segregation of guest access from corporate networks and systems. Also identifies potential back-doors through rogue access points. {read more} Configuration review log analysis data analytics	External/Internal
	WSA - Wireless Security Assessment - Office365 is a mission critical and super-sensitive asset, and its security is vital to the security of the rest of the organization. The Office365 Security Assessment (O365 SA) is an in-depth review of the security of a client’s Office365 configuration, including analysis of threat activity, identification of vulnerabilities and weaknesses, and recommendations for additional protection measures to enhance security. {read more} User/guest wireless assessment encryption strength auth strength rogue access points wireless segregation wireless infrastructure vulnerabilities
	WASA - Web Application Security Assessment - Credentialed and non-credentialed vulnerability assessment and penetration testing to validate the security measures in place to protect web applications against outside attackers, malware, privilege escalation and account hijacking. {read more} Application testing outside attackers authorized users privilege escalation account hijacking credentialed testing
	CloudSA - Cloud Security Assessment - In-depth, platform specific review of cloud-based application infrastructure and underlying components to assess compliance with security best-practices. Platforms include Amazon Web Service, Google Cloud Platform, Microsoft Azure and more. {read more} Security best-practices assessment configuration policy review manual reviews of configurations
	CASA - Critical Asset Security Assessment - Internal vulnerability analysis and penetration testing of mission-critical assets including applications, servers, routers, and switches for validation of layered-security and defense in depth. {read more} internal vulnerability assessment manual validation penetration testing practical remediation advice	Internal
	LANSA - LAN Security Assessment - Provides assurance that LANs are well secured including end-user systems such as desktops and laptops. As well as LAN servers, and other LAN devices. {read more} internal vulnerability assessment manual validation penetration testing practical remediation advice	Internal
	NISA - Network Infrastructure Security Assessment - Beyond network-based testing, this assessment utilizes benchmarking and analysis of the configurations of firewalls, routers, switches, and other networking devices to ensure these systems are set-up to best protect the networks they enable and that they themselves are protected from breaches to prevent being used to propagate attacks. {read more} Configuration scoring configuration benchmarking manual review feature analysis security ROI	Platform-specific
	ADSA - Active Directory Security Assessment - In-depth review of Active Directory configuration and GPO settings that drive security for in-scope domains and their affiliated OUs, groups, computers, users, and service accounts. {read more} GPO settings analysis manual review review of users review of groups review of service accounts
	MSSA - Microsoft Server Security Assessment - Detailed, platform-specific review of the configuration of Microsoft Servers to ensure these critical systems are configured to minimize exposure and maximize security. {read more} Analysis of registry settings manual review review of enabled services review of installed programs
	NIXSA - UNIX/Linux Server Security Assessment - Detailed, platform-specific and “flavor”-specific review of the configuration of UNIX/Linux servers to verify that these systems are configured to maximize security and minimize exposure to cyber-attacks. {read more} Analysis of config files/settings manual review review of running processes review of installed packages review of patch levels
	VSA - Virtualization Security Assessment - The VSA examines the configuration of virtual hosts, virtual machines, virtual networking and virtual storage to provide recommendations for improving security. {read more} Virtualization configuration review
	SocEng - Social Engineering - Targets the human element to test awareness of users to potential security threats, by performing simulated phishing, planted media, pretext calling, and social networking attacks, and to test exposure to social engineering. {read more} Social engineering simulated attacks phishing pretext calling social networking	Organizational
	PPPA - Policies Procedures and Practices Assessment - Ensures that documented IT policies and procedures, and associated practices, are aligned with best-practices and applicable regulatory requirements. The PPPA is a gap analysis and the first place to start towards compliance with best-practices, regulatory requirements, and standards, such as HIPAA, SOC, PCI, CIPv5, NIST, ISO, DFARS, GLBA, SOX, etc. {read more} Policy review Procedures review Practices review documentation review IT interviews gap analysis compliance best-practices regulatory requirements
	RA - Risk Assessment - Combination of qualitative and quantitative analysis to determine the top threats to information security, biggest vulnerabilities, and largest opportunities for risk reduction through cost-benefit analysis {read more} Top-down strategic Risk assessment asset inventory vulnerability analysis threat model
	PhySA - Physical Security Assessment - Assessment of facilities and properties to analyze the key security measures that govern physical security that are required to control access to buildings and to protect the people and data within them {read more} Physical security walkthroughs facilities properties
	DLPA - Data Loss Prevention Assessment - Identifies unprotected transmission and non-compliant storage of sensitive data that could result in unwanted disclosure or data loss and the potential for costly breach notification and response {read more} Data loss prevention Traffic monitoring spidering file searches
	BBPen - Advanced Black Box Penetration Testing - A premier service that simulates real-world cyber-attacks against your organization. The BBPen is a capture-the-flag exercise using technical and social pen testing techniques to test how well protected you are against breaches {read more} Penetration testing black box capture-the-flag blind social engineering technical pen testing	Other
	CustomSA - Custom Security Assessment - Illumant can work with you to define security assessments that are customized in scope, for any target systems, networks, devices or applications that you require beyond our pre-defined assessment offerings. {read more} Custom assessment	Other

External

External/Internal

Internal

Platform-specific

Organizational

Other

Our Assessments

Key Differentiators

Assessment Offerings

PSA - Perimeter Security Assessment & Penetration Testing - Provides assurance that Internet-facing networks and systems are protected from hackers/malware (aka the hacker's perspective).
{read more}

BVEA - Blind Visibility and Exposure Analysis - Blind Internet footprint analysis to ensure that only the information and systems needed for business purposes are exposed to the Internet
{read more}

DDOS - Distributed Denial of Service Assessment - Simulated distributed denial of service attack (DDoS) to test the resilience of networks and systems to real distributed attacks, including validation of DDoS prevention measures.
{read more}

O365SA - Office 365 Security Assessment - Ensures protection against unauthorized access to wireless networks and traffic, as well as segregation of guest access from corporate networks and systems. Also identifies potential back-doors through rogue access points.
{read more}

WASA - Web Application Security Assessment - Credentialed and non-credentialed vulnerability assessment and penetration testing to validate the security measures in place to protect web applications against outside attackers, malware, privilege escalation and account hijacking.
{read more}

CloudSA - Cloud Security Assessment - In-depth, platform specific review of cloud-based application infrastructure and underlying components to assess compliance with security best-practices. Platforms include Amazon Web Service, Google Cloud Platform, Microsoft Azure and more.
{read more}

CASA - Critical Asset Security Assessment - Internal vulnerability analysis and penetration testing of mission-critical assets including applications, servers, routers, and switches for validation of layered-security and defense in depth.
{read more}

LANSA - LAN Security Assessment - Provides assurance that LANs are well secured including end-user systems such as desktops and laptops. As well as LAN servers, and other LAN devices.
{read more}

ADSA - Active Directory Security Assessment - In-depth review of Active Directory configuration and GPO settings that drive security for in-scope domains and their affiliated OUs, groups, computers, users, and service accounts.
{read more}

MSSA - Microsoft Server Security Assessment - Detailed, platform-specific review of the configuration of Microsoft Servers to ensure these critical systems are configured to minimize exposure and maximize security.
{read more}

NIXSA - UNIX/Linux Server Security Assessment - Detailed, platform-specific and “flavor”-specific review of the configuration of UNIX/Linux servers to verify that these systems are configured to maximize security and minimize exposure to cyber-attacks.
{read more}

VSA - Virtualization Security Assessment - The VSA examines the configuration of virtual hosts, virtual machines, virtual networking and virtual storage to provide recommendations for improving security.
{read more}

SocEng - Social Engineering - Targets the human element to test awareness of users to potential security threats, by performing simulated phishing, planted media, pretext calling, and social networking attacks, and to test exposure to social engineering.
{read more}

RA - Risk Assessment - Combination of qualitative and quantitative analysis to determine the top threats to information security, biggest vulnerabilities, and largest opportunities for risk reduction through cost-benefit analysis
{read more}

PhySA - Physical Security Assessment - Assessment of facilities and properties to analyze the key security measures that govern physical security that are required to control access to buildings and to protect the people and data within them
{read more}

DLPA - Data Loss Prevention Assessment - Identifies unprotected transmission and non-compliant storage of sensitive data that could result in unwanted disclosure or data loss and the potential for costly breach notification and response
{read more}

BBPen - Advanced Black Box Penetration Testing - A premier service that simulates real-world cyber-attacks against your organization. The BBPen is a capture-the-flag exercise using technical and social pen testing techniques to test how well protected you are against breaches
{read more}

CustomSA - Custom Security Assessment - Illumant can work with you to define security assessments that are customized in scope, for any target systems, networks, devices or applications that you require beyond our pre-defined assessment offerings.
{read more}

Assessments

Compliance

Security Awareness Training

Other Links

Contact Information

Currently in Palo Alto

External

External/Internal

Internal

Platform-specific

Organizational

Other

Assessments Overview

Our Assessments

Key Differentiators

Assessment Offerings

Assessments

Compliance

Security Awareness Training

Other Links

Contact Information

Currently in Palo Alto