Our Approach and
By combining multiple views, SecureState can perform Architecture Reviews
that will assess your network, operating system, web service, or web application
from a security perspective. This includes, but is not limited to: the review of
the applicable configurations, access controls, communication channel review,
component placement, hardening techniques, and security controls.
Configurations: SecureState reviews the device, application, and
service configurations in context of the applicable Architecture Review. These
configurations are reviewed for adherence to security best practices as well as
identification of configuration flaws that weaken the organization’s security
Access Controls: SecureState reviews the effectiveness of the access
controls that the Architecture is using. Many times we identify access controls
that can easily be bypassed due to flaws within the design and implementation.
Communication Channel Review: Most devices are not an island. This
means that they are normally part of a complex network in which they communicate
with other devices; and other devices communicate with them. These communication
channels are reviewed in order to verify that communication is in alignment with
security best practices.
Component Placement: Device placement is a critical component to
correct architectural design. SecureState reviews the architecture in order to
verify that each device is in an optimal position for effective secure
communication. During this part of the review, segmentation and component
placement are analyzed.
Hardening Techniques: Attacks generally occur when Minimum Security
Baselines (MSBs), or patch management programs and policies are implemented.
MSBs are the frontlines to all attacks and provide additional steps that may be
performed to harden systems. SecureState will review the current hardening
techniques and offer recommendations for improvement, however, we will not
develop hardening techniques for individual systems.
Security Controls: Current security controls are reviewed in context
of security best practice, mitigating controls, and defense. Security controls
are an important part to any architectural design and SecureState can help
measure the effectiveness of these controls.