The infrastructure security audit is one of the main services Triad Security offers when it comes to infrastructure security.
The company’s approach to infrastructure security is focused around exposing vulnerabilities and weaknesses. This is done in order to look at the organization’s infrastructures versus commonly-accepted industry standards. The survey we offer consists of several issues for inspection, enabling construction of the most appropriate survey and audits for the organization:
- Infrastructure level penetration tests
- Hardening tests and evaluation of the organizational architecture
- Survey of security system hardening within the organization
Infrastructure penetration tests
The penetration tests performed by Triad Security’s team of infrastructure security experts are based on testing methodologies and scenarios which completely simulate an entity with malicious intentions. The entity may be external (a hacker), or internal (an employee with various authorizations), attempting to hack into the various organizational infrastructures and environments. The tests are carried out on the organization’s external, Internet-facing environments, on the internal organizational environments and on connections to remote sites and data centers.
Hardening tests and architecture evaluation
Performance of hardening tests for operating systems, servers (WIN & Linux), core systems, databases, and organizational services and infrastructures.
Architecture testing – testing the organization’s internal and external architecture. As part of these tests, environment separation will be reviewed, as will peripheral defenses of the organizational perimeter, communication with cloud environments (hybrid), interfaces between environments, and the location of the organizational systems, etc.
Examination and enhancement of organizational security systems
These tests will be carried out by consultants experienced in the world of professional information security product services. This, coupled with their experience in communication security, enables them to audit the method of adoption of organizational security systems and to provide an organization with an up-to-date picture of the quality of the adoption and implementation of the definitions and to ensure their resilience against information security threats as well as their compliance with common requirements and recommendations by various vendors.
Cyber attacks and Red Teams
Triad Security’s red teams will challenge an organization through targeted attacks along different, diverse vectors. These attacks will simulate a cyber event tailored especially for the organization. It will consist of realistic scenarios suited to the relevant threat profile being tested in an effort to evaluate the organization’s resilience or exposure to attacks of this kind.
The Triad Security red team continually gets updated on the latest attacks and vulnerabilities – this is part of the company’s everyday research effort. This research assists in enhancing the attacks, in exploiting new vulnerabilities and in maintaining the team’s skills.
End-to-end POC support
The POC is intended to facilitate selection of the most appropriate information security products for the organization and its specific needs. This support is intended to help the customer evaluate security products to the best possible effect – the products’ capabilities versus the requirements of the technology and of the business environment. Triad Security consultants will participate in each POC stage through to selection of the most appropriate product for the organization:
- Writing technology requirements for tenders – Triad Security consultants will write and specify the organization’s technology requirements chapter for tenders or for RFI/RFPs. This will all be done in complete coordination with the organization and in view of the needs that must be addressed.
In this stage, the internal evaluation document will be defined and the points to be allocated in accordance with the business and regulatory requirements to which the customer is subject. This will enable optimal selection of the security products which will deliver the greatest technological advantage.
- Selection of relevant products – evaluation of the products existing in the market and which comply with the organization’s requirements and constraints, as per the technologies chapter in the tender and definition of several relevant products for testing during the POC.
* Triad Security is a consulting firm. It is not dependent on, or affiliated with, specific products.
- Carrying out hands-on technological tests for the products – the Triad Security consultants will evaluate the information security products hands-on against the organization’s technological requirements, and will test their adoption and interaction with organizational systems using appropriate scenarios.
Option to set up a laboratory environment – setting up a laboratory environment at the customer’s offices in order to perform the audits while avoiding potential risks when adopting products for testing purposes and carrying out the audit outside the organizational network.