Security Audit

Security Audit

60% of small businesses fail within
6 months of a cyber-attack

Source: Cyber Security Ventures

Evaluate the flow of data within your business

Identify vulnerabilities in your IT environment

Conduct a risk assessment & cost/benefit plan

Upgrade security & prevent cyber crimes

The Wavex security audit will provide
a number of recommendations focusing on

Areas of interest are, but not limited to, resiliency, single points of failure, scalability options and vulnerability points. The output report is aligned to the National Cyber Security Centre - Cyber Essentials framework and will highlight how to mitigateany weaknesses and risks identified.

Wavex offers a detailed security audit covering many aspects of infrastructure, for those organisations who are concerned about their current security status or have fallen victim to a security incident.

Jonathan Monks, Product Manager: Wavex Technology

Mail Infrastructure/Office 365 Review
Email is the most common attack vector for most security breaches. Therefore, a thorough security investigation into the setup and configuration is the primary focus of the security audit. Activities included are a mail gateway security policy and configuration review. Configurations to be included in the report are anti-spam, anti-malware, reporting configuration and the sender identification methods e.g. SPF, DKIM and DMARC will also be audited.

Network Security Review
Devices which are exposed to the internet and network access to resources are especially vulnerable to attack. Therefore, the security audit will review firewalls, switches, Wi-Fi controllers and VPNs which connect to the outside world.

Identity Access Management Review
Access to data is usually attained by first acquiring access to account credentials. Making sure that accounts that can access resources have strong passwords which change periodically is essential. However, in themselves, strong passwords are no longer enough to ensure protection against unauthorised access. Access to company data should be protected by multi-factor authentication with the ability to swiftly revoke access should a breach occur. Suspicious activity should be identifiable and proactively protected against. Those accounts with elevated permissions should not be generic logins, need to be justifiable and have the least privilege access required to achieve their required functionality. The Wavex security audit will perform a thorough review of identity access management.

Endpoint Protection and Infrastructure Review
Desktops, servers, mobile devices are vulnerable to attack as users are interacting with these devices, and the vulnerabilities of unsecured devices can be exploited by attackers to gain access to data and additional credentials. It is important that, if an attack takes place, the endpoint can prevent access to the would-be attacker. There are many practices to mitigate these risks and these will be assessed. Should an attack take place there should be adequate practices in place to recover and potential data loss or access to company resources.

Business Processes Review
Business processes play a significant part in whether an attack is successful or not. This covers such areas as ensuring user awareness of security, having processes in place to protect unsecured equipment and to capture and correcting unregulated procedures for managing access.

Capabilities
One of the tools to be used for the security audit is the APEX Secure Scan. This is a WAVEX service that assesses your current, and future, infrastructure for IT security vulnerabilities. This is a WAVEX response to the rapidly increasing number of security threats emerging in today's hyperconnected world.

ISO Certifications and/or other Certifications
The basis of this audit builds upon the Cyber Essentials Checklist. To ensure basic security configurations are in place the audit uses a detailed checklist to help customers to pass a Cyber Essentials Audit. We also utilise several tools – including an APEX SECURE scan – to detect issues and security vulnerabilities such as unpatched/EOL software, weak passwords, default passwords and known vulnerabilities of software

Benchmarking criteria
Wavex utilize several tools to detect security issues, including our Apex Secure Scan software, to identify security vulnerabilities which may exist. The security software scans for a multitude of security vulnerabilities such as unpatched/EOL software, easily crackable passwords, default passwords and known vulnerabilities of software.

The audit will use the guidelines of the National Cyber Security Centre https://www.ncsc.gov.uk to provide recommendations for aspect of the environment set out above to provide more granular and enhanced security recommendations.

Trending ebook

How to Survive a Phishing Attack

Your phishing attack survival guide. This whitepaper covers the 7 Golden Rules of surviving a phishing attack and some practical tips to make it impossible for a hacker to access your data.

Download now

The Wavex security audit will provide
a number of recommendations focusing on

Take your first step to security audit

  • Speak to Wavex

  • Review indicative audit format

  • Book audit date

  • Onsite audit completed

  • Audit write up with recommendations

  • Review audit findings