In these days of increasing interconnection between systems, mobile working and reliance on the Internet, it can be a daunting task for any system administrator or IT Security Officer to maintain the security of their networks and systems, when the business is demanding more technical freedom and access to more external (perhaps untrusted) resources.
As interconnection increases, so does your attack surface, the number of diverse systems and applications you have to keep an eye on for new vulnerabilities, and the number of ways your organisation could be attacked.
If you have a system or application connected to the Internet, an internal network that allows inbound e-mail or outbound Web browsing, or a public Web site providing information or services, you can guarantee that it will be penetration tested, by those who are simply curious (or looking for the next big media story), those with a reason to attack your organisation, or others with even more nefarious aims.
These groups obviously won’t give you a detailed report on their findings, but I can help you there – I can identify internal and external weaknesses in your IT security infrastructure, advise on the level of risk those weaknesses expose you to, and advise on pragmatic and cost-effective ways to improve things. In some cases, I may even be able to tell you if someone has already gained access, or if weaknesses have already been exploited.
There are two distinct ways I could help you examine your security posture:
- My System/Network Health Check service can provide assurance that your internal or external systems and networks are securely configured, and not exposing your business to unnecessary risk from technical attack; and
- My Application Security Testing service can provide you with assurance in the security of any dynamic applications you may expose to untrusted networks or users (in particular Web applications made available on the Internet).
Another common problem for organisations is where gradual growth and expansion of networks causes network administrators to lose track of exactly what is in place and where. I can even help with these problems by performing an internal network audit – this service is described in my System/Network Health Check page.
Please contact me to discuss your needs in detail – don’t forget, the first meeting is free of charge!