We perform security reviews for Cloud services and/or solutions offered by cloud service vendors. These solutions may cover different service models such as Software-as-a-service (eg. Dropbox, ZenDesk) or Platform-as-a-service (eg. Salesforce).
Cloud solution security assessments are common among vendors relying on cloud services. Due to the size, business operations reliability, and severity of the information involved, it is imperative that an independent third party opinion is sought to ensure the attack surface is minimal at all times.
Due to the increasing popularity of cloud models, cloud solution vendors have various compulsions to perform these reviews. These range from proactive internal decisions, vendor assurance certifications to periodic assessments or upon every major change in the setup.
Defendza has the experience and skill-set needed to perform these reviews. A few examples of our clients under this category include major global CRM Platform Company, UK based cloud platform provider and major supermarket retailer.
To provide a safe and secure solution to end customer, a cloud solution security review shall uncover gaps that were previously unknown to your development teams.
There is a clear business case to seek vendor neutral security review for a cloud solution due to the following factors:
The management plane consists of functions that achieve the management goals of the network. This includes interactive management sessions that use SSH, HTTPS (if web interface available) as well as statistics-gathering with SNMP. When you consider the security of a network device, the management plane must be protected. If a security incident can undermine the functions of the management plane, it can be impossible for you to recover or stabilize the network.
The management plane is the plane that receives and sends traffic for operations of these functions. You must secure both the management plane and control plane of a device, because operations of the control plane directly affect operations of the management plane.
External assessment involves assessing internet-facing infrastructure using port scans, vulnerability assessment followed by manual analysis and reporting phase
Can you confirm that your cloud-based firewall has relevant rules defined to prevent access to services within your private network?
One step advanced than our basic scanning service, we conduct a thorough vulnerability scanning based after a full port scanning on your perimeter network. This would provide you a detailed view of your network security.
Our consultants would ensure that no false positives are reported in any of our final deliverables. Findings added in our report are manually verified before making it to the document.
Modern applications (including mobile) rely on API's for their features / functionalities. Once the API endpoints
Software as a Service (SaaS) models is currently flourishing the market. These applications are hosted in the cloud with shared infrastructure and backend. Our clients need assurance that their data is not accessible to other users of the Saas application. Defendza has conducted a successful assessment on several top SaaS platforms and our expert consultants are always ready to help you gain that confidence.
Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.
Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.
Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.
