An unhardened or weakly configured server could provide an easy route to a complete network compromise or unauthorised access to sensitive data
Before any new builds are rolled into the production environment, it is important to release secure builds to keep the attack surface to a minimum. Having a secure build configuration process in place ensures that vulnerabilities are reduced to minimum at the start of the asset lifecycle.
A weakly configured build may not only add vulnerabilities to the network, but a root kit or a backdoor configured into the machine may go undetected for months. This review helps in identifying weaknesses in configuration that may allow unauthorised access to the underlying operating system.
The assessment-execution phase is followed by the analysis & reporting. Defendza performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels.
No one doubts the talent and commitment of your in house administrators and developers, or the great work they’re doing. But, by having a third party come in and perform an independent cybersecurity audit and review of your systems, you can ensure that no stone is left unturned. Our team of skilled cybersecurity experts will help to identify any vulnerabilities and weaknesses your team may have missed.
The information gained from our security assessments and cybersecurity audits will form the basis of a cybersecurity strategy that you can rely on to protect your network. You can update your practices, employee awareness, processes, and technology to match the new threats and evolving cybersecurity landscape.
As part of the audit, we review the device operating system and version in use. We review the patching policy and if the device under review is part of this policy as well.
A patch management policy is important for keeping your system's security regularly updated. Patch management involves obtaining, testing, and installing several patches to the computer system to keep it safe against malware attacks. The tasks carried out during patch management include: keeping up to date on which patches are available, determining what patches are right for your system, making sure that these patches are properly installed, testing your system after installation, and documenting all related procedures.
We analyse the underlying device for excessive and unnecessary services, default access credentials, management services (such as Telnet and SSH), and general configuration.
As a security best practice, any unnecessary service must be disabled. These unneeded services, especially those that use User Datagram Protocol (UDP), are infrequently used for legitimate purposes but can be used to launch DoS and other attacks that are otherwise prevented by packet filtering.
The nature of cybersecurity threats is one of constant evolution; growing in sophistication and changing in order to exploit new vulnerabilities and evade detection. This is why you need to perform regular security assessments to protect your network.
Your servers BIOS or UEFI Firmware offers the ability to set lower-level passwords. These passwords would restrict people from booting the server, booting from removable devices, and changing BIOS or UEFI settings without an administrators permission.
Full disk encryption is a cryptographic method that applies encryption to the entire hard drive including data, files, the operating system and software programs. In an adverse case, if a device / server is stolen or an unauthorised physical access is achieved, this could be disastrous for a company. A threat actor would gain access to sensitive information such as personably identifiable information (PII) or proprietary information stored on this device due to lack of disk encryption.
Group Policy allows administrators to define security policies for users and the servers within the network. These policies are administered from a central location exclusively to the Windows operating system. The policy settings generally, among other things, enforces password settings, external media access, network level access, patching schedule and application restrictions.
A well configured group policy would ensure a safer network for an organisation and minimise the attack window for a threat actor to gain unauthorised access.
A privileged user account has unlimited permissions to systems or data stored on a network. A person with a privileged account is in a position to make changes to system configuration, read / modify sensitive data and grant access to business critical areas to other users (including create additional accounts). A privileged account within an organisation fall under the following types:
Build review would identify list of user accounts and their privilelges, making the business aware of the threat a server is exposed to.
A vast majority of cyber attacks take advantage of known software and hardware vulnerabilities. Unpatched software including Operating System (OS) and third-party applications, can attract malicious code to the vulnerable servers. Software patching can act as a defensive armor that repels malicious attacks and protects your organisation against multiple exploits.
Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.
Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.
Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.
Much of the manufacturing industry has failed to take proactive steps to defend against cyber attacks—which is a notable problem considering the growing threats the industry faces
