Most organizations do not consider the importance of their security system until it has already been breached. In some cases, security breaches occur because an employee did not adhere to the company policy. Another possibility is the absence of a policy for identifying and correcting organizational security gaps.
In today’s complex threat environment of malware, spyware, unaware employees and aggressive international hackers, developing and enforcing a strict and regular security policy that incorporates on-going security assessment is critical to maintaining business continuity.
The true value of security assessments lies in the awareness that it drives on exploitable vulnerabilities on your live environment. You will know exactly what is required to be remediated with immediate action. Furthermore, you will have a list of recommendations to fix the gaps, which will guide you to acquire the appropriate security appliances for your environment .
It is not sufficient to run security assessments as a onetime activity. Rather, an organization should perform periodic security assessments (internal and external) on all IT assets. Ingram Micro has the capacity to perform a wide range of security assessments which are outlined below:
1. Basic Penetration Testing
Penetration Testing (PT) is the process of evaluating the current security state of a system or network to find vulnerabilities that an attacker could exploit to gain unauthorized access to systems and information. This process involves identification of security weaknesses that may occur due to improper security configuration of the system or application, known or unknown vulnerabilities in hardware or software systems.
Ingram Micro Cyber Security Team is performing both Internal and External Penetration Assessments for the client.
2. Black Box Penetration Testing
Black Box Penetration Testing is a method of testing the security level of an organization to simulate an attack which a hacker might undertake to exploit the weaknesses in target network and applications to breach them. This test is performed without any prior knowledge of the organization system, network, or applications.
In Black Box Penetration Testing, Ingram Micro mainly focus on company infrastructure, business logic flaws, applications and services provided by the customer. The Ingram Micro Team follows industry best practice methods and approach to perform Black Box Penetration Testing. Testing will be performed on all discoverable applications, servers, and Network devices.
3. Vulnerability Assessment
Security vulnerabilities are constantly evolving as attackers find new points of weakness to gain access into systems and information. Vulnerability Assessment (VA) is the process of finding, identifying, classifying, and reporting of security issues and weaknesses. As businesses continue to expand their services and networks, their exposure to security vulnerabilities increases as well. Therefore, organizations need to actively assess the existence of security vulnerabilities in their network and implement corrective measures to address identified vulnerabilities.
Ingram Micro performs both internal and external Vulnerability assessments for clients.
4. Web Application Assessment
Web Application Assessment (WAA) provides organizations with the ease of use, centralized management and integration capabilities needed to keep the attackers at bay and their web applications secure. It enables organizations to assess, track and remediate web application vulnerabilities.
Technically, WAA is a cloud service that provides automated crawling and testing of client’s web application to identify vulnerabilities including but not limited to cross-site scripting (XSS), SQL injection, Cross Site Request Forgery (CSRF) and others. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites.
Built on the world’s leading Cloud Security and compliance platform, our WAA service frees you from the substantial costs, resources and deployment issues associated with other traditional software tools. This service offers tools, ease of use and unparalleled scalability to scan thousands of web applications.
The scope of the Web Application Assessment service includes web sites specified by the customer. Ingram Micro performs Both Internal and External Web Application Assessments.
5. Web Malware Detection Scan
Thousands of web sites, including those of larger well-established companies, are infected daily with malware. Malware can disrupt the normal operations of an organization’s website and potentially infect the web site users as well.
Malware Detection Scan (MDS) is performed to proactively scan organization web sites for malware, provides automated alerts, and in-depth reporting to enable prompt identification of malwares and provision of immediate resolution. MDS enables customers to protect their websites and applications from malicious infections, preventing web site black listing and brand reputation damage.
Ingram Micro perform MDS for main external and internal web sites and sub-domains of websites. The scope of the MDS service includes following:
- Website analysis for vulnerable and/or erroneous code.
- Monitoring malicious activity upon request from customer.
- On-demand scans for quick review after malware removal.
- Detailed report on malicious content and malicious web pages.
- Provision of recommendations for malware removal.
6. Policy Compliance Audit
Compliance means conforming to a rule such as a specification, policy, standard, regulation and/or law. It describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations.
Policy Compliance Audit is a service that performs an automated assessment of security configuration of IT systems throughout the network. It helps to reduce the organizations’ risks and continuously comply with internal, local, and global policies, standards, regulations, and laws.
The objectives of Policy Compliance Audit service are:
- Ensure compliance with applicable policies, laws, and regulations.
- Identify non-conformities in timely manner and provide mitigation actions to ensure continuous compliance.
- Collect Operating System configuration and Applications’ Access controls from hosts and other assets within the organization, and maps this information to a user-defined policies in order to accurately document compliance with security regulations and business mandates.
To learn more about any of the above Cyber Security Assessment Services visit our website http://security.ingrammicro.com/ or contact the Cyber Security team at: email@example.com.
Article by: Muna Abu-Abed, Ingram Micro Cyber Security Solutions Architect