When those responsible for IT systems hear the phrase “Network Security Audit” their reaction is often to assume that they will have their working practices pulled apart and be presented with a report that highlights all the mistakes they have made. This is far from the reality with Optimity; our audit team are very aware of the way that IT infrastructures evolve over time and that immediate needs often mean that policies and checks are bypassed to satisfy the objective.
On top of this, it is likely that every application, device and operating system will be having constant updates that may create vulnerabilities that only testing will uncover. Managing networks is a demanding job that requires constant attention and we’ve yet to meet any network manager an empty list of to-do’s.
When you engage with a Managed Service Provider (MSP) like Optimity, it is necessary for us to fully understand your infrastructure, vulnerabilities, strategy and practices and this is all covered within our Network Security Audit. So, let’s take a look at how it works, and why should you run one.
Our Network Security Audits (NSA)
The Optimity NSA is a service offered to all customers. In this process, we will investigate your security policies and the assets on the network to identify any weaknesses that put your business at risk of a security breach.
While the elements of an NSA will vary from customer to customer, they will generally include:
- Device & Platform Audit. The initial phase of the audit is to identify all of the assets on your network, as well as the operating systems they use. This is vital to ensure that any and all threats have been identified.
- Penetration Testing. These tests serve as a attack test for your network’s security architecture. Our team will try to break your security architecture to find and report unknown issues.
- Policy Review. We will review all of your security policies and procedures to see whether they match up to the standards needed to protect your technology and information assets. We’ll look at many areas including who has access to what, and whether they really need that access as well as individual rights to save, export, download or manipulate key company data.
- Architecture Review. The architecture review analyses the actual controls and technologies that are in place. This follows on from the device & platform audit process to give you an in-depth analysis of your cybersecurity measures.
- Risk Assessment. During this phase we will conduct numerous assessments to determine your systems (process, application, and function), identify threats, and analyse the control environment to determine what your risks are and their potential impact. This information is then used to prioritise the remedies.
- Firewall Review. Probably one of the most important areas of our audit will be the configuration and suitability of your firewall. We will review your firewall’s topology, rule-base analyses, management processes/procedures, and configuration. Our team will also evaluate the policies for remote access and check to see if the firewall is up to date and effectively managed.
After the audit is complete, you will be provided with a comprehensive report telling you what everything you need to know together with our detailed recommendations.
Audits are not a one-off event
Optimity NSA’s are important because they help us and you identify your biggest security risks so you can make changes that will protect your company from those risks. That’s pretty common knowledge. However, a network security audit should never be a one-off event. Ideally, you should be expecting a NSA at least annually.
An Optimity NSA helps our customers avoid the worst security risks to minimise their chances of being a victim of a security breach. When compared to the expense, loss of reputation, and frustration of a major data breach together with the risk of losing vital commercial data, the time and effort of carrying out a thorough network security audit is hugely preferable.