Why a security audit?
A modern, secure IT environment is composed of tons of technological components: next-generation firewalls, anti-virus, -spam, and -malware solutions, web filters, proxies, secure remote access solutions, solutions for authentication, WAN acceleration, application delivery, load balancing, switching, internet VPN connections, wireless solutions, data center security, PKI Infrastructure, web security scanning (PCI), not to mention mobile device management.
It can quickly become a complicated exercise to keep a clear overview of the current security posture in your organization and to know where are the priorities. Our security audit, also known as the Security Hardening Audit, can help providing the necessary security intelligence.
"As an entrepreneur today you face many challenges and often IT infrastructure is your last concern. Whichever way you run it, digitization has ensured that IT is closely intertwined with the operational side of your organization. A data breach or hacking can cost a lot of money, not to mention the additional image damage. IT may not be the focus of your business, but those who aren't strong need to be smart. An IT security audit is an ideal starting point to start working on the IT maturity of your company at your own pace".
"IT never stands still, just like the company you work for. The infrastructure is becoming more and more complex, the applications your employees use are becoming more and more numerous, and is your team growing along with it? As a CIO or IT Manager, it is becoming increasingly difficult to maintain a complete overview of the entire IT infrastructure and security. An IT security audit is a perfect starting point to determine the best strategy. And whether you carry out the recommendations after the audit yourself or have them done by EASI, is entirely up to you".
"The choice between spending money on improving your IT infrastructure or paying hackers to release your data is easily made. As a finance manager, I prefer to maintain full control and prefer a clear picture of the TCO of my IT environment and security. First and foremost, I want to know which priorities I want to spend my budget on. An IT Security Audit is the perfect tool for this: it is an in-depth analysis that helps me to guarantee the continuity of my business operations".
During an IT security audit, our experts uncover all the pain points of your IT infrastructure, followed by concrete advice. How and if you apply these, you decide for yourself and at your own pace. Through the analysis, we can offer forward-looking scenarios in which your IT infrastructure and security grow along with your business objectives.
Whether you are conducting an IT security audit in the aftermath of an attack, want your IT security to gradually grow with your business, or want to migrate to the cloud: an IT security audit is always adapted to your budget. The audit exposes quick-wins and creates a roadmap in which your expectations, needs, focus and costs are aligned.
Periodically performing an IT security audit is like taking out an insurance on your business: an insurance for continuity. The results of the audit will help you determine the right strategy, implement the right action plan and alleviate your worries. You also protect yourself against possible unnecessary costs in case of data breaches.
"You can no longer take out life insurance if it is too late"
For IT security this also applies: you are better prepared than too late.
The first phase is all about gathering information. EASI’s security engineer will focus on your critical applications and systems and collect all necessary information to perform the audit. This information will be gathered through interviews, data extracts, and supporting documentation. Amongst others, the protection of data and GDPR aspects will be screened. Every systems hardening audit we perform is different: we adjust the audit to fit the exact needs of each and every customer.
Checks will be performed at different levels:
- Network: WAN connectivity, Switch, Router, Wireless Access Point, DNS;
- Cybersecurity: Firewall, VPN, Anti-virus, Anti-spam;
- Web: Apache/IIS Configuration, Website SSL Rating, Proxy, Reverse Proxy;
- Endpoints: Laptop/Desktop, Smartphone;
- Data: Authentication, Authorization & Accounting;
- Storage: Analysis on data storage;
- Servers: Backup, Management, Encryption, Windows, Linux, MacOS;
- Databases: Microsoft SQL, Oracle, MySQL;
- Mail: IBM Domino, Microsoft Exchange, Office 365, Google Mail;
- Network Vulnerability Scan.
Analysis and interpretation
The second phase consists of the analysis and interpretation of the collected information. This will give you a complete view of your IT infrastructure's security across the different layers defined in the first phase.
Presentation & recommendations
In the third phase, we will provide a complete and detailed presentation of the report. This report contains the findings for each of the audited elements, as well as recommendations to remediate the findings. These recommendations are presented in an action plan, consisting of:
- quick-wins: increasing the level of security in a short time period; and
- a roadmap: containing structural recommendations for those remediation actions that require more time.
After this audit, you're free to decide whether you're going to implement the recommendations yourself or with EASI's help.
Specializations: Design & implementation of Security solutions. Ethical hacking (Red team)
Strengths: Go-getter & customer-oriented
Why choose EASI: "How I feel, customers do not simply choose EASI for advice on the security of their IT infrastructure. No, they trust us because we guide them through a process that they decide for themselves. During an IT security audit, it is logical that the customer is at the center. Moreover, our people constantly update their knowledge in order to always be able to offer the best approach and technologies."
Specializations: IT security & Workplace modernization
Strengths: Team player & Pragmatic
Why choose EASI: "I think customers choose EASI because we combine high-level management expertise with many technical experts, which makes our reports very concrete, realistic, pragmatic and actionable. As an Account Manager, I try to work as transparently as possible: you know from start to finish what the project is going to cost you. I always keep the TCO of the customer in mind because a higher level of security does not immediately mean that it has to be more expensive: sometimes it can just be done in a more efficient way."
Specializations: Network security technologies
Strengths: Analytical and critical thinking with attention for people
Why choose EASI: "We have the people who can think through a process or technology and identify the risk for the company. The most important thing is that they can immerse themselves in the technical aspect without losing themselves in the details and arrive at data-driven conclusions. EASI attaches great importance to all levels, from the most detailed technical person to the highest C-level. During an IT security audit, we cover all aspects of security in order to deliver the best security roadmap".
Penetration testing (aka "ethical hacking") is a set of actions, performed by Certified Ethical Hackers from EASI, that will replicate malicious behaviors in order to check that your IT infrastructure or the defined scope is correctly protected and configured.
Companies often come to us with questions like: “I’ve taken all possible security measurements – firewall, antivirus, anti-spam, web filters, IDP & IPS, etc.- Still, my data has been encrypted by a cryptovirus. What am I doing wrong?” The answer is: You have forgotten your users!
As part of the Vulnerability Scanning As A Service (VSaaS) solution offered by EASI, you are guaranteed to receive instant notifications (and recommendations!) on severe vulnerabilities that are impacting your IT systems and web applications.