Vulnerability assessment, penetration testing & configuration review
Cyber Risk Services
The requirement to secure today’s network services is no longer focused on securing the perimeter alone. ‘Defence in depth’ is the challenge organizations are facing. Additionally, the frequency and level of sophistication of attacks has grown spectacularly over the last couple of years, whilst at the same time, the level of skills and knowledge required to carry out these attacks has decreased.
In order to keep up with the risk of attacks, organisations need to utilise professional expertise to secure their infrastructure and applications. Deloitte offers services that help mitigating the risk of security breaches:
- Vulnerability assessment: assessment of the risks posed by security vulnerabilities in your systems
- Infrastructure penetration testing: penetration testing to simulate a hacker attack on your critical network infrastructure
- Application penetration testing: assessment to determine flaws in the web applications that may allow unauthorized access or unauthorized transactions
- Configuration review: review of your servers configuration to determine weaknesses
Deloitte’s work plan has been aligned to your needs and operates proactively to identify threats in all external or internal access points and suggest clear remediation options.
Our approach can be summarised as follows:
- We establish the scope, so that you can control the effects of any possible test in time and space. We also agree upfront on escalation and incident management procedures in case tests yield a noticeable operational effect.
- We document the type of attacks, the applications, the data and the potential weaknesses you are most concerned about. Our experience has shown that every company has its unique risk profile that drives the type, scope and level of hostility of our tests.
- We determine and scan for the systems, network components, and wireless connection points visible from the attack points. Our experience has shown that this type of discovery generally leads to surprises that confirm the need of attack and penetration testing.
- We conduct a wide range of vulnerability scans and simulated attacks using Deloitte methodology and tools. All tests are bound by the agreed time-table and scope and by the Deloitte policy and service agreement. This ensures that the tests don’t miss anything and yet do not harm your normal operations.
A combination of Internet based and inside-the-DMZ tests ensure complete coverage and allows you to understand the vulnerability level in case of faulty configuration or maintenance later on.
- Our services go beyond technical vulnerability assessments. We translate technical issues found business risks.
- Our ability to act as advisor and partner to help you resolve vulnerabilities in a vendor-agnostic (but knowledgeable) way.
- We deliver reports that are to-the-point, that answer the 'so-what?' questions and provide clear guidance on how to solve the issues at hand.
- All penetration tests are performed by Deloitte professionals to limit your exposure and disclosure.
- Our professionals arrive at their conclusions by using the same tools and techniques as rogue hackers, and by following a pragmatic and project-oriented approach to ensure predictability and consistency.
- Selected hosts or networks are targeted carefully, to protect the integrity of critical systems, data and applications and keep any side-effect on other hosts to an absolute minimum.