Assessments

Assessments are one of the most important—and neglected—aspects of technology management. Unless business decision makers understand where the company stands, in terms of network problems, security vulnerabilities, overall IT system health and more, it cannot cost effectively resolve problems or extract full value from the firm’s IT investment.

InterDev provides a broad variety of professional IT assessment services to help firms evaluate current conditions and plan for future growth. All InterDev assessments are conducted by highly trained, experienced staff with recognized certifications from industry leaders such as Barracuda, Cisco, Dell, Fortinet, (ISC)2 and PMI.

Every assessment concludes with the presentation of a detailed analysis and report of results, with functional recommendations for improvement, prioritized by level of urgency.

IT Assessment

This comprehensive assessment probes the corporate IT structure for strengths and weaknesses and provides company leadership with an overall picture of the entire technology landscape. It looks at hard and soft asset procurement, management and support, IT policies and procedures, and more.

• Security, including firewall rules, permissions, policies and procedures
• Status of patch applications
• Backup and disaster recovery
• IT support/helpdesk effectiveness
• Monitoring system analysis
• Asset inventory and management, including license management
• System and operations documentation
• Best practices for procurement and upgrades
• Telecommunications cost-efficiency

Network Infrastructure Assessment

A Network Infrastructure Assessment identifies the network security flaws that are the single leading cause of both performance impediments and security holes. This exhaustive analysis of internal network components and their configuration and performance provides invaluable insight to:

• Explore the functionality and remaining useful service life of routers, switches, firewalls, application filters and more
• Identify network bottlenecks and other impediments caused by faulty or improperly configured hardware
• Expose security concerns from outdated or misconfigured equipment
• Provide a baseline for improvements that reduce service outages and curtail unnecessary expenditures.

IT Security Assessment

More probing than even our intensive Vulnerability Assessment, the IT Security Assessment is recommended for companies that want a true IT security investigation—especially those with exposure from sensitive or proprietary data. This activity probes deep into the organization’s technology infrastructure, systems and policies/procedures to help stakeholders make vital decisions regarding the corporate IT security posture, including but not limited to:

• Network Security: Ensure all security appliances and security-related software are properly configured, performing optimally and up to the task of securing the enterprise
• Wireless Security: Evaluate wireless networks for encryption issues, rogue (unauthorized) access points and other potential threats
• Personnel Security: Assess the organization for personnel improprieties, security training deficiencies, ineffective policies and procedures, and other high-risk issues
• Data Classification: Scrutinize how corporate data is classified and secured, including access controls

Enhanced Scans and Tests

For the deepest possible probe of network security, InterDev recommends two additional procedures. Our security experts work closely with clients to determine whether they will reap meaningful value from these add-on services. A surprising number of companies discover that their level of exposure makes these procedures a necessity.

Vulnerability Scan

Using Qualys’ industry-leading, 99.99966% accurate QualysGuard Vulnerability Scanner, our technicians safely and efficiently scan for and detect security vulnerabilities across the entire network and its perimeter. Driven by the largest and most up-to-date knowledge base of vulnerability checks in the industry, QualysGuard’s extremely accurate scans eliminate the resource drains associated with false positives, false negatives and host crashes.

• Web application scanning detects vulnerabilities in web applications of all sizes
• Malware detection scans websites for malware infections and threats
• Scan all connected devices, servers and network services on the Internet or in your network
• View interactive scan reports by threat or by patch
• Test websites and apps for top risks and malware

Penetration Test

Penetration testing moves beyond scanning to proactively, safely attempt to compromise system security by exploiting targeted external and internal vulnerabilities. Penetration tests provide a definitive benchmark that validates the effectiveness of corporate defenses, from firewalls to end-user adherence to security policies. To ensure the most effective penetration tests possible, InterDev relies on the assistance of Core Security, a global leader in penetration testing. The benefits of a Core Security penetration test include:

• Identify higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities in a particular sequence
• Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
• Assess the magnitude of potential business and operational impacts of successful attacks
• Test the ability of network defenders to successfully detect and respond to the attacks
• Support increased investments in security personnel and technology

After the test, information about any successful exploits is aggregated and presented to organizational stakeholders. InterDev’s security experts can then help the team evaluate the consequences of such incidents, reach strategic conclusions and prioritize technical and procedural countermeasures to reduce future risk.