Cyber Readiness Assessment
Is your organization prepared to defend against the technical acumen of modern day cyber attackers? Polito's MasterCrafted Cyber Readiness Assessment will help determine what your strengths and weaknesses are and we'll provide the expert guidance you need to truly be cyber ready.
Are You Ready?
Cyber security is just one of a plethora of issues facing modern companies. In addition to running day to day operations, your organization may be challenged with defending against cyber attacks by very motivated attackers who will stop at nothing to gain access to your most sensitive information. Most companies we have worked with are medium and larger companies facing similar issues in their attempt to address the cyber security threat: complexity, heterogeneity (how better to capture non-standard/disparate environments), visibility, time, and resources. All of these factors combine to make defensive cyber operations an enormously complex issue. There’s no way around it - defending a modern day corporate network takes commitment from all levels of the company. How well is your organization prepared to address these issues?
Polito’s cyber readiness assessment incorporates a holistic review of your cyber security policies, procedures, and posture. Do your cyber security policies address the key issues facing modern companies? Do you have appropriate perimeter defenses? Are your employees alert enough to identify phishing attacks? Are your endpoint detection and response capabilities adequate? Is your internal security team right-sized and able to adequately respond to attacks? Can your IT team remediate vulnerabilities before they are exploited? From CEO to technician, we assess your organization’s ability to withstand modern cyber attacks.
"The security professionals at Polito provide us with a third-party perspective on our cyber security posture. Their years of experience in information security and cyber threat management provide me valuable, trusted resources to help manage my infrastructure."
Larry Larsen, Director of Cyber Security, Apple FCU
Cyber Readiness Assessment
Cyber Policy Review
Our team of experts will review your current cyber security policies and make recommendations to modernize them as necessary and/or implement new policies as needed. It has been our experience that many companies do not adequately address cyber security risk through high-level guidance in the form of policy documents that prescribe employee behavior. We can help fix this.
Our configuration review involves a detailed assessment of your networked devices, systems, domain group policy, IDS rules, firewall rules, internal network segmentation, mobile device rules, remote access rules, and any other configuration settings that might apply to your organization in order to ensure that you can meet your business objectives in the most secure way possible.
We work with your internal cyber security team to conduct credentialed scans of your network to identify common vulnerabilities. In addition we identify your core/critical business systems and focus our attention on those systems. Human Resources, Administration, Financial, Executive, Engineering, and real-time operations systems are our primary focus. We go above and beyond a standard assessment by conducting additional manual scanning to verify, validate, and extend the information provided by our automated scanners.
We perform the same scan from outside your network perimeter to see your network as an attacker would see it and identify any “low-hanging fruit” - that is, vulnerabilities that could easily be exploited by unsophisticated attackers.
Once we have intimate knowledge of your organization’s vulnerabilities, we attempt to exploit those vulnerabilities in the form of an external attack. We emulate modern day attackers and leverage well-known and sometimes more obscure vulnerabilities and exploitation techniques to gain a foothold in your network and gain access to your most sensitive information. Our ability or inability do so without triggering detection or response controls is a reflection on your security posture. We highlight gaps and make corrective recommendations, and re-evaluate once those controls have been implemented in order to ensure effectiveness.
Wireless Security Assessment
Most modern organizations implement wireless access for their employees and guests. Wireless access technologies can present their own vulnerabilities and risks to an organization that may not be accounted for in a traditional risk assessment. Polito’s wireless assessment team identifies the wireless access points and their associated devices. Using standard attack techniques, Polito’s team of experts will monitor and attack your wireless network and connected client systems in order to attempt to gain access to your network.
Identification of vulnerabilities is only half of the question that most modern executives ask us when we perform an assessment. Typically after we perform an assessment we get one question from management: “Have we already been hacked?” This is an important question that is frequently not addressed by security consulting companies who are not qualified to do the follow-on work to effectively answer that question. We actively scour your network searching for tools, techniques, and procedures used by adversaries after they have successfully exploited a computer system. We monitor endpoint activity and network communications to identify anomalies and shut down attacker activity before it can spread throughout the network and compromise sensitive data or shut down business operations.