General Assessments
Information Security Maturity Assessment
Do you wish to understand your overall information & cyber security posture and maturity? Partners Consult’s Information Security Maturity Assessment includes a detailed analysis of an organisation’s information & cyber security capabilities. The assessment includes review of governance documentation, security technology architecture and configurations, operational security competencies, maturity in self-measurement and reporting, etc. A skilled and experienced practitioner will evaluate these aspects across the following major information security "themes":
- Information & cyber security structure and operating model
- Information classification
- Asset management
- People (human) security
- Network security
- Identity and access management
- System and infrastructure security
- Cloud security
- Application (SDLC) security
- Threat and vulnerability management
- Cryptography
- Data and communication security
- Supplier security management
- Incident identification and response
- Risk and compliance management
Maturity levels are measured across the above themes and their detailed sub-components. We measure key controls which determine mature outcomes, instead of focussing on superficial symptomatic controls. Therefore, we identify shortfalls which will have the most bearing on your overall cyber security posture. Risk areas are described in detail and structured improvement steps are provided to close gaps and manage residual risks.
Technical Security Assessments
External Penetration Tests
Understand the susceptibility of your Internet-facing systems and cloud infrastructure, web applications and web APIs to attack. Partners Consult uses a proven and robust methodology, informed by our analyst team’s experience, including our founder’s experience in performing penetration tests for more than 20 years. We use industry-leading commercial infrastructure vulnerability scanning and web application security scanning technologies, combined with fit-for-purpose open-source tooling, to ensure comprehensive automated coverage of your attack surface. The skill of our analyst team in performing manual security testing and proof of exploitation ("penetration testing"), combined with our methodology and strength in reporting ensures a high-quality outcome, without costing you an arm and a leg.
Web Application Security Assessments
Obtain a comprehensive view of the unauthenticated and authenticated areas of your web application within its runtime state. Our Web Application Security Assessments (“grey-box” penetration test) includes comprehensive assessment of all web application’s runtime functionality, across all levels of authorisation. Again, we use industry-leading tooling, skilled analysts, a strong methodology and a comprehensive reporting approach to ensure high quality outcomes.
Mobile Application Security Assessments
Understand possible security vulnerabilities affecting your mobile applications. Our Mobile Application Security Assessments include automated scanning (using commercial dynamic application analysis and open-source tooling) and manual security assessment of the client-side application package. Our mature Mobile Application Security Assessment Methodology covers prominent client-side application vulnerabilities, as well as assessment of vulnerabilities in network transport and server-side integration points (such as web APIs). Our Mobile Application Security Assessment also includes a full Web Application Security Assessment of server-side web APIs. You can expect the same quality outcome and strong reporting as with our other assessments.
Internal Penetration Test
Obtain a view of the security of systems on your internal network (inside of your network perimeter). These engagements can take the form of a generalised Internal Penetration Test, which targets any systems from the vantage point the analyst has on the internal network, or a targeted Internal Penetration Test, focussed on achieving specific compromise objectives. We use a combination of industry leading tooling for automated vulnerability scanning, fit-for-purpose open-source tooling for active and passive attacks, and a strong methodology combined with skilled manual security assessment. The outcome is a comprehensive report with detailed findings and corrective measures, a summary of outcome and a structured plan to guide remediation.
Firewall Security Assessments
Analysis of routing and firewall access rules by a skilled analyst is difficult to replace with purely automated “scanning” technology. Context and perception of the intent of rules, as well as how they may have been misconfigured in the specific business context, is key to understanding risks in firewall and network filtering implementations (whether on-prem or on-cloud). Our Firewall Security Assessments provide detailed (rule-by-rule) analysis to ensure network filtering and other controls (intrusion prevention, anti-botnet, content filtering, etc.) are correctly implemented and provide the levels of protection you expect. Security configuration of the firewall and network filtering platform is also reviewed, to ensure these platforms are themselves reasonably secure and all relevant licensed components are utilised.
Miscellaneous
We also perform a range of other technical security assessments, including:
- Cloud Security Architecture Assessments
- Cloud Security Risk Assessments
- Wireless Security Assessments
- VoIP Security Assessments
- Security Configuration Reviews
- Etc.
Speak with us if you'd like to know more.