Current State Assessment & Advisory

Current State Assessment of Security Posture

Organizational Security Posture Assessments give you the whole picture of how your information security program serves your organization – for now and the future.

The challenges of keeping your infrastructure secure have never been greater or more important to your business. To help ensure your business is protected, security must be an intrinsic part of your operations, implemented throughout your environment to address a range of security threats. To help you mitigate security threats and meet your goals for productivity and total cost of ownership, NetSentries offers a current state assessment of your security posture addressing management practices, risk assessment, controls, policies, communication, training, and user awareness. We use a structured and proven security assessment methodology along with a project approach designed to meet the specific objectives within your Organization.

Current State Assessment

Current State Assessment (CSA) is the next generation security assessment service from NetSentries. Traditional security testing services like Vulnerability Assessment and Penetration testing focuses only on the application or infrastructure components alone.
The purpose of the CSA Service is to analyze a Customer’s environment end to end and provide higher visibility into their existing security posture across a wide field of view. This is a broad security assessment for those organizations that need a macro view of their environment to ensure all of the industry recommended security best practices are implemented, vulnerabilities are fixed, security controls are in alignment with the Information Security Policy and Compliance standards, Threat monitoring is effective, Policies and Standards are well developed and maintained, Access control and Content Filtering is effective, Risk Register is properly maintained, Logging and Auditing is proper, Incident Response measures are well developed and implemented, Patch Management is up to date , Security Architecture is flawless and End Point and Network Security Controls are properly implemented. This assessment will be followed with a thorough penetration testing of the client IT, IoT (Internet of Things), IIoT (Industrial Internet of Things) and ICS (Industrial Control Systems) network infrastructure and applications.

Our experienced and skilled Penetration Testing team at NetSentries have developed a unique framework for the vulnerability assessment and penetration testing service of corporate IoT, IIoT and ICS networks. The data derived from CSA will lead to the presentation of a Findings Report outlining any key observations of general security risk, threats, vulnerabilities and recommendations to remediate the identified issues. These recommendations are a combination of tools, industry best practices, and professional services suitable to the Customer environment. Implementation of a solution or remediation of any identified issues will be available as a separate service if requested by Customer.
A pre-engagement questionnaire will be shared with the customer initially to properly understand the scope of the service.

Kick-Off and Data Gathering:

NetSentries will perform an onsite kick off meeting at Customer’s location with applicable stakeholders to set the stage with Customer and Project team. The various tasks included in the CSA

service will be outlined, systems in scope of the assessment will be determined, access to customer

environment needed will be agreed, inventory, device configurations, network topology, policies

and standards and any high-level information necessary to perform the service will be decided during this phase. Data gathering will be spread across several days depending on the size of the environment and will utilize various methods to collect data.

Report & Security Roadmap Presentation:

NetSentries will document the results in a Findings Report, along with recommended steps to mitigate any potential issues. The findings and recommendations will be presented to the Customer. A complete security roadmap for the organization will also be developed and shared. NetSentries provides additional implementation services and remediation assistance for any solutions recommended during the assessment.

Review, Analysis and Testing:

NetSentries will perform a detailed analysis of the data collected, identify any risks, threats, and/or vulnerabilities based on the data gathered. Multiple levels of testing and analysis based on our next generation VAPT framework will also be carried out as needed. These findings will be organized and documented in the Findings Report.