Network Architecture Review

Our Suite of Pen Testing Services

Network Architecture Review

A Network Architecture Review is a detailed analysis of relevant network artifacts (e.g. network diagrams, security and regulatory requirements, technology inventory, exposed applications and APIs, public/private cloud utilization) to ensure that the network elements and overall solution architecture optimally protect critical assets, sensitive data stores and business-critical interconnections.

Key activities include:

  • the business goals as they relate to the enterprise public/private/hybrid cloud infrastructure;
  • the contractual obligations, laws/regulations, and internal/third-party objectives relating to the data being stored/processed/transited (e.g., PCI/CMMC segregation requirements, CSA STAR, ISO 27001, a “zero trust” model)
  • the key applications and services that need to be exposed to employees, contractors, and business partners;
  • key controls integral to securing the network, applications and critical data (e.g., firewalls, multi-factor authentication, Network Access Control, Cloud Access Security Brokers, Web Application Firewalls, key management/encryption, vulnerability/asset/configuration management, logging, incident response, data loss prevention (DLP), vendor risk management); and,
  • results for previous risk assessments, gap assessment, penetration tests, and/or security incidents.
  • Assess the current/planned architecture and security controls against relevant frameworks (e.g., ISO 27002, CIS Critical Security Controls, OWASP ASVS).
  • Perform technical testing as required to validate the design, operation and effectiveness of the architecture (e.g.,, segmentation testing, data exfiltration, penetration testing, firewall configuration/rule-base review)
  • Formally report results and relevant findings, and generate a gap remediation plan. Where possible, the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.
  • Analysis against relevant standards, laws/regulations, and prevailing good practice; and,
  • Formal reporting on the process, gap analysis, relevant findings, and mitigation roadmap. Where possible the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.
  • The predominant benefits realized by a Network Architecture Review are:
  • Minimizes the risk (and potential of a security incident) by verifying the design and operation of the key architectural and operations controls intended to secure key systems, applications, and data;
  • Provides independent/objective assurance to key stakeholders including regulators, clients, and third-party auditors (e.g., ISO 27001, SOC2, SEC); and,
    Ensures compliance with key regulations and contractual obligations.

Network Architecture Review: Best Used

When you are planning or have made significant changes to the network or key applications and require assurance that the necessary security controls are in place to address said changes; and,
When you require assurance that new/increased information technology risks relating to external changes (e.g., deployment of a new application, compliance with a new law/regulation, migration to the cloud (IaaS/SaaS/PaaS) are mitigated to an acceptable level.

Prove You are Secure from Malicious Activities Both Inside & Out

Whether you need to prove regulatory compliance, satisfy a request from your boss, or need to show security maturity to a client (or clients), a penetration test is a great mechanism to accomplish your goals.

What is a Penetration Test?

Penetration testing, also known as Ethical Hacking, is a method of evaluating the security of your network infrastructure, i.e. computer systems, networks, people or applications – by simulating an attack from malicious outsiders (unauthorized) and/or malicious insiders (authorized) to identify attack vectors, vulnerabilities and control weaknesses. It involves the use of a variety of manual techniques supported by automated tools and looks to exploit known vulnerabilities.

Our experienced testers identify specific weaknesses in an organization’s security operation. By safely attempting to discover and exploit the vulnerabilities of your network, applications, people, and more, we find the “leaks” in your system before damage occurs.

What do you want to test?

 

Do I really need a Penetration Test?

This might sound like a ridiculous question but please hear us out…

Penetration testing is often confused with other forms of technical security testing, particularly Vulnerability Assessments. The information obtained, effort required, and cost are very different between these two assessments. Please don’t go and pay for a penetration test when all you may need is a vulnerability assessment. We have seen too many organizations burned by security companies because they were sold a bag of goods they did not need.

Why Pivot Point?

Pivot Point Security is a leader in penetration testing and vulnerability assessment (as well as ISO 27001 consulting, ISMS consulting, and more!). We have been providing the most advanced security testing services since 2001 and have helped thousands of companies validate that they are secure and their business-critical information is safe. As an industry leader, we are committed to maintaining the highest levels of training and certifications for all of our security testing experts.

Frequently Asked Questions

Why do we need Penetration Testing?

Your company can use Penetration Testing to:

Confirm that your environment is as secure as you believe
Prove to a third party that you are a secure and trustworthy partner
Quickly assess the security of a less mature control environment (in a sense, a technical risk assessment)
After a major change (e.g., the installation of a high risk system/application) to ensure that the security controls are operating as intended

What is a Penetration Testing tool?

Your company can use Penetration Testing to:

Confirm that your environment is as secure as you believe
Prove to a third party that you are a secure and trustworthy partner
Quickly assess the security of a less mature control environment (in a sense, a technical risk assessment)
After a major change (e.g., the installation of a high risk system/application) to ensure that the security controls are operating as intended

How does Penetration Testing work?

Your company can use Penetration Testing to:

Confirm that your environment is as secure as you believe
Prove to a third party that you are a secure and trustworthy partner
Quickly assess the security of a less mature control environment (in a sense, a technical risk assessment)
After a major change (e.g., the installation of a high risk system/application) to ensure that the security controls are operating as intended

How long does Penetration Testing take? Will it shut down our office?

Your company can use Penetration Testing to:

Confirm that your environment is as secure as you believe
Prove to a third party that you are a secure and trustworthy partner
Quickly assess the security of a less mature control environment (in a sense, a technical risk assessment)
After a major change (e.g., the installation of a high risk system/application) to ensure that the security controls are operating as intended

Will Penetration Testing involve our employees?

Your company can use Penetration Testing to:

Confirm that your environment is as secure as you believe
Prove to a third party that you are a secure and trustworthy partner
Quickly assess the security of a less mature control environment (in a sense, a technical risk assessment)
After a major change (e.g., the installation of a high risk system/application) to ensure that the security controls are operating as intended

What kind of reporting will I receive?

Your company can use Penetration Testing to:

Confirm that your environment is as secure as you believe
Prove to a third party that you are a secure and trustworthy partner
Quickly assess the security of a less mature control environment (in a sense, a technical risk assessment)
After a major change (e.g., the installation of a high risk system/application) to ensure that the security controls are operating as intended

Download Related Pen Testing Resources

Sample Report:

  • External Vulnerability Assessment (sample)

Free PDFs:

  • Ready for a Pen Test? (Infographic)
  • vCISO Implementation Roadmap
  • ISO 27001 Roadmap

Penetration Testing Blog Posts

Screen Shot 2022 06 06 at 2.24 1 min

NopSec’s Vision for Attack Surface Management

by Pivot Point Security | Jun 6, 2022
Reading Time: 2 minutes The US Department of Defense (DoD) recently announced that …read more

Screen Shot 2022 06 06 at 2.24 1 1 min

Attack Surface Management: Should It Cover Configuration Management?

by Pivot Point Security | Jun 6, 2022
The growing use of cloud services, virtualization and containers coupled with remote working…read more

Screen Shot 2022 06 06 at 2.24 1 2 min

What is Attack Surface Management and Why Should We (as an Org with Vulnerabilities) Care?

by Pivot Point Security | Jun 6, 2022
With the rise of cloud services and remote working, many businesses are still playing catch-up …read more