Network Architecture Review

Contact Us Today for a Network Architecture Review

Network Architecture Review Information

A Network Architecture Review is a detailed analysis of relevant network artifacts (e.g. network diagrams, security and regulatory requirements, technology inventory, exposed applications and APIs, public/private cloud utilization) to ensure that the network elements and overall solution architecture optimally protect critical assets, sensitive data stores and business-critical interconnections.

Key activities include:

Consult with members of the network, security, enterprise architecture, and applications teams and management to understand:

  • the business goals as they relate to the enterprise public/private/hybrid cloud infrastructure;
  • the contractual obligations, laws/regulations, and internal/third-party objectives relating to the data being stored/processed/transited (e.g., PCI/CMMC segregation requirements, CSA STAR, ISO 27001, a “zero trust” model)
  • the key applications and services that need to be exposed to employees, contractors, and business partners;
  • key controls integral to securing the network, applications and critical data (e.g., firewalls, multi-factor authentication, Network Access Control, Cloud Access Security Brokers, Web Application Firewalls, key management/encryption, vulnerability/asset/configuration management, logging, incident response, data loss prevention (DLP), vendor risk management); and,
  • results for previous risk assessments, gap assessment, penetration tests, and/or security incidents.

Assess the current/planned architecture and security controls against relevant frameworks (e.g., ISO 27002, CIS Critical Security Controls, OWASP ASVS).

  • Perform technical testing as required to validate the design, operation and effectiveness of the architecture (e.g.,, segmentation testing, data exfiltration, penetration testing, firewall configuration/rule-base review)
  • Formally report results and relevant findings, and generate a gap remediation plan.   Where possible, the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.
  • Analysis against relevant standards, laws/regulations, and prevailing good practice; and,
  • Formal reporting on the process, gap analysis, relevant findings, and mitigation roadmap. Where possible the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.

The predominant benefits realized by a Network Architecture Review are:

  • Minimizes the risk (and potential of a security incident) by verifying the design and operation of the key architectural and operations controls intended to secure key systems, applications, and data;
  • Provides independent/objective assurance to key stakeholders including regulators, clients, and third-party auditors (e.g., ISO 27001, SOC2, SEC); and,
  • Ensures compliance with key regulations and contractual obligations.

Network Architecture Review: Best Used

  • When you are planning or have made significant changes to the network or key applications and require assurance that the necessary security controls are in place to address said changes; and,
  • When you require assurance that new/increased information technology risks relating to external changes (e.g., deployment of a new application, compliance with a new law/regulation, migration to the cloud (IaaS/SaaS/PaaS) are mitigated to an acceptable level.