Network Architecture Review
Contact Us Today for a Network Architecture Review
Network Architecture Review Information
A Network Architecture Review is a detailed analysis of relevant network artifacts (e.g. network diagrams, security and regulatory requirements, technology inventory, exposed applications and APIs, public/private cloud utilization) to ensure that the network elements and overall solution architecture optimally protect critical assets, sensitive data stores and business-critical interconnections.
Key activities include:
Consult with members of the network, security, enterprise architecture, and applications teams and management to understand:
- the business goals as they relate to the enterprise public/private/hybrid cloud infrastructure;
- the contractual obligations, laws/regulations, and internal/third-party objectives relating to the data being stored/processed/transited (e.g., PCI/CMMC segregation requirements, CSA STAR, ISO 27001, a “zero trust” model)
- the key applications and services that need to be exposed to employees, contractors, and business partners;
- key controls integral to securing the network, applications and critical data (e.g., firewalls, multi-factor authentication, Network Access Control, Cloud Access Security Brokers, Web Application Firewalls, key management/encryption, vulnerability/asset/configuration management, logging, incident response, data loss prevention (DLP), vendor risk management); and,
- results for previous risk assessments, gap assessment, penetration tests, and/or security incidents.
Assess the current/planned architecture and security controls against relevant frameworks (e.g., ISO 27002, CIS Critical Security Controls, OWASP ASVS).
- Perform technical testing as required to validate the design, operation and effectiveness of the architecture (e.g.,, segmentation testing, data exfiltration, penetration testing, firewall configuration/rule-base review)
- Formally report results and relevant findings, and generate a gap remediation plan. Where possible, the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.
- Analysis against relevant standards, laws/regulations, and prevailing good practice; and,
- Formal reporting on the process, gap analysis, relevant findings, and mitigation roadmap. Where possible the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.
The predominant benefits realized by a Network Architecture Review are:
- Minimizes the risk (and potential of a security incident) by verifying the design and operation of the key architectural and operations controls intended to secure key systems, applications, and data;
- Provides independent/objective assurance to key stakeholders including regulators, clients, and third-party auditors (e.g., ISO 27001, SOC2, SEC); and,
- Ensures compliance with key regulations and contractual obligations.
Network Architecture Review: Best Used
- When you are planning or have made significant changes to the network or key applications and require assurance that the necessary security controls are in place to address said changes; and,
- When you require assurance that new/increased information technology risks relating to external changes (e.g., deployment of a new application, compliance with a new law/regulation, migration to the cloud (IaaS/SaaS/PaaS) are mitigated to an acceptable level.