Our assessment portfolio offers an organisation full visibility into potential risks that may impact the business and lead to costly outages if not addressed. As managing risk is a big concern for most organisations, we have seen these services heavily adopted by those looking to reduce IT regulatory compliance overheads. 

The core assessment packages are summarised as follows:  

 

FIREWALL AUDIT 

This process involves comparing the actual behaviour of L3 forwarding devices against industry best-practice standards, as well as any organisation-specific standards. 

Typical results for this audit include compliance metrics for each device and it’s specific rules, plus access routes between defined sources and destinations. 

Deliverables: 

  • Identify risky rules 
  • Normalise the rulesets in a multi-vendor environment 
  • Identify misconfigurations 
  • Audit ruleset compliance against a fixed policy  

 

NETWORK AUDIT 

Skybox will accurately model the internal network to analyse potential vulnerabilities and attacks possible through perimeter connection points. 

The Network Audit includes a multi-step analysis to fully understand and report on the propagation of an attack against internal networks and business assets. 

Consider the output similar to using an application like Google Maps, in that the primary output will include a high-level real-time view of the audited areas, which can be zoomed in on for further review. 

Deliverables: 

  • Map exact network topology 
  • Verify network configuration compliance 
  • Provide visibility over network ingress/egress points 

 

 

VULNERABILITY AUDIT 

This audit enables organisations to identify vulnerabilities and their severity, then define the best course of action to prioritise remediation efforts in line with the most critical challenges. 

Through creating it’s own virtual sandbox environment, Skybox will run a series of attack simulations and audit the subsequent vulnerability levels in the internal network. 

Deliverables: 

  • Provide a real-time view of vulnerabilities and their severity 
  • Vulnerability prioritisation 
  • Remediation recommendations 
  • Attack path analysis 

 

Assessments can be taken as individual modules or any combination of the three, including a comprehensive Full Network Risk Audit that will provide all three layers of analysis; Skybox audits can be completed without impacting on the performance of the network. 

Pricing is available upon application - you just need to advise us which audit module(s) you'd like pricing for and outline how many devices and their make/model are to be within the assessment scope.

All assessments include a formal presentation of findings, as well as a summary of recommendations.

Any benefits gained through these assessment services are available to take on as a regular audit, as an ongoing managed service, or as a full product purchase.