Evolution

eSecure Audit

eSecure Audit

eSecure Audit: 360° auditing and vulnerability management

Our eSecure Audit service puts world class IT security auditing at your fingertips, with on demand automated scanning for all known vulnerabilities, alongside in-depth scans carried out by automated tools and our team of experienced penetration testing engineers. All scans result in a comprehensive report assessing any vulnerabilities that may be present with suggested solutions for plugging the holes.

The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. The intent of eSecure Audit is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered.

eSecure Audit is available in three tiers:

Tier one
A digital scan to identify what is visible to a hacker from the Internet. This is an automated scan using nmap, nessus, and other open source scanning products, with all results compiled as a single, easy-to-absorb vulnerability assessment. Scans can be scheduled at regular intervals and accessed from the eSecure 360° Unified Digital Defence Portal.

Tier two
A “blind” attempt by eSecure engineers to defeat an organisation’s IT perimeter security using standard hacking tools and techniques. Our specialists will determine the location and extent of target systems before commencing their analysis. An assessment report of the security issues found is produced together with an executive summary containing recommendations for mitigation of the threats posed. All testing is a “dry run” only and guaranteed to do no damage to client systems.

Tier three
A well-planned and co-ordinated mock attack using bespoke tools designed specifically to defeat the target organisation’s defences. This type of penetration test is only appropriate for organisations that require very high levels of security. An in-depth assessment report of the security issues found is produced together with an executive summary containing recommendations for mitigation of the threats posed.