Network Infrastructure Audits
This unique service offering is designed to perform build reviews of your internal network infrastructure (e.g. firewall, router, VPN or switch). The objective is to identify vulnerabilities in the configuration and harden the network devices against potential hacks. The security audit is more than just scanning. This service looks at the actual configurations of the devices being tested, offering much more detail than scanning tools alone.
The percentage of threats that go undetected by traditional, automated cyber security tools (AV, NGFW, SIEM, etc.)
This is the AVERAGE amount of time that an attacker dwells in a network until discovered (usually by an outside organization).
The right Network Infrastructure Audit
can save you from being the next headline.
The reports are written in plain English. Where relevant, the reports explain security vulnerabilities that are found along with ratings for how potentially dangerous they are. The following reports are currently available:
Configuration Reports; We analyze the configuration of your device and present it an accessible and ordered way.
Comprehensive Security Audits; We will process the configuration, analyses it for security weaknesses, and once again present it clearly to you. Security vulnerabilities will be graded according to the risk they pose to the organization, the ease of exploiting the vulnerability and available remediation.
Vulnerability Audits; When firmware/operating system information is provided by the user (for example, a ‘show version’ command is run when the configuration is collected), CyberHunter will report on known vulnerabilities based on the OVAL and NVD repositories.
Compliance Reports (against a variety of standards); CyberHunter can report your compliance with the following standards: Center for Internet Security (CIS) Benchmark, Security Technical Information Guide (STIG) Compliance, PCI-DSS Audit and SANS Compliance.
Change Tracking; Where raw configuration or security audit reports are run, CyberHunter can deliver the result as an XML file for later comparison against another raw configuration or security audit report on the same device.
Raw configuration details; Where possible, we will decode configuration files (if required) and output the results in a human readable form.
Filtering Complexity; Network security device audit reports will highlight conflicting, redundant and overlapping rules and will notify you where thresholds for a given device or group have been exceeded.
How is a device audit performed?
Most customers choose to manually retrieve their device configuration files and provide them for audit so we do not need to touch the network, do support network based collection of configuration files for some of our most popular supported devices. Once collated, the configuration files are audited by our CyberHunter Audit team and one or more reports are created and delivered in less than 24 hours. This process is not a scan of the network. It does not create any network traffic by default. It is a configuration analysis audit exercise and it will significantly aid you in hardening infrastructure security, or as part of a penetration test.
Each service offering** delivers executive briefing reports as well as
comprehensive technical reports such as:
• Detailed Technical Report
Managed Security Service Offerings v1.1 – CyberHunter Solutions, Inc.
• Change Reports (i.e. new vulnerabilities)
• Risk Trend Report
• Executive Briefing / Senior Executive Briefing
• Asset Reports (OS, NetBIOS, DNS, MAC)
• ISO 27001/2
• PCI (Compliance or Authorized)
• CIS (Center for Internet Security)
• SANS Policy
• Microsoft Patch Report
• Vulnerability Remediation Report
Supported devices include (but are not limited to): 3COM, Alteon, Arista Networks, Barracuda, Bay Networks, BlueCoat, Brocade, CheckPoint, Cisco, Crossbeam, Dell, Extreme Networks, F5, Forcepoint, Fortinet, Foundry Networks, GTA, H3C, HP, Huawei, IBM Proventia, Juniper Networks, McAfee, Microsoft Forefront, Netfilter, Netgear, Nokia, Nortel, Palo Alto, RuggedCom, Secure Computing, SonicWALL, Sophos, WatchGuard. Contact CyberHunter for specific models.
What standards do we audit against?
NIST National Vulnerability Database (NVD). The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
STIG (Security Technical Implementation Guide). The Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents (the Canadian ISTG-33 standard is based on NIST 800-53). In their basic sense a STIG is a specific set of configurations that make commonly used applications more secure against known vulnerabilities.
The Mitre Open Vulnerability and Assessment Language (OVAL®) database. This is an international, information security, community effort to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language.
Vulnerability Assessments vs. Penetration Tests?
Vulnerability assessments and penetration testing are terms that are used interchangeably but are ultimately different services. In plain terms, a vulnerability assessment is like a thief making a note of all your points of entry and identifying the locks you have in place. Penetration testing, on the other hand, is actually picking the lock and getting inside — but with permission.
What is a Compromise Assessment?
A compromise assessment is a proactive survey of networked devices (e.g. Windows desktops) in order to detect threats that have evaded existing security controls inside the organization. The goal is to reduce Dwell Time of attackers (catch them before they do damage), and to regularly measure the effectiveness of your security posture by providing hard evidence of the forensic state of the endpoints.
Any Threat Assessment Should Be:
- Effective – At detecting all known variants of malware, remote access tools, and indications of unauthorized access.
- Fast – Assess a large network within hours.
- Affordable – A typical organization should be able to conduct it proactively and regularly (i.e. weekly/monthly/quarterly).
- Independent – The assessment should not rely on existing detection tools already in the environment.
Why Choose CyberHunter?
- The CyberHunter Pen Test 2.0 methodology leverages the most advanced tools, techniques and procedures in the industry to enumerate, identify and report on your existing security posture.
- We are the only threat assessment solution that can perform an advanced Vulnerability Scan and Pen Test while simultaneously hunting for, and identifying Advanced Persistent Threats that are ALREADY embedded in you network.
- CyberHunter gives you the insight and cyber intelligence you need to be proactive.