IIJA's Security Assessment service
will scan your network for security holes and provide
a comprehensive written report. One customer, however,
requested for additional help in addition to the standard
service offering.
IIJA has offered Security Assessment
service to scan servers and routers for vulnerabilities
in the past few years. One customer has approached us
with additional requirements.
IT staff is time pressed to read the report
Executive summary to submit to the upper management
No expertise in a particular brand of network devices
or servers
Difficult to judge whether something assessed as
a risk is truly a risk
Current IT staff lacks expertise
in certain systems installed by ex-employees of the
company. The customer also wanted to discuss available
scenarios with outside engineers to gain an objective
insight before making a decision.
Additionally, the customer requested a high-level
executive summary to submit to their upper management
and administration department.
To address the customer issues,
IIJA added the following services to the Security Assessment
solution:
1.
Assessment scan
2.
Technical advisory, customer - IIJA meeting
A monthly 3-4 hour meeting to discuss the scan results
3.
Apply security fixes with IIJA's automated PC Management
tool
MS security patches are distributed in an automated
and efficient method
4.
Verification scan
2nd scan to compare the result with that of 1st
scan
The customer decided on a course
of actions based on the customer's current system configuration
and IIJA's technical advisory. The customer and IIJA
spend 3-4 hours each month to review the scan results
and discuss the best method of remediation.
IIJA's PC Management tool applies the security fixes
to multiple PCs on LAN automatically. Patch status is
updated and reported in the progress report.
As a result of monthly security
assessment, the customer has expressed the following
benefits:
Critical security holes were remedied by a patch
program or a simple configuration change
Objective technical advice in multiple technical
fields
The PC management tool brought each PC's patch level
up to date. A centralized management eliminated
unnecessary travel among PCs.
The assessment report can be presented in the event
of an IT audit
Monthly meetings raised the IT staff's general awareness
in security
Even when the scan discovers
a security hole, we carefully consider the role of the
device in the network environment and compatibility
with other systems before making an action plan.
The scan also reveals basic configuration mistakes
(i.e. not changing factory default setting) in addition
to scanning the software and firmware vulnerabilities.
This identified necessary area of training and raised
awareness in security among the customer's IT staff.
