Assess your infrastructure, processes, and security program to identify areas for improvement and security readiness
Security Assessments are a key component of ensuring the infrastructure is safe from cyberattacks and can include:
Network Security and Architecture Review
The Network Security and Architecture Review helps clients understand the strengths and weaknesses of their networks based on their business goals and objectives. It will help identify weaknesses in network security policy, procedure, design,
or device configurations/rules in order to help strengthen the clients’ network footprint.
Security Source Code Review
Legato Security uses a white box approach to identify security weaknesses in an application’s source code that could be exploited by motivated malicious individuals, who would then be able to gain unauthorized access to the application or the data contained within the application. We perform our testing through automated (buildable code base required) and manual code review methods. Legato Security provides actionable recommendations prioritized by risk to assist with addressing the vulnerabilities quickly and efficiently.
Legato Security partners with several large security-related vendors to deliver a thorough, in-depth look into the client’s systems to identify the existence of a compromise. Attribution, malware analysis, and other advanced technical efforts may be performed under the Compromise Assessment service offering. Success of a Compromise Assessment is accomplished by first evaluating the systems and software currently used by the client, leveraging existing forensic capabilities of those systems and software, and supplementing as needed.
Cybersecurity Risk Assessment
A Cybersecurity Risk Assessment is a risk-based evaluation of client’s security posture. The assessment is performed using a combination of a questionnaire, an interview process, and a documentation review. Legato Security follows the ISO-27002 framework to structure the assessment. The framework is explicitly concerned with information security, meaning the security of all forms of information (e.g., computer data, documentation, knowledge, and intellectual property). The assessment focuses on the typical processes and procedures of client’s employees, including the most frequently used applications and workflows.