Business Solutions From Lateral Security

Lateral Security provides a range of services in the IT security area. The following lists our most standard services (link on each one for more information), however we are happy to customise any services required.

General Security Consulting And Advice

Lateral Security has extensive independent IT security knowledge. This knowledge has been gained from years of network and application testing. Our knowledge can assist our customers in providing a more robust and secure network/IT environment.

Design And Architecture Reviews

Architecture and design assistance helps clients understand best practise methods for "design and build" with IT security at the forefront.

This review analyzes the security implications of your application's architecture and design and technologies chosen. We focus on the documentation, application security controls and being able to clearly identify key items including, boundaries, interfaces, dataflow, caches and data stores. We also test the physical deployment configuration of your proposed service, application including all network devices.

The design and architecture review is important as projects and services are often deployed without this review being done. Testing at a latter date for compliance or auditing purposes can result in errors being found in the overall design that could have been avoided if this review had been done at the beginning. Poor IT security in network design and architecture will lead to increased costs for management and ongoing support. This is due to the “quick-fix" approach of patching an inferior network design.

This review takes approximately 1 day for a standard review.

Configuration Reviews

This is an in-depth review of the configurations of various components within the environment, including servers, routers, and firewalls. Each component is reviewed against security best practice and standards such as DISA STIGs, NIST, CIS checklists, and vendor guides. Documentation is also reviewed to ensure what is written down matches the configurations on the devices. This can help to reduce costs for ongoing support within an environment. This review is recommended on a production or close to production environment to ensure that configurations match the production environment.

This review takes approximately 1 day per device.

Vulnerability And Penetration Testing

Vulnerability and penetration testing should be undertaken whenever a new application, server or network device is being deployed or the configuration on an Internet facing service has changed within the Enterprise. Penetration testing simulates an attacker attempting to gain access to a specified target server or application. A penetration test involves the use of automated tools as well as manual test methods to review the security from an external or internal perspective. Testing may include network devices, servers, web applications, WiFi (wireless technologies) and mobile email solutions. Vulnerabilities or weaknesses often exist within systems and penetration testing can be used to qualify the extent to which any identified vulnerability can be exploited. Vulnerability and penetration testing is usually combined with a Configuration Review in order to further qualify any results found and provide recommendations in order to overcome these business risks.

Regular ongoing vulnerability and penetration testing should be scheduled as a Business As Usual Activity and carried out at twelve monthly intervals to ensure the security of the network, applications and any attached devices.

Source Code Reviews

A source code review looks deeply into the internal workings of an application. Lateral Security selects and reviews security-sensitive processes within an application in a line-by-line manner. This could include login, registration, and transactional processes. We review the processes from a pure security perspective, examining the source code for issues such as logic errors, coding mistakes, and test code left behind when the application was built, upgraded or patched. This type of testing is designed to provide assurance for applications that have a high IT security requirement like banking, finance, Government, or database applications that hold private client information.

The time taken for a source code review is dependant on the number of lines within the code and the overall application size.

A typical source code review would take 5 days.

Governance And Compliance

Lateral Security can ensure that you meet your required information security governance and compliance model. The benefits of a Governance and compliance framework are:

Standards that we use include:

Governance and compliance is an area of business that can assist with written guidelines and policy framework. Businesses may need assistance for government legislation, industry requirements and/or industry standards. Lateral Security has the skills and more than 20 years of experience.