Enforcing your security policies with technical controls gives you consistency and assurance. We help you select and reﬁne what you need to meet your goals.
Our success stories feature real-world security scenarios. You’ll discover varied approaches adopted by your peers in partnering with Bishop Fox, and how our application security services helped organizations, large and small, across an array of industries assess, identify, and minimize risks.
A Guide to Do-It-Yourself Network Segmentation
Learn how your network secure and segmented while sustaining a shoestring budget, courtesy of Bishop Fox’s infrastructure team.
Technical Controls Review and CIS Critical Security Controls
Bishop Fox’s Technical Controls Review assessment is designed to identify the current state of security processes and implemented technical controls in comparison to recommendations outlined by the CIS 20.
Our approach begins with a comprehensive documentation review to identify current implementation levels of the CIS Top 20 critical security controls. This first step is designed to establish a snapshot of the organization’s current security posture. Next, the engagement team gathers detailed information via documentation, stakeholder interviews, and additional evidence to determine whether existing processes, procedures, and technical configurations meet, partially meet, or do not meet CIS 20 specifications. Then the engagement team measures security controls against the CIS 20, using a custom capability maturity model.
Once all the information has been collected and analyzed, the engagement team produces executive and technical reports containing in-depth analysis and recommendations for remediation.
Bishop Fox’s firewall review identifies security weaknesses in firewall configuration. These assessments begin by coordinating with the client for a firewall inventory list, configuration data for each device, and a list of authorized user accounts if applicable. Next, the assessment team uses industry standards and internally developed tools in conjunction with expert-guided testing techniques to identify gaps in secure configuration. The assessment concludes with the detailed reporting of all security issues discovered within the target environment alongside comprehensive remediation recommendations and steps.
Host-based Configuration Review
Host-based security reviews provide companies with the means to comprehensively identify security issues that affect one or more systems. The results of the host-based review may be analyzed to determine root causes and secure the systems being reviewed.
The Bishop Fox assessment team performs full-knowledge, in-depth assessments of the hosts including reviews of security patches, local security settings, system configurations, available applications, access controls, and permissions.
The Bishop Fox assessment team provides an in-depth security review of Windows and UNIX servers and workstations. The assessment team works with the asset owners and system administrators to understand the business role that a particular server provides and to identify potential security issues with the server’s configuration that may negatively impact its ability to fulfill its business purpose.