Our Assessments

Our assessment services offer clients the chance to view security weaknesses from a wide variety of angles. Beyond just reporting technical vulnerabilities, we also identify root causes and help solve strategic and systemic problems, which prevents re-occurrence of vulnerabilities.

  • Comprehensive
  • Detailed remediation advice
  • Best-in-breed tools
  • Manual testing and validation

Key Differentiators

  • Non-disruptive, negligible impact to staff
  • Easy to follow and detailed remediation advice
  • Manual testing to uncover what scanners miss

Assessment Offerings

PSA - Perimeter Security Assessment & Penetration Testing - Provides assurance that Internet-facing networks and systems are protected from hackers/malware (aka the hacker's perspective).
{read more}

external vulnerability assessment manual validation penetration testing practical remediation advice
External

BVEA - Blind Visibility and Exposure Analysis - Blind Internet footprint analysis to ensure that only the information and systems needed for business purposes are exposed to the Internet
{read more}

blind assessment reconnaissance cyber-attack surface minimization chatter analysis reputation/infection analysis

DDOS - Distributed Denial of Service Assessment - Simulated distributed denial of service attack (DDOS) to test the resilience of networks and systems to real distributed attacks, including validation of DDOS prevention measures.
{read more}

Simulated DDOS breaking point analysis performance degradation analysis DDOS prevention validation latency throughput

WSA - Wireless Security Assessment - Ensures protection against unauthorized access to wireless networks and traffic, as well as segregation of guest access from corporate networks and systems. Also identifies potential back-doors through rogue access points.
{read more}

User/guest wireless assessment encryption strength auth strength rogue access points wireless segregation wireless infrastructure vulnerabilities
External/Internal

WASA - Web Application Security Assessment - Credentialed and non-credentialed vulnerability assessment and penetration testing to validate the security measures in place to protect web applications against outside attackers, malware, privilege escalation and account hijacking.
{read more}

Application testing outside attackers authorized users privilege escalation account hijacking credentialed testing

CloudSA - Cloud Security Assessment - In-depth, platform specific review of cloud-based application infrastructure and underlying components to assess compliance with security best-practices. Platforms include Amazon Web Service, Google Cloud Platform, Microsoft Azure and more.
{read more}

Security best-practices assessment configuration policy review manual reviews of configurations

CASA - Critical Asset Security Assessment - Internal vulnerability analysis and penetration testing of mission-critical assets including applications, servers, routers, and switches for validation of layered-security and defense in depth.
{read more}

internal vulnerability assessment manual validation penetration testing practical remediation advice
Internal

LANSA - LAN Security Assessment - Provides assurance that LANs are well secured including end-user systems such as desktops and laptops. As well as LAN servers, and other LAN devices.
{read more}

internal vulnerability assessment manual validation penetration testing practical remediation advice

NISA - Network Infrastructure Security Assessment - Beyond network-based testing, this assessment utilizes benchmarking and analysis of the configurations of firewalls, routers, switches, and other networking devices to ensure these systems are set-up to best protect the networks they enable and that they themselves are protected from breaches to prevent being used to propagate attacks.
{read more}

Configuration scoring configuration benchmarking manual review feature analysis security ROI
Platform-specific

ADSA - Active Directory Security Assessment - In-depth review of Active Directory configuration and GPO settings that drive security for in-scope domains and their affiliated OUs, groups, computers, users, and service accounts.
{read more}

GPO settings analysis manual review review of users review of groups review of service accounts

MSSA - Microsoft Server Security Assessment - Detailed, platform-specific review of the configuration of Microsoft Servers to ensure these critical systems are configured to minimize exposure and maximize security.
{read more}

Analysis of registry settings manual review review of enabled services review of installed programs

NIXSA - UNIX/Linux Server Security Assessment - Detailed, platform-specific and “flavor”-specific review of the configuration of UNIX/Linux servers to verify that these systems are configured to maximize security and minimize exposure to cyber-attacks.
{read more}

Analysis of config files/settings manual review review of running processes review of installed packages review of patch levels

VSA - Virtualization Security Assessment - The VSA examines the configuration of virtual hosts, virtual machines, virtual networking and virtual storage to provide recommendations for improving security.
{read more}

Virtualization configuration review

SocEng - Social Engineering - Targets the human element to test awareness of users to potential security threats, by performing simulated phishing, planted media, pretext calling, and social networking attacks, and to test exposure to social engineering.
{read more}

Social engineering simulated attacks phishing pretext calling social networking
Organizational

PPPA - Policies Procedures and Practices Assessment - Ensures that documented IT policies and procedures, and associated practices, are aligned with best-practices and applicable regulatory requirements. The PPPA is a gap analysis and the first place to start towards compliance with best-practices, regulatory requirements, and standards, such as HIPAA, SOC, PCI, CIPv5, NIST, ISO, DFARS, GLBA, SOX, etc.
{read more}

Policy review Procedures review Practices review documentation review IT interviews gap analysis compliance best-practices regulatory requirements

RA - Risk Assessment - Combination of qualitative and quantitative analysis to determine the top threats to information security, biggest vulnerabilities, and largest opportunities for risk reduction through cost-benefit analysis
{read more}

Top-down strategic Risk assessment asset inventory vulnerability analysis threat model

PhySA - Physical Security Assessment - Assessment of facilities and properties to analyze the key security measures that govern physical security that are required to control access to buildings and to protect the people and data within them
{read more}

Physical security walkthroughs facilities properties

DLPA - Data Loss Prevention Assessment - Identifies unprotected transmission and non-compliant storage of sensitive data that could result in unwanted disclosure or data loss and the potential for costly breach notification and response
{read more}

Data loss prevention Traffic monitoring spidering file searches

BBPen - Advanced Black Box Penetration Testing - A premier service that simulates real-world cyber-attacks against your organization. The BBPen is a capture-the-flag exercise using technical and social pen testing techniques to test how well protected you are against breaches
{read more}

Penetration testing black box capture-the-flag blind social engineering technical pen testing
Other

CustomSA - Custom Security Assessment - Illumant can work with you to define security assessments that are customized in scope, for any target systems, networks, devices or applications that you require beyond our pre-defined assessment offerings.
{read more}

Custom assessment