Security Review: independent and expert insights into "as is" and desired states

 

FOXMOLE enables clients to gain a comprehensive view on where their current security investments have been made and how effective these are. This can act as a solid foundation for future security strategy with robust rationales to support the direction taken.

The FOXMOLE methodology is focused around fundamental pillars of security strategy such as “Protect”, “Detect” and “React”. Relative strengths and weaknesses in these areas are evaluated and measured following series of interviews and observations with all key stakeholders.

One FOXMOLE observation is that in an ideal world the business importance of a service is evaluated by interviewing the business owner of a system or process. In reality, that necessary step is often skipped and the whole infrastructure is considered as the same important level (organisations are wasting money by protecting low important services with too much energy, and not protecting the high assets with higher standards and processes because all threats are treated as “normal”); something which should be avoided.

These are interviews are complemented by a series of technical validations; for example, are your servers and the corresponding layers (services, frameworks and applications) really patched according to the internal policies and best practices as claimed or just a small percentage of these? Disconnects between what is perceived to being taking place as part of security process and the reality are identified and captured.

Identifying risk areas is only part of the story - focused actions must be taken as a result of the insights shared.

FOXMOLE makes recommendations as to where to focus effort for maximum impact and improved overall security, chiefly in:

  • Strategy & Implementation: what are the right short, medium and long-term directions to take and how can these most effectively be realised?
  • Technical and Organisational Guidelines: how are key security best practices adopted, and how does senior management endorse and promote these? How do you store passwords? What are strong cryptographic methods? How do you prevent the OWASP Top 10?
  • Processes: such as how do you model security into your development, how do you handle access rights and their revoke in start, change or leverage of your employee during their employment, how do you detect attackers trying to evade your protective measurements?
  • Technology: which technology can help you archiving your security goals in an efficient way? How can you secure technology that is in use? What would be the best security architecture to be an enabler?

In addition to the above, FOXMOLE provides guidance how to remediate the root causes resulting in this vulnerabilities to prevent them from further happening, increased efficiency and therefore decreasing the fixing-costs.

FOXMOLE also acts a key CISO sparring partner, delivering valuable insights across a range of subjects that can be challenging for executives to keep track on. Regular review meetings with clients offer the chance to check progress against goals and offer strategic advices and recommendations.

Contact Us

Please call +49 6151 86086-277 (Germany office hours)
or email: info@foxmole.com