Security Practice

The Security Solution

Security Practice

L7 Solutions has an active and broad ranging security practice which draws from the traditional L7 strengths of Advisory, Integration and Managed Services to bring you the most all round security support possible.

The practice members are here to help you understand and meet the exponentially increasing threats that are facing our IT networks.

Business environments are changing at an incredible rate; mergers, acquisitions and natural growth are increasing the complexity of our IT and information environments. When this is combined with the current evolution of information threats that are predominantly criminal in intent and ever stealthier in their technical implementation, security must appear higher on the executive agenda than ever before.
Security services are tailored to your specific business requirements, below are just some of the security services that this specialist team are able to provide.

Data Loss Prevention Review
The L7 Solutions' Data Loss Prevention Review (DLPR) offering provides information management teams with an opportunity to gain a better understanding of their organisations susceptibility to Data Loss.

Scope
L7 consultants will take a holistic approach to assessing the data loss threats posed against your organisation including the following key areas:

  • Security policy and procedure documentation
  • Organisational security roles
  • Data classification
  • Environmental security
  • Communications and operations considerations
  • Systems development and maintenance
  • Incident management
  • Compliance

Organisational requirements
This review is designed for organisations that have concerns around maintaining the confidentiality of their sensitive and business critical data.
The review follows a holistic process focusing on the current status of protection given to data assets and aims to provide the organisation with an accurate picture of their current information security state.
Deliverables
This engagement results in the production of a Data Loss Prevention Review report which can include (dependent on scope):

  • High level business requirements for information security
  • Overview of current state of information security
  • Collation of data collected during interviews
  • Identified risk areas
  • Prioritised recommendations to reduce the risk of data loss
  • Summary of findings suitable for presentation to company executives

Business Benefits of DLPR
Understanding of current information security state
Audit compliance in alignment with international standards for the management of information security
Provides a clear understanding of the probability of data loss occurring.

Technical Security Review
L7 Solutions' Technical Security Review services provide a valuable insight into the security status of your networks/systems and their boundaries.
Modern networks continually expand through necessity and natural business growth. Often security aspects take a back seat during network growth periods despite the increased evolutionary pace of network threats.
Security reviews are an essential means of assessing if network/system security is evolving at the same pace as the network and the threats posed to it.
Engagement
The Technical Security Review service is tailored to an organisations specific needs. Typical service components are:

  • Security design review - An examination of network architectural design. Assessing design impacts on the security of business information assets.
  • Firewall rule set review - Analysis of the firewall rule set to ensure that maximum benefit is being received from this key security device.
  • Network component security review - Review of network components such as switches and routers to ensure that security is being maintained through their configuration settings.
  • Wireless security review - A full review of your wireless architecture configuration to assess the level of security it is providing.

Scope
L7 technical and advisory consultants will work with an organisation to establish the most appropriate scope for the organisation ensuring that all key network security components are included within the scope. Scoping consideration may include.

  • Definition of any testing requirements
  • Identification of assets to be included
  • Definition of escalation points

Confidentiality
L7 Solutions fully understands the sensitivity of all security engagements and assures confidentiality in the engagement findings.
Deliverables
A Technical Security Review report will be provided which will include (dependent on engagement scope):

  • Details of :
    Equipment reviewed
    Good and bad configuration findings
    Vulnerabilities discovered
  • Prioritised recommendations to improve network security and reduce the risk from network threats
  • Summary of findings suitable for presentation to company executives

Penetration Testing
L7 Solutions' Penetration Testing services provide organisations with an assurance of the security of their electronic borders or systems.

Definition
The term Penetration Testing (Pentest) is commonly misused to cover three types of technical engagement:
Vulnerability Assessment (VA) - The scanning for known and identified external or internal devices to discover vulnerabilities in their configuration or modes of operation.
White hat Pentest - The scanning of external or internal known and identified external or internal devices to discover vulnerabilities then attempting to exploit the vulnerabilities to ascertain what access or information can be obtained.
Black hat Pentest - The discovery and scanning of external or internal devices without prior identification to discover published or previously unknown vulnerabilities and to exploit those vulnerabilities to ascertain what access or information can be obtained.
Scope & Engagement
Defining the scope is critical to the success of this engagement. L7 technical consultants will work with the organisation to establish the most suitable penetration testing scope for your organisation.
L7 technical and advisory consultants will work with the organisation to establish and document a Technical Evaluation Plan (TEP) for a security testing engagement. This will include:

  • Identity assets to be tested
  • Identify assets not to be tested
  • Establishing timings for testing to take place ensuring minimal impact on day to day business.
  • Define escalation points
  • Identify information available to the tester

Additional Capabilities
In addition to the three services already defined, the L7 security practice has experience in wireless systems testing and social engineering.

Organisational requirements
Organisations are required to provide written authorisation to conduct testing and any necessary network information. L7 will assure the confidentiality of all information provided and discovered during the engagement.

Deliverables
A Penetration Testing Report will be provided which will include (dependent on engagement scope):

  • Details of:  
    Procedures undertaken
    Vulnerabilities discovered
    Exploits carried out
    Information accessed or level of entry achieved
  • Advice on remediation of discovered vulnerabilities
  • Prioritised recommendations to reduce risks
  • Summary of findings suitable for presentation to company executives

For more information on what L7 Solutions and its Security Practice can you do for you, contact Steve Simpson on +61 8 9221 7744.