Baseline Testing Analysis & Auditing ServicesTo save money and improve operational efficiency, organizations should routinely identify all the systems on their networks. Despite the strictest usage policies, undocumented systems can be added to a network, such as “test” systems that were never decommissioned or instances where a system is managed by a third party as part of a vendor’s service offering.
To help you gain greater control of your IT resources, Structured provides complete baseline testing analysis and auditing services. We can help you assess environments with which you are not familiar (such as a newly acquired company’s systems) or help you with automated discovery for large networks across multiple locations. Once we identify your network systems, we also help you assess and fix potential security issues.
Automated Inventory Solutions Not long ago, a casual walk around the data center would give you a good idea of your network. But today’s systems are harder to find physically because of wireless networking and mobile solutions. Because Structured specializes in both data center design and wireless and mobility solutions, we know how and where to look.
We typically use a combination of methods for the most accurate inventory because various methods have different strengths and weaknesses. We can familiarize you with the appropriate tools to address your unique needs. For example, TCP-based port scans often reveal the presence of systems that an IP ping scan will not. Further, by capturing the initial output for each port we can often gather more information that can be used to identify the listening software or host. Meanwhile, identifying that wireless devices exist is simple, but determining their physical location is often difficult. Structured can help you locate physical devices using scanners that display signal strength and direction.
After you establish your baseline, Structured also recommends regularly checking your IT inventory. Such periodic checks verify that your IT policies are being followed and confirm that your documentation matches the true state of the network.
Vulnerability Scanning After locating all the hosts on your network (and removing or fixing the unauthorized ones), Structured will help you determine the security status of your systems. Depending upon what you need to know, we use automated vulnerability scanners that look for settings that might indicate vulnerability, which avoid service disruption on target machines. We also have scanners that actually attempt to exploit vulnerabilities. There is some risk of service interruption to using these, so we recommend not using them when an outage may be detrimental to your business. Nevertheless, they provide a very accurate indicator of the overall security of the system in question.
Good vulnerability scanning must be set up and operated by a qualified professional. Automated systems sometimes detect issues that require human judgment regarding their true risk. When our scans find such a problem, our experienced professionals conduct further investigation to determine the validity and risk of such findings.