Organisations may require that a number of services are constantly accessible over the Internet to efficiently service their clients. These services may be providing common functionality such as web sites, web applications, e-mail or file transfer capabilities, however through misconfigurations or bad security practices these services may be exposing much more than intended. Insecure networks may be inadvertently exposing the internal business’ systems or providing access to sensitive information which was never intended to be in the public domain. Similarly, systems which should only be accessible to a selected list of authorized parties, such as those systems available only to business partners or suppliers may also be directly accessible over the Internet through lenient network security configuration.

Tracking all of the externally accessible services and ensuring that access to the internal business’ network is controlled at all times is a time-consuming and challenging process. It also requires continuous monitoring and re-evaluation following any system or network modification or upgrade, based on current security practices and knowledge of newly emerging risks.

Senseon’s external Infrastructure Scanning Service facilitates this process by aggregating information from various security sources, actively scanning the Internet-facing infrastructure and reporting on any detected changes from a known good baseline. These scans can be performed as frequently as required and the findings and their associated risks, together with recommendations on how to proceed with mitigation will be detailed in a report. This guarantees that the external presence is continuously monitored by professionals whose core competency is information security and gives the organisation enough lead time to react in case of a security risk, effectively safeguarding the business’ interests and reputation.

Key Points:

• Regularly assess organisation’s external footprint
• Audit externally accessible services
• Compare current risk to a security baseline
• Measure security posture month over month
• Timely detection of security risks

Protect the perimeter.

Secure the systems.

Defend the data.