The network security audit is a process that many managed security service providers (MSSPs) offer to their customers. In this process, the MSSP investigates the customer’s cybersecurity policies and the assets on the network to identify any deficiencies that put the customer at risk of a security breach.
While the specific method of the audit may change from one MSSP to the next, a few basic steps include:
Device & Platform Identification. The first step of the audit is to identify all of the assets on your network, as well as the operating systems they use. This is vital to ensure that any and all threats have been identified.
Security Policy Review. Here, the MSSP reviews all of your company’s security policies and procedures to see whether they match up to the standards required to effectively protect your technology and information assets. For example, who has access to what, and do they really need that access?
Security Architecture Review. Where the policy review assesses your documented policies, the architecture review analyzes the actual controls and technologies that are in place. This builds off of the device & platform identification process to give you an in-depth analysis of your cybersecurity measures.
Risk Assessment. Here, the MSSP conducts various assessments to characterize your systems (process, application, and function), identify threats, and analyze the control environment to determine what your risks are and their potential impact. This information is then used to prioritize the fixes from the biggest threat that is easiest to remedy to the smallest threat that is the hardest to fix.
Firewall Configuration Review. A specific security technology that any MSSP will want to review in depth is your network’s firewall. Here, the MSSP should review your firewall’s topology, rule-base analyses, management processes/procedures, and configuration. The MSSP will also likely evaluate the policies for remote access and check to see if the firewall is up to date with the latest patches.