In the current IT landscape, it is harder and harder to gain a complete overview. This applies to taking the necessary cyber security precautions as well as complying with law and regulation.
Secquard is the tool that enables you to effectively and officially face this challenge. We bring the level of effort and complexity down from ‘gigantic challenge’ to ‘piece of cake’.
Secquard automatically and independently audits cyber security. The reports comprise graphical summaries and detailed reports and provide insights in the compliance level, risks, and mitigating recommendations. In this way, Secquard provides value to a variety of roles within the organization, such as IT-administrators and employees, managers, controllers and accountants.
The Secquard reports focus on the basic measures of cyber security and contain trend analyses.
Default configurations of operating systems are designed with a focus on usability. This compromises information security and leaves doors wide open to cyber criminals, who in the vast majority of cases don’t target specific organisations or individuals. Instead, they systematically and automatically scan the entire internet for known and easy to exploit vulnerabilities. Making adjustments to these default configurations to increase security is called hardening. Hardening vastly decreases chances of being attacked by a cybercriminal. Actions include:
Hardened systems provide maximum security against cybercriminals.
Secquard audits and reports the compliance levels of configurations on consolidated and individual system level. For each system, it is possible to zoom in to individual controls. To give an impression, Windows 2008 contains 215 security controls.
The actual system hardening is benchmarked against either best practices, own baselines, or industry standards such as NIST, CIS and ISO. Each control and result are individually explained and recommendations for mitigating measures are provided.
Software can contain vulnerabilities. These vulnerabilities are exploited by cyber criminals to attack systems and networks. Software suppliers resolve these issues as quickly as possible and release security updates called patches, for some software this happens at very frequently.
To protect an organisation against cybercrime, it is therefore important that operating systems of servers, workstations and network components are always up to date. Measures that help safeguard this are:
Secquard compares the actual patch levels of each operating system with the latest patches of the software supplier. The information that we use comes from e.g. Microsoft, Red Hat, Cisco or MITRE. When a system is not fully patched, it is reported as not compliant. In the detailed report, an overview of the missing patches and related risks is provided. We provide the opportunity to adopt a specific patching policy for each organisation.
The Secquard reports also contain an overview per system of installed software, including version and comparison to the latest available version.
Cybercriminals use viruses and other malware such as trojans, worms and ransomware to disrupt, cause data corruption, or gain access to systems. By installing anti-virus software on all systems, organisations can mitigate this risk. Antivirus protects your systems from malware. Adhering to the following guidelines is a minimal requirement:
Secquard determines for each system if antivirus is installed and if the version corresponds to the most actual information of the supplier.
Certain users, like administrators, have special and often very extensive rights in systems and applications. When cyber criminals gain access to such accounts, risks are significantly higher than for other accounts. It is therefore imperative that organisations limit access of user accounts to levels that are strictly necessary. In addition, who has access to which systems needs to be adequately monitored.
The minimum requirements for robust access control are:
Secquard reports the status of users and possible inconsistencies per active directory. Information is provided on e.g. users, domain administrators, administrators and inactive users, users without passwords, etc.