Cybreye evaluates using vendor and industry standards. The security assessment checks are used to identify deltas in the scope, asset configurations and services.
The security audit phase answers the question:
Will weaknesses discovered during the security assessment negatively impact an IP asset's ability to comply with vendor or industry standards?
Weaknesses detected during the security assessment are filtered and suppressed providing this does not have direct bearing on the vendor or industry standard compliance is measured to.
It is important to note that organization specific standards can be created per customer. The security audit then becomes specific to the organization’s IT values e.g. OS build standard or IT Security Policy.
Application and OS
Cybreye audits desktop and server applications against standards including DISA STIG, CIS, and vendor recommendations.
We have policies for applications such as Adobe Reader, browsers, business productivity tools, and anti-virus. It also includes IT-hardening audit policies for server applications, such as Apache and IIS, as well as for architectures and frameworks such as VMware ESX/ESXi and Tomcat.
Operating system audits include access control, system hardening, error reporting, security settings, and more. We test configurations against many industry and government policies
Perform configuration audits of Unix and Windows servers to test for specific policy settings.
Perform configuration audits of Unix and Windows servers to test for specific policy settings. Supported configuration audit policies include:
Anti-virus vendor audits
CIS best practice guides
NSA best practice guides
NIST SCAP and FDCC content
Audit the configuration of databases as well as the underlying operating systems for a complete database audit. Our audit policies cover many best practice standards, including DISA STIG and CIS.
Identify and monitor sensitive data at rest and in motion. CYBREYE create dynamic lists of all FTP servers, web servers, and email servers. We identify classes of servers such as "web servers that host PDF files" or "FTP servers containing movies."
We can search hard drives of Windows, UNIX or Linux systems for files containing specific content, including:
Credit cards, ID Numbers, and driver's license numbers
Spreadsheets with financial, employee, and health data
Banking account detection
Confidential corporate information
Files and browser records
Software source code
Words within documents such as “SECRET," "PROPRIETARY," or "CONFIDENTIAL"