Risk assessment is dependent on customer specific security requirements. It starts right from sensor and devices till IoT application covering entire network and IT infrastructure. Every software and hardware component is required to be evaluated for secured IoT system after deployment. Individual OEMs can choose their respective components for vulnerability assessment before deployment in the integrated environment.
Defining the boundaries of assessment helps to set the objectives, identify the attack vectors, inclusions & exclusions, timeline and testing approach.
Vulnerability assessment & penetration testing
We use automated tools as well as manual methods for vulnerability scanning and penetration testing of network, applications, mobile applications, IoT sensors, devices & its firmware. We provide gap analysis with risk prioritization and severity level along with recommended solution to fix the gaps. The report is prepared based on OWASP IoT top 10 standard.
System hardening & configuration review
System hardening is a best practice to reduce the attack surface for all networked devices like servers, workstations and other network devices. Along with the hardware, the operating system software is also assessed for potential threats and the technique is applied to minimize the unneeded services & packages. Firewall is audited for its configuration and rules as per security requirement. We apply OWASP hardening standard to ensure security lockdown.
Many times the vulnerabilities related to the code development for applications and firmware of embedded devices get exposed only after the deployment. Our tech experts work with the development teams of the customer during development stage itself to help develop the code which is secure prior to the deployment on the network.
A security compliance audit is comprehensive third party review of the organization for its readiness & adherence to cyber security processes and best practices. Compliance audits provide organizations an opportunity to continuously improve its risk management capability. Some of the compliances are regulatory in nature and are mandatory as per laws and regulations of specific country while some provides strong foundation for cyber risk assessment & security management. Valency Networks has been providing implementation consultancy and audit services for major information security compliances such as ISO 27001, ISO 27017/18, HIPAA, GDPR, SOC 2, PCI DSS, ITAR and FDA CFR Part 11 & 820.
ICS/SCADA Security Assessment
Industrial control systems popularly known as SCADA & DCS are part of operational technology (OT) and are considered as critical infrastructure for any industry. IT-OT convergence has brought these systems in forefront from the security stand point as these systems are not designed by security. With exposure of ICS network to corporate network and internet, these systems have become more vulnerable to network and physical attacks.
The potential threat to the ICS systems inflicts very high cost to capital investment, huge production loss and danger to human lives. While assessing the risks for ICS systems, there is a need to treat these systems differently than any other IT system. Valency Networks? domain expertise helps industry to assess the system & network vulnerabilities and manage the risks to strengthen the network & physical security of the ICS system by conducting vulnerability assessment, penetration testing and ICS security audits on specific parameters applicable for ICS environment.
Valency Networks has unique approach to risk assessment and reporting.
Every technical assessment is based on automated tools, custom built scripts & manual testing.
The report is generated based on OWASP top 10 & CWE 25 standard.
Compliance Audits for various industry standards & regulations.
Prioritization of Risks/vulnerabilities according to threat level.
Recommended solution to fix the gap for all vulnerabilities.
Documentation as per requirements of standards & regulation.
Audit report comprising of gap analysis and solutions.
What Our Customers Say?
Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.