There are many IT services firms – including some run by friends and colleagues of mine – who perform something called “network assessments”. The outcome of these assessments – which are usually aimed at SMBs – is to determine the overall health of your network and computing environment, supposedly including security.
First, let me be clear that these are legitimate services to see where your network stands. That’s fine and dandy – a useful service indeed. The problem is that these network assessments are being pushed/sold under the guise of security assessments. I was recently on a friend of mine’s website and saw how they can check the security environment of a network. I looked at the Web site of another colleague of mine and his business claims to offer a service that ensures your sensitive data remains protected. In our discussions, neither of these people have ever claimed to be security experts. I don’t believe “in-depth security assessments” are their intent either.
But what about all the other network services firms/consultants out there like them…?
My point is to be careful. Don’t assume that just because a network engineer checks your systems, recommends some software updates or network design changes, and ultimately installs some new security products in your environment that your information is truly secure. A solid and effective information security program is much grander beast.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”