Access Solutions

What Is It?

Access solutions are systems that your organisation has in place to provide remote computing services to end users. This can be externally or Internet exposed virtualised desktop solutions or those which expose a single application but also includes systems that you may use to restrict access to internal users such as environments where users can only access a pre-defined list of applications through a security gateway due to compartmentalised working for example.

Why Assess It?

There are many reasons to conduct an access solution security assessment, five of which are below.

Validate Usage Restrictions

Users need different resources as part of their role, ensuring you only expose what is required on a user by user basis, allows you to reduce the attack surface available to threat actors without impeding the organisations ability. Validating the controls around this also allows you to ensure that it is not possible to escalate privileges inside the remote access solution.

Protect Organisational Data

Users need to work with data so it will ultimately be rendered or processed in the remote access solution. You need the assurance that appropriate safeguards are in place for its confidentiality, integrity and availability.

Identify Onward Access

For a remote access solution to work it is going to need onward connectivity but only at a limited level. Assessing the remote access solution allows you to ratify what a user can access inside your organisation and should a compromise of the solution itself be achieved, the knowledge and ability to protect against the worst case scenario.

Retain Organisations Reputation

Remote access solutions are by their definition accessed remotely. This means that not only is it an opportunity to provide confidence to your users but also to anyone who observes its usage, which could include customers of your organisation.

Achieve Compliance

Regular assessments assist with compliance, such as Payment Card Industry (PCI) standards as well as reducing the likelihood of fines being imposed in the event of a security incident. The UK’s Information Commissioners Office (ICO) can issue fines up to £17.5m or 4% of global annual turnover, whichever is higher.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your access solution security assessment and we do this by:

Identifying Multiple Attack Paths

We do not stop looking for vulnerabilities when we have achieved the end objective of a compromise. Our role in assisting you is to ensure you have the full information and knowledge available of every attack path. This both provides clarity and a realistic view of your risk but also powers effective remediation where short term tangible uplifts in your security posture can be made by securing common points across the different attack chains.

Data Infiltration and Exfiltration

Organisations are always concerned about data loss but an often overlooked area is the addition of data. Modern threat actors are including this technique more and more and look to subtly affect the integrity of data accessed for their objectives or simply to provide additional footholds into the organisation by adding malicious code for persistent access. We identify both how data can be removed from the solution but also how data and malicious tooling may be added.

Onward Access Mapping

Remote access solutions are connected to your internal resources but to what extent varies. We always conduct additional probing to understanding the ramifications of a breach of the solution on your wider organisation, whether that be at a network level or how the solution is tied into your authentication providers, wider domain for policy management and patching to give a few examples.

Underlying Infrastructure Insight

Remote access solutions are typically software based but we evaluate the security posture of the underlying operating system too because with great foundational security and control mechanisms the wider risk in the software being abused can be reduced.

Challenging Complexity

The deployment of a remote access solution can involve multiple different elements of software such as virtualised desktop software, folder control software, authentication modules amongst other elements as well as often requiring ancillary servers inside your infrastructure. Whilst conducting the security assessment, we look to ease your administrative burden by suggesting robust, tried and tested built in tooling which also often has a cost saving allowing you to meet your security needs but more efficiently.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top