November 25, 2016
As AssuranceMD and our client practices become increasingly more dependent on the internet, there is a growing trend to open network infrastructures to multiple stakeholders. When opening the enterprise environment for the purpose of improving information flow and transaction capabilities, the internet risks and vulnerabilities significantly increase. Therefore, it is critical to provide a secure environment that guarantees our clients the confidential exchange of information while ensuring data integrity.
Assessing security risks for the purpose of developing a protection strategy and security program is an important step in evaluating existing security protocols. It also aids in setting benchmarks for improvements. Between May 15 and May 31, a vulnerability audit was performed on AssuranceMD’s network of computer servers with the following objectives:
- Discover any services that could be a potential compromise to AssuranceMD’s network
- Determine vulnerabilities and threats that might affect the data processing environment
- Identify and evaluate exiting controls
- Assess security infrastructure against attack vulnerability
- Assess security technologies that serve as incident management and response proceedings
- Identify and develop protection strategies and mitigation plan for risk to critical assets
The results of our assessment revealed that vulnerabilities were limited in scope and not likely suspect to compromise. Segmentation and network border configuration stood up well against network layer based attacks, discovery and penetration. Additionally, our network segmentation showed a high level of resilience to compromise from both internal and external threats.
For the identified vulnerabilities, we will be taking steps in the coming week to close services and ports that pose either a high or medium threat level. Moreover, in the coming months we will be taking further steps to introduce both machine and user level validation and authentication to ensure the security of our network and data.
For more information, contact: