Le plus grand transporteur dotant d'une croissance la plus rapide au Canada
Iristel's VERA tool (Vulnerability Evaluation & Risk Assessment) brings your security posture to a "tangible baseline".
Vulnerability Evaluation & Risk Assessment (VERA)
  • Periodic vulnerability scan
  • Email advanced threat protection
  • 24/7/365 active monitoring
  • User behavioral analysis (UBA)
  • End user training
  • Next-gen AV
  • Disaster recovery
  • Incident response/damage control
Vulnerability Evaluation & Risk Assessment (VERA)
  • Periodic vulnerability scan
  • Email advanced threat protection
  • 24/7/365 active monitoring
  • User behavioral analysis (UBA)
  • End user training
  • Next-gen AV
  • Disaster recovery
  • Incident response/damage control
Key highlights of Iristel’s VERA approach:
  • A 5-part process, which can be executed either on-site or remotely and can be completed within a week.
  • Leverages best-in-class technology tool kit to conduct complete discovery of assets on your infrastructure.
  • Comprehensive (executive and detailed) vulnerability and risk assessment reports will be provided with risk mitigation plan.
  • Iristel will present key findings and insights to ensure proper interpretation and advise proper follow up plans.

The main goal of Iristel’s 5-part VERA tool is to provide sufficient evidence to advise a feasible cybsecurity roadmap.

Information Collection & Scanning
1
Security Architectural Assessment
2
Infrastructure & End user Assessment
3
Disaster Recovery & Policy Review
4
Assessment Report & Key Findings
5
Information Collection & Scanning
Infrastructure and Architecture Information Gathering:
  • Firewall, Router, Switch Diagram
  • Server, Virtualization & Cloud Architecture
  • Desktop, Laptop, Tablets & Mobile Device Information Gathering
  • Identify all critical systems & tag with High, Medium & Low
Tool kit deployment (Qualys & LANSweeper):
  • Install Virtual Scanner
  • Authentication or Non-Authentication Scan
  • Vulnerability Scan – Server Subnet (Critical Scan Any IP Public Facing)
  • Web Application Scan (Critical Scan Any IP Public Facing)
  • Asset Discovery Initiation
  • Need Domain Account with Access to Discover Asset Information
  • Start Discovery Scanner for application, security & user information gathering
Part 1 / 5
Security Architectural Assessment
Review (Ports, NAT, VPN Encryption etc.)
  • Network Configuration Analysis – Port Security
  • Wireless Network – Encryption Standard & Routing
  • IPS & IDS Configuration & Log Review
  • Advance Threat Protection Review
  • Antivirus Configuration & Log Review (Pattern File, Engine Version etc.)
  • Change Management – Add, Change & Remove
Part 2 / 5
Infrastructure & End user Assessment
  • Server Infrastructure Review (Windows & Linux Operating Systems), Image Template Security Practice, Patch Management
  • Database Security Management (Microsoft SQL, MySQL, Oracle)
  • Web Server Security Review (IIS & Apache)
  • Virtualization – VMWare, Hyper-V & Citrix – Security Review
  • SAN Infrastructure Review – Encryption @ Rest, iSCISI, Fiber Channel Security Review
  • Active Directory, Application Security Review & Practice
  • Workstation Security – Antivirus, Third Party Application Review, Admin Access Audit, System Encryption Practice, Remote Access Practice.
  • Data Security Controls – File Shares, SharePoint
  • Security Awareness Training Practice
Part 3 / 5
Disaster Recovery & Policy Review
  • Disaster Recovery Architecture & Plan
  • Backup & Recovery Log, Retentions & Frequency of Testing & including critical systems.
  • Recovery Time Objective (RTO) & Recovery Point Objective (RPO)
Policy Review:
  • Security Incident Response Plan
  • Confidentiality Policy
  • Non-Disclosure and Confidentiality Agreement
  • Change Management Policy
  • Data backup and restoration policy
  • Server & Network Device Standard
  • Encryption and Endpoint Device Standard
  • Anti-virus and system protection policy
  • Server Maintenance Policy
  • Third Party Contracting Policy
  • Security Awareness Training Program
  • HR & IT Practice – Onboarding & Termination
Part 4 / 5
Assessment Report & Key Findings
  • Present key findings and insights from the VERA process
  • Discuss risk mitigation plan and CS roadmap
  • Discuss best practice and potential options moving forward
Part 5 / 5

Ready to protect your business?

Talk to an expert for quick customer support