Vulnerability Assessment - ecfirst

|

Request a Proposal

Objectives

Identifies and mitigates network or application vulnerabilities.
Validates and secures critical assets with corrective actions.
Detects patch and configuration management gaps.
Ensures compliance through proactive risk management.
Essential part of an enterprise cybersecurity program.

External Assessment

Al-assisted open-source intelligence gathering
DNS misconfiguration review
Publicly leaked credentials search
Anonymous extemal vulnerability scanning
Website security testing (OWASP Top 10)

Wireless Assessment

Facility walkthrough for rogue wireless networks
Wireless security settings & Pre-Shared Key strength analysis

Internal Assessment

Authenticated vulnerability scans of internal systems
Identity & Access Management (Active Directory review)
Password policy & strength analysis
Offline password cracking attempts using a custom wordlist
SNMP and default credential testing
Security software enumeration

Firewall Assessment

OS vulnerability analysis
Security configuration & rule review

CloudFirst Assessment

CloudFirst Risk Status

CIS Benchmark Assessment

Report Highlights

CIS Benchmark alignment (Level 1)
Correct vs. misconfigured settings
License usage analysis
Prioritized findings and improvement areas

CIS AWS Assessment

Secure AWS environment with CIS Benchmarks & Shared Responsibility Model.
Covers AWS Foundations, Amazon Linux 2, and EKS.
Provides prescriptive configuration best practices.
Assess your organization’s cloud readiness and plan for effective adoption.

Phases

CIS OCI Assessment

Enforce MFA for all console users.
Restrict remote admin ports to within the enterprise network.
Enable logging and notifications to detect anomalies and investigate incidents.
CIS OCI Foundations Benchmark offers step-by-step secure configuration guidance for Identity, Networking, and Logging.
Establishes a secure baseline configuration for OCI environments.
Recommended for all OCI users to meet Level 1 CIS Benchmark compliance.
Benchmark Report includes compliance status for each Level 1 control.

CIS Azure Assessment

Links to CIS Azure Security Benchmark v2
Advanced Data Security updated to Azure Defender
New Azure Defender bundle recommendations
Updated activity log alert remediation
Deprecated feature recommendations removed

Azure Virtual VM Assessment

Evaluate readiness and cost for Azure migration:

Azure Readiness: Suitability of servers for migration
Monthly Cost Estimation: Compute & storage costs
Monthly Storage Cost Estimation: Disk storage costs post-migration

CIS M365 Foundations Benchmark Assessment

Establishes foundational security for Microsoft 365 adoption
Not a complete list of all security configurations
ecfirst reviews and reports compliance with CIS M365 secure baseline
Focuses on Microsoft 365 infrastructure security

Configuration Benchmark Alignment Areas

Microsoft 365 admin center
Microsoft 365 Defender
Microsoft Purview
Microsoft Intune admin center
Microsoft Entra admin center
Exchange admin center
SharePoint admin center
Microsoft Teams admin center
Microsoft Fabric