Virtualization Risk Assessment Services is an evaluation process that helps you identify and mitigate the risk to your virtual infrastructure. The assessment includes reviewing critical components which include people, process, and technology of which is a part of the virtual infrastructure. The process helps identify vulnerabilities and gaps in architecture or configurations using industry best practices, and implement remediation to close these gaps. The assessment process involves the evaluation of policies, procedures, and infrastructure including physical systems and network devices. The reports and findings from this assessment will include a detailed list of security vulnerabilities and gaps in the system.
Our team will thoroughly evaluate the virtual infrastructure and security practices in the architecture and design, including networks, hosts virtual machines, and virtual infrastructure management design.
We will assess the security of the logical network, virtual server storage network, virtual infrastructure management network, and identify infrastructure attack surface and the associated risk.
We assess and review configurations of sampled virtual machines and the host using industry best practices to identify insecure configurations associated with the deployed product.
Our team will assess the gap in current policies and procedures for virtual infrastructure according to the ISO 27001/27002 security standard.
We will interview your virtualization administrators to assess their knowledge base in maintaining a secure virtualization infrastructure.
Our team will also assess your ability to recover from a cyber-attack or downtime of your core virtualization infrastructure.
Virtualization Risk Assessment involves security architecture review, security configuration review, and virtual infrastructure security testing of the logical network, hypervisor, virtual server storage network, virtual switch fabric, virtual firewalls, and virtual infrastructure network.
Yes, Virtualization Risk Assessment does not just cover evaluating the systems and networks but also covers reviewing of policies, procedure documentation, and relevant frameworks.
Virtualization Assessment includes mostly checks by experienced personnel as per OEM / NIST / CIS / SANS guidelines, using vulnerability assessment scanning tools and manual efforts of professionals with specialized skill-sets.
As per industry best practice, it is recommended that organizations perform a Virtualization Assessment of at least the hypervisor every quarter.
There is no definite period defined, but the report may be considered valid for at least a quarter from the date of assessment. This is again dependent on requirements from various standards such as PCI DSS, SOC2, or even statutory/regulatory guidelines.