Applications store, process, and transmit mission-critical data. However, for their functioning, application components rely on servers that enable and support operations. Beside application components such as application servers, web servers, and database servers, modern infrastructures include servers providing identity and access management (often delegated to Active Directory), file sharing, software distribution, backup, monitoring, logging, and similar services. These functions can be on premise or Cloud-based, implemented as regular services or as modern microservices in dedicated containers.
In addition to servers, workstations (especially administrative workstations) play a fundamental role in the security of an organization. For this reason, they are frequently a preferred target for attackers that aim to compromise mission-critical data and operations.
Security assessments can be conducted on all types of systems and infrastructures, including:
- Active Directory
- Windows and Linux servers
- Windows workstations
- AWS, Azure, and GCP Clouds
- Containers and orchestration tools
By mapping the attack surface of systems, security assessments allow to identify vulnerabilities and exposures and ensure integration of best practice security controls for the protection of mission-critical operations.