Our Security Best Practice Evaluations are designed to assess select aspects of your environment for adherence to current best practices.
Results and recommendations allow you to proactively address weaknesses before they cause a breach.
All evaluations below are options within our customizable IT Security Assessment.
These vital evaluations also grow with your organization.
Select what fits your needs now, with freedom to change year-to-year as your security challenges and priorities shift.
Ransomware attacks now occur every 2 seconds. That’s why we developed this audit option to focus on your organization’s ability to mitigate risks associated with ransomware. Our experts will assess your security controls, policies, and practices for the prevention of ransomware attacks, as well as your organization’s ability to rapidly react to and swiftly recover from such incidents. To add a technical assessment of your endpoints security, consider our Ransomware & Endpoint Protection Simulation.
This audit option focuses on identifying security risks to the environment originating from configuration deficiencies, such as excessive use of administrative rights, insecure password requirements, insecure account lockout settings, and improper monitoring. Even environments with a minimal number of vulnerabilities often have similar misconfigurations that can put your organization at risk.
The frequency and sophistication of today’s viruses in the hands of increasingly aggressive hackers is daunting. To help you steer clear of the 5B+ malware attacks annually, as well as the 270K+ new malware variants this year, our team will evaluate the setup, updating, and alerting capabilities of your antivirus system(s). We will also look to ensure there is a multi-layer approach, including perimeter protection, as well as a multi-vendor approach to ensure the quickest access to updated virus definitions.
A vital component to any comprehensive assessment, this audit option is highly recommended due to its importance. The existing policies for authentication, administration, updates, change management, VPNs/encryption, monitoring, and others are evaluated against industry best practices. Our experts will provide recommendations to minimize security risks and help protect your environment.
Reflecting the dramatic increase in off-site personnel, as well as the expanding Internet of Things (IoT), this audit option evaluates the technology, policies, and procedures for deploying employees into remote locations from your headquarters. We will address issues related to person versus business equipment, authentication, encryption, malware protection, and many other areas related to remote workers.
With 91% of all cyber-attacks starting with an email, this audit option is key. Our experts will evaluate configurations and policies related to Office 365, including those that can mitigate email and other cloud data threats. We’ll also ensure your organization has performed key steps to secure the integrity of your Office 365 instance and its applications and provide recommendations to harden your defenses against these and other cloud data threats.
Today’s mobile devices account for 60% of all digital fraud, making this audit option wise. Our experts will evaluate security controls and configurations related to Mobile Device Management (MDM), including corporate-owned devices and BYOD environments. We ensure your organization has performed key steps to secure the integrity of mobile assets against phishing attacks and theft.
This audit option focuses on security controls pertaining to VMware, including vCenter Server, hypervisors, and virtual hosts/applications. While primarily evaluating controls and configurations, the evaluation also questions the security hygiene of the virtual environment and its hosts. Our experts will evaluate the VMware environment to enhance the security posture of your organization’s virtual infrastructure
With the pervasive rollout of wireless technology in production environments and related security risks, this audit option has become a necessity. Our team will evaluate your wireless implementation to ensure your organization is using best practices in administrating wireless network devices. We will evaluate authentication, encryption, device administrative settings, and logging.
Our Active Directory password evaluation is much more than an analysis of passwords used. We provide a comprehensive report that includes detection of weak passwords, as well as a multitude of vulnerabilities associated with password policies (e.g. administrative accounts with aging violation, weak, duplicate passwords; passwords stored using reversible encryption; accounts missing Kerberos AES keys, etc).
This audit option evaluates the physical safeguards that protect the network infrastructure equipment, as well as a clean desk review (i.e. sensitive information left in public view). Our experts will perform this evaluation at your organizational headquarters and/or selected secondary locations of your organization. For additional on-site testing, consider our Red Team Assessment.
Check back here often, as we regularly add to our Security Best Practice Evaluations to help you address emerging security challenges.
The professional experience and technical expertise made the choice an easy one… exceptional results. We are completely satisfied.
There are a lot of service providers out there, but your staff were personable, friendly, knowledgeable and made it very clear they were there to help us get better, not to find as many exceptions as possible.
They go out of their way to be helpful, offering their guidance and suggestions (as opposed to a cookie-cutter approach). Initially, we chose BAI because of their reputation. We went back to them the next few years because of their people and their professionalism, the depth of their technical and procedural knowledge, and friendliness.
Far more extensive test than any we have had in the past… The reps are 100% on your project and always available to give you feedback.
Outstanding platform for vulnerability remediation. Everyone I talked to from sales folks to technical experts were all great to work with and very knowledgeable.
The experience was great, and I felt that BAI had my back. The techs were great to work with and helped me resolve security issues. They were working with me to correct issues rather than just pointing out what was wrong.
There are many players in this field. I contacted some of my industry peers and asked who they used. BAI came in at the top.
I love how in the final deliverables recommendations are provided. I’ve seen other solutions (and past vendors) who simply tell you what’s wrong without any help to remediate.
The dedicated engineer that learns our environment is huge! Also, the reporting is as high level or granular as you need it to be.
We have worked with BAI Security for 5+ years. They are professional, knowledgeable and personable. The technicians have a great understanding of our complex infrastructure
Price was right, service was excellent, and the final deliverables were outstanding. Great team.