© 2018, drie. All Rights Reserved.
Cloud environments such as AWS and MS Azure have the potential to significantly improve the productivity of your business and are essential if scalability is a key concern. drie understands the potential opportunities and challenges of these environments and can help accelerate your migration to the cloud.
Building a cloud team
We have a wealth of experience selecting third party vendors, contractors and employees. drie can be especially valuable if you’re looking to find a new set of skills. For example if you’re looking to adopt a DevOps approach or Agile delivery.
We have a lot of experience building and maintaining infrastructure across all sectors and many countries. We’ll apply our experience to help you make simple architectural changes which reduce the likelihood of compromise by attackers and provide defence in depth.
Our DevOps consulting services are designed to guide you to a model of continuous software delivery. This approach allows you to get software into your users' hands more frequently and reliably by fully automating their applications' deployment pipelines. It also improves operational efficiency by identifying expensive processes in software development and making them more efficient.
Security in Agile Delivery
Enterprise security processes commonly limit the success of Agile Delivery programmes by putting unnecessary barriers in front of development teams. drie can show you how to continue to develop services securely without compromising on productivity.
A microservice architecture can significantly improve the productivity of your team and the reliability of your service. drie will review your existing applications, identify the areas which would benefit most from migration to a microservice architecture and develop a roadmap for the technology and training changes to make this successful.
Our consultants will deploy advanced monitoring sensors on your network to check for malicious activity. We will build a bird's eye view of what is happening on your network, what is the normal activity and monitor for any out of the ordinary occurrences. This is an ongoing service, providing 24/7 coverage for any security incidents that occur. If an incident is detected, we will immediately warn you and create a plan for catching and containing the threat to your network.
This service is of utmost importance if your company has been hacked. We will analyse all the available data to understand how the intruder got in, what data was leaked and what did the intruder do. We will write a detailed report on how to prevent incidents should as these from happening again, and help you secure your company from the intruder - remove them and ensure they do not get it again.
A series of comprehensive automated scans that serve a dual purpose: to discovery the external assets of the company, and to perform a vulnerability scan of them. This is effectively a perimeter / firewall security overview, allowing the company to have a broad view of which hosts are exposed to the Internet and what is the risk and threat level of having those hosts exposed.
Experienced (ethical) hackers will perform a thorough security review and penetration test of one or more critical applications. The consultants will use advanced hacking techniques manually and with industry standard tools to attempt to subvert the security of these applications.
Employing similar techniques to the Application Penetration Test, our experienced consultants will probe, scan and exploit the target network or networks for security vulnerabilities, and deliver a report detailing what was found and how to fix it. This test is useful for companies that want to test a specific part of the network, such as for example an affiliate or branch network, or even to test their entire network.
Our most advanced offering - two or more of our consultants will be "dropped" in a target network, having Administrator level access to a specific machine inside the network. From then on, they will attempt to hack the highest number possible of desktops, servers and applications, and attempt to get Domain Administrator level on the network, while attempting to bypass existing protections like a real hacker would. This type of test is extremely useful to understand how resilient a company is to an intruder which is already inside the network - the ultimate test in resilience and cyber security.