Network SecurityAssessment2 – 3 Weeks

Network Security Assessment

Evaluating Segmentation, Firewall Hygiene, Remote Access, and East-West Visibility to Establish Your Zero Trust Baseline

Schedule a Discovery Call Take the Free Assessment

Most organizations know their network security has drifted from its original design — but do not know how far. Firewall rulebases accumulate entropy over years of change requests. Segmentation exists on paper but east-west traffic flows unchecked. Remote access architectures built for a handful of users now serve the entire workforce. Network access controls are either absent or in monitor-only mode.

This assessment provides an objective, evidence-based evaluation of your network security posture across six domains: segmentation effectiveness, firewall rule hygiene, remote access architecture, network access controls, DNS and web security, and east-west visibility. The output is not a generic maturity scorecard — it is a prioritized findings report with specific, actionable remediation guidance.

The assessment is designed as the natural precursor to a Zero Trust initiative. Understanding your current segmentation boundaries, trust relationships, and traffic patterns is a prerequisite for any meaningful Zero Trust architecture design.

NIST SP 800-207 (Zero Trust Architecture)CIS Controls v8NIST CSF 2.0PCI DSS v4.0 (network segmentation requirements)

Who This Is For

Ideal clients for this engagement.

Organizations planning a Zero Trust initiative that need a clear picture of their current network segmentation and trust boundaries

Enterprises with firewall rulebases that have grown organically over years without systematic review

Companies with flat or insufficiently segmented networks that have been flagged in audits or penetration tests

Organizations whose remote access architecture has expanded significantly and needs architectural review

The Problem

What this engagement addresses.

Rulebase Entropy

Years of change requests, emergency rules, and staff turnover produce firewall rulebases where 20-50% of rules are unused, overly broad, or undocumented. No one is confident which rules can be safely removed.

Flat Networks and Weak Segmentation

Network segmentation exists on diagrams but not in practice. East-west traffic between zones is largely unmonitored, allowing lateral movement paths that penetration testers and attackers exploit routinely.

Remote Access Sprawl

VPN concentrators, jump hosts, vendor access portals, and direct RDP/SSH have accumulated into an inconsistent remote access architecture with overlapping trust models and inconsistent enforcement.

Limited East-West Visibility

Perimeter traffic is logged and monitored, but internal traffic between segments, VLANs, and zones is a blind spot. Lateral movement goes undetected because the telemetry does not exist.

Deliverables

What you receive.

Network Security Findings Report

Prioritized findings across all six assessment domains with risk ratings, evidence, business impact, and specific remediation guidance. Each finding maps to the relevant framework control.

Executive Summary

Non-technical summary of overall network security posture, top findings with business impact, and priority remediations for security and IT leadership.

Network Segmentation Map

Documented view of current segmentation boundaries, trust relationships, and traffic flow patterns — annotated with findings and gaps. Serves as the baseline for Zero Trust planning.

Remediation Roadmap

Sequenced remediation plan with quick wins, medium-term improvements, and strategic initiatives. Each item includes effort estimate, risk reduction impact, and dependencies.

Methodology

How the engagement works.

Scoping & Data Collection

Week 1

Network architecture and segmentation documentation review
Firewall rulebase and configuration collection
Remote access architecture inventory
Traffic flow data collection for east-west visibility analysis

Analysis & Assessment

Weeks 1 – 2

Segmentation effectiveness analysis against critical asset zones
Firewall rule hygiene review — unused, overly broad, shadowed, and undocumented rules
Remote access architecture and trust model evaluation
Network access control and DNS/web security assessment
East-west traffic visibility gap analysis

Reporting & Debrief

Week 2 – 3

Findings report and executive summary delivery
Network segmentation map delivery
Live debrief with network and security teams
Remediation roadmap walkthrough and prioritization discussion

Engagement Tiers

Scoped to your architecture.

Focused

Single site or data center environment with up to 5 firewall policies. For organizations that need a targeted review of a specific network segment or location.

Six-domain assessment for scoped environment
Firewall rule hygiene review
Network segmentation map
Findings report and executive summary
Remediation roadmap

Standard

Multi-site environment with up to 15 firewall policies and hybrid connectivity. Includes remote access architecture review and east-west visibility assessment.

Everything in Focused
Remote access architecture deep-dive
East-west traffic flow analysis
Cross-site segmentation consistency review

Complex

Large enterprise with 15+ firewall policies, multiple data centers, cloud connectivity, and OT/IoT network segments. Full six-domain assessment at depth.

Everything in Standard
OT/IoT network segmentation review
Cloud network connectivity assessment
Extended rulebase analysis across all platforms

Prerequisites

Network architecture diagrams and segmentation documentation
Firewall rulebase exports (read-only configuration access or exports)
Remote access solution inventory and architecture documentation
Traffic flow data or NetFlow/sFlow exports where available

Frequently Asked Questions

Common questions.

Do we need to provide full firewall admin access for this assessment?

No. Read-only access or configuration exports are sufficient. We do not make changes to any network devices during the assessment. If exports are preferred over direct access, we provide the specific commands needed for each platform.

How does this differ from a penetration test that tests network segmentation?

A penetration test validates segmentation by attempting to traverse it — useful but narrow. This assessment evaluates the architecture, rule logic, and visibility holistically. It identifies why segmentation fails, not just where. Both are complementary — we recommend this assessment first to fix structural issues before validating with a penetration test.

Is this assessment useful if we are already planning a Zero Trust project?

It is specifically designed as the precursor. You cannot design Zero Trust zones, policies, and migration paths without understanding your current segmentation boundaries, traffic patterns, and trust relationships. The segmentation map and findings from this assessment become direct inputs to the Zero Trust Architecture Design engagement.

Related Offerings

Often paired with this engagement.

Zero Trust Architecture Design

The natural next step — translates assessment findings into an implementation-ready Zero Trust architecture with phased migration plan.

Firewall Rationalization & Hardening

Deep-dive into firewall rulebases to eliminate unused rules, tighten overly broad permits, and harden platforms against CIS Benchmarks.

Firewall & WAF Optimization

Activates advanced NGFW features and tunes WAF policies to blocking mode using traffic-informed analysis.

Cloud Security Posture Assessment

Extends security posture evaluation to cloud environments — IAM, network, data protection, compute, and governance.

Ready to discuss this engagement?

30-minute discovery call. We will discuss your application architecture, your specific concerns, and whether this assessment is the right fit.

Schedule a Discovery Call View All Offerings