A technical review of your infrastructure's attack surface, configuration, and architecture — external and internal, cloud and on-prem — with a prioritized, implementation-ready remediation plan. Not a checklist audit.
Security controls that exist on paper but haven't been technically validated are a common gap — especially in infrastructure that has grown quickly without a dedicated architecture review. This assessment closes that gap: a hands-on technical review of what's actually deployed, not what a policy document says should be deployed.
A technical review of your external and internal infrastructure: network architecture, cloud and on-prem configuration, access control, and exposed services. Scope is agreed upfront and documented before work starts.
Depends on scope. External-only assessments require no access at all — we work from what an outside attacker could see. Internal reviews require read access to relevant configuration (cloud console, IaC repos, network diagrams) rather than production credentials.
Assessment activity is designed to avoid production impact. Any action with a realistic chance of affecting availability is scoped and scheduled with you in advance, not run opportunistically.
Scope-dependent. A single-environment assessment typically runs a small number of weeks from kickoff to final report; multi-environment or multi-cloud scope extends that. We give a specific estimate once scope is defined.
Both are available. The assessment itself delivers prioritized findings with implementation-ready guidance; if you want ACS engineers implementing the fixes directly alongside your team, that is the Vulnerability Remediation engagement, scoped separately or bundled in.
Yes — findings are handed to whoever owns the affected system, with enough technical detail that your team can act on them without a follow-up call. We are available for that follow-up call regardless.
Yes, as standard practice for this kind of engagement, not an exception you have to request.
AWS and Azure environments are both in scope. Tell us your stack during scoping and we will confirm coverage before you commit.
Tell us your environment and scope. We'll come back with a realistic timeline and what the engagement covers — no generic proposal.