Corporate IT Cyber Security
Identity and Access Assessment
Humans make mistakes. We help you fix them.
The majority of information security incidents occur as a result of user accounts that become compromised through:
- Poor password hygiene and internal policy enforcement
- Phishing attacks and other forms of social engineering
- Lack of multi-factor authentication
This can lead to the eventual breach of an administrator account, effectively giving a threat actor access to your entire business—all from a single initial crack in your defences.
Peloton’s Identity and Access Assessment gives you the visibility you need to identify these compromised accounts, along with an assessment of any existing risks and prioritised recommendations for remediation.
Why perform an identity and access assessment?
Reveal blind spots to better understand the full scope of any weaknesses
Identify existing compromises through informed threat hunting
Improve continuously by sharing an understanding of risks with all users
What to expect with a Peloton identity and access assessment
Depending on your needs, Peloton can provide an end-to-end service offering from identity and access assessment through to remediation.
Our identity and access assessment methodology is focused primarily on Active Directory (AD) accounts. As part of this process, we:
- Test all password hashes to reveal weak passwords by:
- Uncovering common passwords against a 1.3B word list
- Cracking weak hashes with the brute force of 5.6T iterations
- Correlate AD and Azure AD metadata
- Provide list of immediately actionable steps
Once we’ve completed the assessment, we support you with a remediation program, including a workshop to prioritise a focused program of work and resource, capacity and change management planning.
Post-remediation we provide metric reporting and compliance improvement strategies.
While Peloton typically performs white box vulnerability assessments (where you provide information about your IT environment so Peloton has full knowledge of it), we are adept at conducting a range of test types to suit your needs.
The Peloton difference
Strategy and compliance
We apply an understanding of your business context to decide both what to do and what not to do, in line with market-standard compliance frameworks. We also work closely with your teams to optimise change management.
Sustainable remediation
Our remediation options are designed to avoid disrupting business-as-usual operations or negatively impacting users. For example, we avoid broad stroke remediation like mass password resets and instead take a staged approach to prioritise actions that mitigate the most risk.
Demonstrated experience
Peloton is known to move quickly to address high-risk findings. We work closely with your incident response partner to rapidly bring them up to speed and address critical areas for remediation.
Customer testimonials
Peloton have taken the time to understand our business and reduce our risk. They filter out the false positives and alert us when there is something important we need to know about. They also help us to do a complete cyber security assessment on businesses before we acquire them, which takes time and focus as the requirements are different for every business. In terms of quantifiable results, we have reduced licencing costs and significantly increased our cyber security maturity rating which is a huge achievement.
Therese Chakour-West, CIO
Bunzl
We were trying to win new business with a global hotel chain. To get this across the line, we needed to tick some serious IT and security boxes. We knew we had gaps that we couldn’t easily fill so we engaged Peloton to help us. Peloton addressed our immediate needs and also taught us to look beyond the tender, so that our cyber security initiatives could support future growth opportunities too. We now have cyber security factored into our solution offering which puts us out in front of our competitors. Plus we got global IT approval from the hotel chain, which was a great result.
Bob Sharon, Founder and CIO
Blue IoT
Peloton Strategic Services
Frequently Asked Questions
Identity and Access Management (IAM) is a comprehensive framework that aligns with the fundamental cyber security principles of Identification, Authentication, Authorisation, and Accountability (AAA). It entails a structured approach to regulating access to critical organisational resources, such as sensitive information and systems. IAM facilitates secure access to company assets, encompassing databases, applications and data, and extends its horizon beyond internal employees to encompass contractors, vendors, business partners and external device users. By enabling precise control and maintaining audit records, IAM establishes a robust security infrastructure that empowers authorised personnel and devices while establishing formidable barriers against unauthorised external intrusion.
Identity Governance and Administration (IGA) differs from Identity and Access Management (IAM) in that it allows businesses to not only define and enforce IAM and IAM policy but also leverage IAM functions to comply with audit and compliance requirements. IGA has a defined role in ensuring that IAM policies are connected and adhered too.
Once an Identity and Access Assessment has been completed, your business will receive a report that provides visibility and insight into compromised accounts and existing risk, as well as prioritised recommendations for remediation.
The Peloton Identity and Access Assessment will provide you with a better understanding and appreciation for any weaknesses within your environment, identifying current compromises through threat hunting and help improve understanding of risks with all users.
