Network & Infrastructure
Your network is the foundation everything else sits on. We review how traffic flows, where the boundaries are, and whether the right controls are in place to prevent unauthorised access and lateral movement.
Network Segmentation & Microsegmentation
We review your virtual network topology, subnet design, Network Security Group (NSG) rules, and Application Security Group (ASG) usage. The assessment identifies flat network designs where traffic can flow freely between workloads that should be isolated, and provides a segmentation strategy that limits the blast radius of any compromise.
DDoS Protection & WAF
We assess your DDoS Protection tier and Web Application Firewall (WAF) configuration across Application Gateway and Front Door profiles. For organisations with internet-facing or NHS-facing services, this is a critical layer that is often either absent or running in detection-only mode.
Private Endpoint Coverage
We identify Azure PaaS services — storage accounts, databases, Key Vaults, and others — that are still accessible via public endpoints where Private Link is available. Moving to Private Endpoints ensures traffic between your virtual network and Azure services stays on the Microsoft backbone and is not exposed to the public internet.