In order to mitigate risk, enterprises need to understand how applications operate on networks and interface with other applications, servers, routers, etc. – where vulnerabilities often reside. The IT System Attack Simulation will identify insecure system components and build a meta-threat model to visualize an organization's threat landscape – making it easy to see where systems are vulnerable to data theft and other attacks. As the landscape changes with new IT elements coming online or new threats realized, the threat model will quickly document if an organization’s risk profile has increased, decreased or stayed the same.
“In the course of doing traditional code reviews and penetration testing for large enterprise customers, we discovered that many would be better served if we evaluated their entire IT infrastructure,” said Ed Adams, CEO, Security Innovation. “We came up with a system that builds an infrastructure map which forms the basis of the attack surface model. We then simulate attacks to determine what a hacker could exploit to get at confidential data or take systems offline. Not many organizations can do this war gaming alone, so we serve as their trusted advisor to help them realize and measure their risks and put adequately considered defenses in place.”
Attack simulation conducts perpetual and sophisticated attacks on the entire IT infrastructure vs. an application in isolation. It provides a report that details how the security holes were accessed, such as through an improperly implemented cryptography, a misconfigured Web/database server or a software vulnerability in a certain application. Security Innovation experts leverage their expansive knowledge and an army of utilities and tools to rapidly determine which vulnerabilities pose the greatest risk to key data. To complement the diagnosis, experts work with IT teams and vendors to ensure they understand the vulnerabilities and the steps necessary to remediate them to plug the holes.
Application Portfolio Assessment
The new Application Portfolio Assessment service is targeted at enterprise IT groups that are responsible for a large amount of applications and need high-level analysis on which applications pose the greatest risk. Security Innovation experts identify and prioritize high-risk applications based on business impact, security threats, compliance mandates, data classification and operational risk. The result is a risk-ranking framework that shows IT groups which applications are high risk. Once the application portfolio is risk-ranked, attack surface analysis can be conducted, providing further insight into threats and potential exposure points. Security Innovation experts provide recommendations on how to reduce attack surface, which dramatically reduces exposure to risk. The risk-ranking framework allows security and risk analysts to quantitatively categorize application assets and help plan additional assessment and mitigation activities based on an organization’s budget and time constraints.
“Applications live in a world rooted in hardware and wired and wireless connectivity, so their security extends beyond secure software development. However, there is no standard formula for application security, because risk tolerance and data mapping are contextual to each organization. This is an example of how Security Innovation is uncovering a market need in working closely with customers and tapping our in-house expertise to fill it,” said Adams.
About Security Innovation
Security Innovation is an established leader in the application security and cryptography space. For over a decade the company has provided products, training and consulting services to help organizations build more secure software, reduce application risk, and build internal expertise.
Security Innovation built upon its core competencies in application security with the acquisition of NTRU CryptoSystems in 2009, a company that developed proprietary, standardized algorithms. This resulted in the strongest and fastest public key cryptography available and the means to overcome historical performance barriers that have plagued the encryption industry. With these core strengths intact, Security Innovation is in a position to help organizations protect their data at two critical points: while applications are accessing it and during transmission. The company’s flagship products include TeamProfessor, the industry’s largest library of application eLearning courses, and TeamMentor, a web-based secure development methodologies product.