Penetration Testing and Ongoing Threat Management

Today’s computing environments are exposed to a growing list of potential network and database security issues, with new security flaws being introduced all the time. This makes ongoing vulnerability management a constant challenge for all organizations.  Beyond HIPAA compliance, penetration testing and ongoing threat management are the foundation of any risk management program.

Recommended Data Security Efforts Include:

  • Project-Based Penetration Testing Services
    • Vulnerability Assessment/scanning
    • Database Encryption and Anonymization
    • Data Classification
    • Personal Data Impact Assessment
    • Source Code Review
    • email Phishing Campaigns with linked security training
    • Database, Application or IT infrastructure hacking/penetration testing
    • Application Regression Testing/Data Mapping
  • Ongoing Threat Management (OTM)
    •  Designed to reduce the overhead of managing the overload of vulnerability scans, OTM enables your teams to collaborate and identify known vulnerabilities, understand which are the most critical, and assign the necessary response to the right system owner.

     

Ongoing Threat Management Overview

Vulnerability Management Workflow

The workflow is displayed below for each issue allowing actions such as: discard false positives, snooze issues for the future, implement workarounds when proper control implementation is not possible and resolve a issues.Ongoing Threat Management Workflow

Dashboard

Each user has their own dashboard. As an example, the Security Manager can quickly review most recently opened Vulnerabilities pending verification by examining their dashboard, per the example below:

Ongoing Threat Management Dashboard

Snoozing Issues

Realistically, it may be necessary to temporarily snooze a high-risk vulnerability.  For example, an old version of Java exposes vulnerabilities on the Time-Card application however Java cannot be updated otherwise the workforce cannot clock-in.  In this case,  a vulnerability is snoozed until the application is ready for the new version of Java.  Meanwhile it disappears from active/open vulnerabilities list until the due date or reactivation for follow-up:

Ongoing Threat Management Snooze

Partnership with TwelveSec

Our hands-on ethical hackers are provided by our long-standing trusted partner, TwelveSec. TwelveSec only maintains the highest-level of professional, industry-certified hackers ensuring the best results in reducing the likelihood of unauthorized access to your organization’s sensitive and confidential data.  By working together, we can help your organization be compliant and secure.

Questions, comments, interest?

Would you like to speak more about penetration testing services, see a demo of our Ongoing Threat Management System?  Please Fill out the form below to speak with a member of our team:


* These fields are required.