DETAILS OF SERVICES
- First, we aggregate dissimilar data into a visual representation of all possible paths of attack within a computing environment. This may seem commonplace, however our ability to blend endpoint data with Access Control Lists (ACLs) reduces or removes false positives and more accurately assesses the overall security profile.
- Second, we have automated approximately 90% of the vulnerability process; 60% of a pen test. Every client has something unique and requires a modest amount of SME attention. Consider we can recreate ACLs regardless of the devices in use. It is our experience this level of data gathering provides great value and remains unique in a typical assessment process.
- Third, new to our offering is the ability to scan firmware for vulnerabilities. When you consider 1 million lines of code can run PRIOR to the Operating System begins, this is a new seam in the overall assessment process and is typically overlooked. Firms, where NIST 800.53 and ‘171 compliance is critical, need to understand if their systems have been compromised either directly or indirectly through the supply chain. The results of our firmware search are merged into the endpoint and ACL data sets.
- Fourth, we have automated the NIST Risk Equation. As part of our deliverables, we provide a prioritization report based upon the NIST Risk Equation. Our automated report produces results calculating the Vulnerability × Threat × Consequence. Yes, we can calculate, out of thousands of vulnerabilities, a hierarchy of vulnerabilities based upon the consequence of a potential breach. Specifically, we calculate whether a high valued asset is directly, indirectly or not at all at risk. Regardless if the vulnerability is based on ACAS data or firmware results, our prioritization reporting follows the NIST Risk Equation.
Visually, our deliverables include a Common Operating Picture. Unique, valuable, insightful results using automated services. We answer the questions: what do we do first? What can we do to have the greatest positive impact on our security profile? We provide reporting in days, not weeks. We enhance overall security by scanning firmware for vulnerabilities.
“We offer baseline universally required services that are better than our competitors, faster than our competitors and more cost effective. Get actionable results in days, not weeks.”