Browse by Year:

CIO Review >> Magazine >> July - 2014 issue

Beyond Security: Automating Security Assessment and Compliance Management

By

Enterprises applications and networks are becoming complex as they are continually expanding their horizon by integrating employees, partners, suppliers and customers through supply chain managements, enterprise intranet/extranets and customer relationship management solutions by almost fading its boundaries. Such geographically disparate and complex networks and applications naturally throw open multiple doors to compromise by attackers. Mere perimeter defense mechanisms such as antivirus, firewalls, and IPS/IDS are so common that even an average hacker or a bot assumes their presence and attack.
Hence it is imperative for Enterprises to be ahead of attackers and be resilient to such attacks and prevent critical and sensitive assets from theft and compromise. Conducting expensive annual security audit seems to be a futile exercise given the rate of new security vulnerabilities (Zero days) that are discovered almost daily by the underground/state sponsored hacking community. Add to manual Vulnerability assessments pose equal challenges in terms of scalability, consistency, cost, speed and accuracy as opposed to automated VA tests.
Beyond Security Inc., California based Information Security company with offices in Bangalore offers AVDS (Automated Vulnerability Detection System) cloud based On-Demand VA/VM and in-premise self contained Appliances depending on the need of the enterprises. Large enterprises that are geographically spread with tens of thousands of user base, employ AVDS appliances in major locations and manage end point VA’s centrally while managing perimeter defense as well on a regular basis. Small and medium enterprises perform daily/weekly/monthly scans and manage Vulnerabilities through a rich On-demand portal by Beyond Security. AVDS open API’s help Enterprises to integrate with third party applications such as SIEM, WAF (Web Application Firewall) and its powerful search engine, ticketing system help track and manage vulnerability effectively. "The efficacies of Business continuity, brand equity and compliance management are better managed by deploying AVDS", says Ravi Prakash, Regional Director – India, Beyond Security.
Securiteam.com, a community portal owned and managed by Beyond Security is an aggregator of Vulnerability Signatures and exploits that acts as a continuous feeder to AVDS, says Noam Rathus, CTO, Beyond Security Inc., US.
Beyond Security’s beSTORM, a black box multiprotocol dynamic Fuzzer is extensively employed for unknown vulnerability (Zero Days) discovery by Software and Hardware giants such as Microsoft, Ericsson, Juniper, Lockheed martin and others. beSTORM supports 140+ protocols comprising of networking protocols, wireless and file formats such as PDF, Doc, XLS, JPEG etc.; beSTORM parses through binaries and hence is language independent. It performs comprehensive tests, exposes security vulnerabilities such as buffer over flow, memory leak, memory exception, one off error etc.; beSTORM essentially tests both IP and non IP based protocols. It's a software tool which works both on Linux and Windows environment and helps in security assurance and supply chain sanitization, adds AviramJenik, CEO, Beyond Security Inc., US
In a nutshell, Beyond Security helps unleash both known and unknown vulnerabilities through its fleet of products and services.