Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Compliance Solutions
  • Massachusetts 201 CMR 17 ComplianceThe Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) released the “Standards for the Protection of Personal Information of Residents of the Commonwealth” (the “Regulation”) establishing standards for protecting Massachusetts’ residents’ personal information. This law sets forth guidelines establishing protection mechanisms such as encryption of documents; secure wirelessly data transmission, deployment of secure architectures and usage or security policies and procedures. The regulations also require businesses to complete internal and external security risk assessments. READ MORE
  • HIPAA Security – We provide our clients comparative information and baselines against industry standard practices in addition to the HIPAA mandated review items in the Security Rule. A complete assessment as required under the HIPAA risk assessment specifications includes on-site interviews with personnel, system analysis, policy and procedure review and remediation suggestions. READ MORE
  • Physical Security Survey – A KRAA Physical Security Survey (PSS) will be comprised of a comprehensive overall security survey identifying risks and will target what can be considered high risk areas. You have a due diligence responsibility to have your property assessed to prevent security incidents such as physical assaults of people, thefts against your company assets and property damage caused by vandals. READ MORE
  • E-Discovery and Forensics– Every regulation and lawsuit has a component of E-Discovery and Forensics.  KRAA Security provides computer forensic services to gather and analyze records from electronic devices to help find the evidence you need to prove your case! We have one of the most comprehensive service offerings in the industry, ranging from forensic imaging to data recovery and proactive employee monitoring services. READ MORE
Many organization face requirements from internal and external auditors, business partners or regulatory bodies. Usually your security team is required to help provide an analysis of the environment but may not have the breadth of experience to cover all areas of security. Outside assistance is typically required to address audit and compliance requirements. An information security compliance audit is an in-depth appraisal of the organization’s adherence to existing policies and industry best practices and identification of areas of weakness that need to be addressed to meet business needs or regulatory and compliance requirements. We will assess the existing weaknesses and develop countermeasures in three areas of people, process, and technology. We can analyze your compliance measures against such popular regulations like SOX, HIPAA, and PCI. We can help you determine the most cost effective software, procedure, and process compliance measures to adhere to regulatory standards. Through our gap analysis approach, we design a remediation process and identify mitigating controls. For more information please contact us.