Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Blog Email Security Tips for General Petraeus (even if a bit late)

Email Security Tips for General Petraeus (even if a bit late)

Could General Petraeus Have Kept His Emails Secure?

The terms Email and Security generally do not go together. Email is inherently insecure, not because of the communications vehical itself, but in how it is used. The moment data leaves your possession, you have lost control. What the other party does with afterwards leaves you out of the loop with keeping it secure. Email security will be a problem in the foreseeable future. But there are some steps General Petraeus could have done to maybe have a more of a warm and fuzzy feeling about what he was sending.

1) Dont Email. That’s a good first step in securing Email. Even if you share an account with someone and keep drafts of the email in a folder rather than actually sending the email, it is still sitting on someone else’s server, beyond your control. The government is success in subpoenaing Email service providers for logs and old data. If you don’t really have to email your shady doings, that’s a good step.

2) Encrypt Email. Say you are forced to Email. Encryption has been around for a long time. PGP is a past master at email encryption. If only you and the other do not share your secret keys, no one is going to really get past PGP encryption.

English: Public key encryption diagram: email ...

English: Public key encryption diagram: email example. (Photo credit: Wikipedia)

3) Email Antivirus. It should go without saying these days that anti-malware and anti-virus should be checking all inbound and outbound emails. Say you were using PGP encryption but accepted an attachment that has a virus, your encryption would be useless.

4) Secure Passwords. So this is Internet Security 101. If you have a weak password on your encrypted email, then your encryption protect is again useless. People still use easy to guess passwords, things you can probably find on their Facebook page such as pet’s name, kid’s name, college etc. This is your first line of defense. The Huffington Post just had a great article on weak passwords “The Top 25 Worst Passwords Of 2011: See What To Avoid”  I particularly like the “trustno1” as a password.  Here are the top ones:

1. password

2. 123456

3. 12345678

4. qwerty

5. abc123

6. monkey

7. 1234567

8. letmein

9. trustno1

10. dragon

11. baseball

12. 111111

13. iloveyou

5) Encrypt Login. When you are accessing you emails, make sure its over an encrypted login. If you don’t see the “https” in the URL, you are not encrypted. So if someone was on the same network as you, they could potentially capture your password. It is a simple security measure but one most people do not really think about.

So there could have been several thing General Petraeus could have done to protect himself further, the best would probably have been no online communications for the shady activities.

Enhanced by Zemanta