Vulnerability Scanning


Vulnerability scanning is the systematic identification, analysis and reporting of technical security vulnerabilities that unauthorized parties and individuals may use to exploit and threaten the confidentiality, integrity and availability of business and technical data and information. External vulnerability scanning specifically examines an organization’s security profile from the perspective of an outsider or someone who does not have access to systems and networks behind the organization’s external security perimeter. Your external IPs be scanned once a year, once a quarter or monthly.

Read More

Mobile Application Scanning


Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.

Read More

Darkweb Credential Monitoring


We provide the best approach to eliminate the biggest cause of massive data breaches, the weak and/or stolen password. We continuously monitor the dark web for stolen databases and identities, and maintains the encrypted data in our proprietary database. When integrated with an IAM solution, we can provide superior visibility into user-centric risk and the ability to automate appropriate corrective actions, preventing the abuse of compromised credentials.

Read More
Press Release Privacy Violations Result in Fines for Hospitals Under Strict California Laws

November 23, 2010, Torrance, CA: The California Department of Public Health recently issued fines against hospitals in the state for Patient Privacy Violations, totaling more than $700,000. The physical and logical protection of patient data is a fundamental requirement in today’s hospital climate.  The fined entities included Kern Medical Center, Bakersfield ($250,000 for theft of 596 test documents), Pacific Hospital of Long Beach ($225,000 for an identity theft), Kawaeah Manor Convalescent Hospital, Visalia ($125,000 for an identity theft), Delano Regional Medical Center ($60,000 unauthorized access to records), Children’s Hospital of Orange ($25,000 unauthorized access to records), Oroville Hospital ($42,5000 employee discussed patient case), Biggs Gridley Memorial Hospital, Gridley ($5,000 unauthorized access to records).

As regulations increase, hospitals have to be more diligent in implementing and monitoring security controls. The Top 5 protections a healthcare organization needs in order to move towards a HIPAA Security Rule compliant environment include: 1. Conduct a Risk Assessment: Section 164.308(a)(1) of HIPAA requires an organization to conduct the risk analysis before any solution is implemented. It is important to know your network’s vulnerabilities. Officials must understand what type of information might get exposed, who might expose it, and how where it could be exposed. The result of this analysis will facilitate creation of security policies & procedures. 2. Take a Multi-Layer Approach: A single technology cannot provide complete protection. Implementing firewalls, anti-virus software, anti-spam, and intrusion prevention are just some of the things needed to keep patient data completely secure. 3. Don’t Forget About Email: More patient data is breached through email than any other source. It is crucial to have secure email and full content filtering. You need both inbound and outbound filters for personal health information protection and Encryption is key.  4. Implement Policies: Employees must be educated on the security policies of an organization, why the policies are important and how to protect confidential information. eSecurity training is the first step in this important process. Implement a security awareness and training program for all members of its workforce including management.  5. Backup Your Data Offsite (Securely) : Offsite data backup has become the easier and safer alternative to the out dated tape method. Offsite data backup offers multiple encryption methods, sophisticated file search availability, and complete automation. You can recover you data swiftly and test your backup information quickly for accuracy and completeness.  KRAA Security ( is trusted name in the security industry. The firm conducts comprehensive Physical Security Assessments to identify potential physical security risks in Hospitals. KRAA Security also conducts data security assessments that meet HIPAA Security Rule requirements to determine if patient databases are at risk. An evaluation by KRAA Security will pinpoint where problem areas are located that affects the safety of customers and employees, and areas on the premises that would facilitate thefts, vandals and intrusions both logical and physical. Contact: Jasmine Jones KRAA Security, 888-KRAA-911