A common security practice is to perform regular vulnerability scans against internet-facing hosts by using automated vulnerability scanning tools. Apart from claims that most of these tools are marketed with, this approach result in large number of false findings and takes away understanding from genuine security risks. Moreover, as most in our industry can agree, automated scanning tools miss finding uncommon weaknesses in a complex or custom networks or applications.
In our Proactive Baseline Review service, we leverage a custom developed toolset to frequently test your Internet presence looking for deviations from your defined security baseline and monitor threat-intelligence feeds for new threats against your network or applications.
When new security issues emerge we manually review them then notify you only of genuine issues along with guidance for resolving the issue.
Initial meeting to understand your environment, infrastructure, custom application, and technology stacks
Define your acceptable baseline and customise our toolset to have thorough coverage of your environment and applications
Execute regular baseline reviews against your environment and check for new threats, change in risk rating and deviations to the baseline
Manually validate new findings and provide you with periodic reports. We notify you immediately for any risks as they surface
Periodically fine-tune the toolset to respond to changes
to your environment, risk appetite, and new attack vectors
Contact us to receive the full detail of our methodology.
The following is a snapshot of our assessment areas:
Regular Whois, RIPE, DNS mapping and tracking of your company Internet presence
Check against blacklist/malware tracking of your IP address space
Monitoring for company wide information leakage via social media, password dumps, Dark web (Tor) etc.
Regular check against threat intelligence feeds looking for new risks for your environment
Regular automated security testing to ensure your web applications aligns with best practices (OWASP Top 10)
Checking for vulnerable and exposed network services against industry security practices
A structured methodology built on proven best-practices (CAPEC, OWASP, OSSTMM)
A team with an established reputation and over a decade of experience
Tailored security services to fit any project or business
Providing services to global software companies and ASX listed enterprises
Made in Australia!