Our Approach and the methodologies we use
Overview of our SECURE BY DESIGN Methodology
Conduct an assessment of the state of the security of your internal, or cloud-based network and environment.
For either an on-premise or cloud-based product development environment, confirm that you are following best practices with respect to code development, compile, release.
Conduct an assessment of the security and integrity of the products you deliver to your clients to confirm that the hash has not been compromised at any point including between code release and delivery to the target end-point of your clients.
Deep dive into your on-premise or cloud-based network and environment
Make targeted recommendations for robust threat protection and threat hunting software on your network endpoints after identifying
your risk factors, and then basing the recommendation of specific tools such as SIEMs (Security Information and Event Management) that are best suited to your particular risk profile. Training on the use of and deployment of best practices for the best effective use of SIEM tools can be provided to your in-house team, or we can engage with you in order to provide on-going monitoring and mitigation of threats to your environment.
Develop plan for resetting credentials, if needed for enhanced security, for all users in the corporate and software development environment, and other applicable parts of your operation. Resetting the credentials of and examining the configuration of privileged accounts is given the highest priority so that those accounts are as impervious as possible to malicious attacks. In the event that your in-house team wishes to carry forward these practices and lessons learnt then a comprehensive project plan explaining steps and measures taken, along with any training needed for your team will be provided as part of the scope of engagement.
Harden remote and cloud access endpoint channels exposed to the public web that are used for accessing your network and applications by deploying techniques such as enforcing multi-factor authentication (MFA) and other measures such as the requirement of deploying complex passwords that are changed at regular or irregular intervals (to prevent a patient adversary from gleaning the rhythms of your network security practices.
Develop a body of best practices to ensure high levels of security can be maintained long term
Develop protocols for ongoing forensic analysis of your network and product development environments in order to identify root causes of any breach attempts and the steps required for remediation.
Where necessary, help you to stand up either a physical or virtual, on-premise or cloud based completely new operating or build environment with carefully configured access controls, and deploy mechanisms to allow for reproducible environment builds from multiple independent pipelines.
Ensuring the security and integrity of the software you deliver to your customers
In conjunction with your development team, deploy automated and manual checks to ensure that your compiled releases match your source code.
Re-sign, if necessary, in the event of a confirmed breach, all software and related products with new digital certificates.
Expand focus on vulnerability management to help reduce your average time-to-patch, and help put in place links with the external security community.
Perform extensive penetration testing of your software and related products to identify any potential issues which will be turned over to your development team for redressal.
Leverage third-party tools to expand the security analysis of your source code and any related products.
Engage white hat communities to conduct ethical hacking exercises against your infrastructure to quickly identify, report, and remediate security issues across the entire spectrum of your operation.