Industry Innovators: Analysis & testing

Share this article:
Industry Innovators: Hall of Fame
Industry Innovators: Hall of Fame

There are two times when we need analysis and testing: before and after an event. Before an event, we want to test our vulnerability to attack so that we can close holes. We need to do that on many levels, including general vulnerabilities, deeper penetration resistance, application weaknesses and for the all-out tiger team approach – something that can test both physically and logically. This year we cover all of those bases. 

We are interested in general vulnerabilities and that, strangely, has its own challenges. We say “strangely” because one would think that a simple vulnerability scanner would be all that was needed. That turns out not to be the case – as anyone knows who has scanned a large enterprise only to find that by the time the scan is complete the results are obsolete.

If we want to do the whole tiger team thing, we need to be able to sneak past physical controls and focus on deep penetration and compromise. This year, we have a very clever approach to this challenge. Application vulnerabilities are, arguably, the biggest challenge to security professionals because they represent the easiest attack vector in many cases. So we need a tool to test applications and it needs to be both comprehensive and effective. The problem often is, though, that such tools are great for the security geek but not so great for the developers who need to fix the holes the tools find. 

Getting all of the threat and vulnerability data into one place and getting there in a useful manner is the strength of another one of this year's Innovators in this group. And that brings us to dealing with the aftermath of an attack or cyber crime. If all fails and the bad guys prevail, we turn to digital forensic tools to figure out what happened. While this year's Innovator in the forensic area doesn't deal strictly with the attack's results, it is a strong tool in the fight against cyber or cyber-related crime.

This batch of analysis and testing tools sets a pretty high bar for creativity, effectiveness and applicability to some really tough challenges.

Page 1 of 6
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Reviews

Sign up to our newsletters

More in Reviews

Protecting email both ways

Protecting email both ways

Protecting your organization from attacks brought into the system by email is an ongoing challenge, says Peter Stephenson, technology editor.

Attestation at its best

Attestation at its best

Private Core vCage protects systems. It's a little complicated under the covers, but in practical use is simplicity itself.

Mobile devices are the new endpoints...and both need protecting

Mobile devices are the new endpoints...and both need ...

The use of social media spreads throughout the internet and cares little if the participants are Joe and Jane or the Massive Big Company. They're all swimming in the same ...