Industry Innovators: Analysis & testing
Industry Innovators: Hall of Fame
There are two times when we need analysis and testing: before and after an event. Before an event, we want to test our vulnerability to attack so that we can close holes. We need to do that on many levels, including general vulnerabilities, deeper penetration resistance, application weaknesses and for the all-out tiger team approach – something that can test both physically and logically. This year we cover all of those bases.
We are interested in general vulnerabilities and that, strangely, has its own challenges. We say “strangely” because one would think that a simple vulnerability scanner would be all that was needed. That turns out not to be the case – as anyone knows who has scanned a large enterprise only to find that by the time the scan is complete the results are obsolete.
If we want to do the whole tiger team thing, we need to be able to sneak past physical controls and focus on deep penetration and compromise. This year, we have a very clever approach to this challenge. Application vulnerabilities are, arguably, the biggest challenge to security professionals because they represent the easiest attack vector in many cases. So we need a tool to test applications and it needs to be both comprehensive and effective. The problem often is, though, that such tools are great for the security geek but not so great for the developers who need to fix the holes the tools find.
Getting all of the threat and vulnerability data into one place and getting there in a useful manner is the strength of another one of this year's Innovators in this group. And that brings us to dealing with the aftermath of an attack or cyber crime. If all fails and the bad guys prevail, we turn to digital forensic tools to figure out what happened. While this year's Innovator in the forensic area doesn't deal strictly with the attack's results, it is a strong tool in the fight against cyber or cyber-related crime.
This batch of analysis and testing tools sets a pretty high bar for creativity, effectiveness and applicability to some really tough challenges.