Data is often an organisation’s most valuable asset and its protection is vital.
Blackfoot specialises in the provision of high-end testing services, to assist clients in defining and mitigating threats to their system and safeguarding this most valuable entity. Blackfoot employs a range of methodologies through its testing to ensure protection against both manual and automated attacks at every level of a company’s information security infrastructure.
Once testing is complete all results are documented in a customised report detailing the full findings, outlining the system’s vulnerabilities and providing Blackfoot’s recommendations on the most effective solutions.
Security Test Scoping – Every organisation knows security testing is a clearly defined requirement to meet compliance standards. Which systems should be tested, the threats that should be simulated and the efforts of the simulated attack are however less clear-cut.
Many organisations take a tick-box approach to security testing and therefore miss the value in completing the exercise. Blackfoot consultants review a company’s data to identify which data assets are of value to a potential attacker and what lengths an attacker would go to, to compromise it. This provides clients with a clear understanding of the threats they are likely to face and allows subsequent testing to focus on the effectiveness of the security controls in place and prioritise its security approach.
Blackfoot Remediation Support – Analysis of over 200 data security breaches has identified a common theme underlying successful security attacks – un-patched systems.
Blackfoot’s approach to remediating security vulnerabilities follows our core philosophy – understand what needs to be protected, where the risk and threats will come from, then implement, tune and review controls accordingly.
Compliance Management Portal – Drowning in spreadsheets? Keeping on top of compliance progress?
Let Blackfoot help you make the whole thing far simpler.
Blackfoot’s in-house Compliance Management Platform (CMP) allows a client to create multiple environments and monitor the application of multiple standards in order to assign, track and manage its compliance efforts.
The CMP acts as a one-stop-shop platform for organisations to gain a single, holistic overview of all business compliance requirements, and how the business is performing against them. The system eases the ongoing time and management costs, whilst protecting against regulatory fines.
Blackfoot Data Monitor – Where is your data? It seems like a straightforward question but many organisations, through the use of legacy systems and outdated processes, only have a partial understanding of where sensitive data is stored, processed or transmitted.
Blackfoot’s team of expert consultants use a variety of industry-leading tools and methods to scan for pre-defined sensitive data (anything from personal data such as names, addresses dates of birth, through to credit or debit card data.) Blackfoot’s experts then use their experience, instincts and intuition to identify sensitive data. Vast amounts are typically forgotten and left unprotected.
Technical Penetration Testing – How secure is your system? Blackfoot’s Penetration Testing services evaluate an organisations system security by simulating attacks from malicious and unauthorised parties. By probing a system, Blackfoot can identify where vulnerabilities lie and the extent to which they can be exploited.
Blackfoot utilises a range of penetration testing services, including network level testing, application testing, database testing, wireless security testing and social engineering. Our testing methodology follows industry guidelines including SANS and OWASP.
Blackfoot’s testers can even include attempts to physically gain access to an organisation’s office, to gauge the risk of a physical breach of the infrastructure.
Once testing is complete, Blackfoot generates custom reports that clearly detail our findings, including remediation recommendations to ensure assets are protected and that the system remains protected.
Data Discovery – Where is your data? It seems like a straightforward question but many organisations, through the use of legacy systems and outdated processes, only have a partial understanding of where sensitive data is stored, processed or transmitted.
Blackfoot’s team of expert consultants use a variety of industry-leading tools and methods to scan for pre-defined sensitive data (anything from personal data such as names, addresses dates of birth, through to credit or debit card data.) Our experts then use their experience, instincts and intuition to identify sensitive data. Vast amounts are typically forgotten and left unprotected.
Knowing where your data is enables a quick reduction of risk in being able to protect it.
Internal Vulnerability Scanning – Organisation’s internal infrastructures should be regularly scanned against a known set of industry-accepted vulnerabilities to ensure the most basic level of technical security is in place both externally and internally.
Blackfoot provides clients with an on-demand service for internal vulnerability scanning of over 42,000 vulnerabilities (and counting!) against a wealth of different operating systems, services and applications. Delivered via an on-site appliance, clients can manage the scanning internally, without the need for external input or access. Alternatively, the appliance can be configured to automatically assess target systems on any given date.
These vulnerability checks are constantly updated with daily feeds and monitored by Blackfoot consultants, who review the findings and alert clients to severe or urgent vulnerabilities requiring attention.
Application Code Review – The development of custom applications often leaves an organisation open to attack due to poor or inadequate code being written. Rather than spend vast amounts of time and resource penetration testing, why not have Blackfoot review the code.
Our application specialists review the source code and assess it against OWASP guidelines and industry best practice to identify potential vulnerabilities, structure, syntax, design and interoperability.
External Vulnerability Scanning – In the constantly changing threat landscape, external infrastructure should be regularly scanned to ensure the most basic level of technical security is in place.
Blackfoot utilises cloud-based vulnerability Approved Scan Vendor (ASV) scanning engines to regularly assess externally facing infrastructure. In line with many regulatory compliance requirements, Blackfoot recommends an organisation run internal and external network vulnerability scans at least quarterly as well as after any significant change to a network.
These scans identify and report on known vulnerabilities that require remediation in order to maintain compliance and protect the external infrastructure from basic attacks. Our experts manually review each scan report to flag up any failed scans, whilst offering support on the appropriate remediation options available.
Speak to ITB about Blackfoot Assess licences today:
CALL for Information and Pricing