Minneapolis, MN — February 14, 2012
NetSPI is pleased to introduce Vulnerability Management Program Development (VMPD), a start-to-finish methodology for creating a self-sustaining security assessment program. "Partial protection isn't much better than no protection at all," says NetSPI CTO Seth Peter. "There are armies of potential attackers out there, and if you leave breaches that can be exploited, they will find them. Real security comes from an ongoing process of finding and closing gaps. It has to be an ongoing process both because business and business applications keep changing. And because threats keep evolving, threat avoidance has to evolve as well."
VMPD is built on experience NetSPI has gained in addressing thousands of web, mobile, and thick client applications. Each engagement is tailored to the specific operational needs of the client and begins with definition of goals. The process then utilizes a mix of proprietary and commercial tools, open source utilities, and manual testing to either enhance an existing program or, if necessary, build one from the ground up. "In most cases, we are developing a program that can be maintained by the client once the program is in place," says NetSPI Security Team Lead Ryan Wakeham. "That means working side-by-side with clients, evaluating and optimizing tools and processes, developing reporting and remediation tracking, and mentoring in-house staff as needed. The whole process is very results-oriented, and clients can start seeing results almost immediately.
"Vulnerability management is a cycle that begins with definition of policies and standards," he says. "The assessment phase includes test planning, selection of tools, and the actual testing. Analysis prioritizes corrective actions and produces reporting that defines actions to be taken. And the mitigation phase actually fixes the vulnerabilities and validates the remediation to ensure that it's been effective. It's a step-by-step process designed to ensure that weaknesses in the operation don't fall through the cracks and leave holes that can be exploited. We work cooperatively with our clients, and the way that steps are distributed between our team members and theirs varies from client to client. It's not a magic bullet. It's a more thorough and disciplined way of addressing the problem. We bring a collection of capabilities that can supplement those of the client and free their resources to focus on their primary business. In a very real sense, working with NetSPI lets clients pursue offense and defense at the same time instead of having to choose."
To learn more about how one client benefited from VMPD, check out the Carlson Wagonlit Case Study.
NetSPI is a privately held information-security consulting company founded in 2001. By using its consulting team's deep security knowledge and its CorrelatedVM vulnerability management & reporting solution, the company is a trusted advisor to large enterprises. NetSPI provides a range of assessment and advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards. Clients include large financial services firms, retailers, healthcare organizations and technology companies.
More information is available at www.netspi.com.
We welcome your comments: