Leading Financial Institution Leveraged NetSPI Red Team Service to Improve Their Security Posture
In a report published by consulting firm West Monroe Partners1, 40 percent of acquiring businesses said they discovered a high-risk security problem at an acquisition after a deal went through. With this in mind, executive management at one of America’s largest banks wanted to ensure that one of their subsidiaries wasn’t suffering from similar security control gaps. In addition, the bank wanted to understand if identified security gaps could be leveraged to gain unauthorized access to the subsidiary’s networks and resources. To answer those questions, and report on the subsidiary’s responsiveness to real-life attack scenarios, the bank hired NetSPI to conduct a red team operation.
Make it easy on the devs
Software development teams are often at odds with application security teams, specifically penetesting teams. In this post we explore why this happens and what five steps you can take to improve participation in security testing by the development team in your organization.
5 signs your application security assessment process needs a reboot
Many organizations use manually intensive processes when onboarding their application security assessments. Compare the following process with your own experience: Schedule the application security assessment. Assign internal/external penetration testers to conduct...
Data silos: are they really a problem?
Data silos happen naturally for many reasons. As an organization grows and their security maturity evolves, they’ll likely end up with one or more of these scenarios.
Recurring vulnerability management challenges that can’t be ignored
Stories of new data breaches grab headlines again and again. Many of these breaches are the result of known vulnerabilities left un-remediated, and in some cases, organizations have been aware of these vulnerabilities for years.
What’s next and new with netspi resolve
Here at NetSPI, we see firsthand the struggles enterprises face to fix vulnerabilities. It’s concerning when our pentesters and customers continue to find the same vulnerabilities that have yet to be remediated – at the same client, year after year.
How to streamline penetest data to security orchestration
Previously, we discussed best practices for tracking vulnerability data through to remediation. In this post, we’re explore the challenge of streamlining human penetration testing (pentesting) data into the vulnerability orchestration process.
How to track vulnerability data and remediation workflow
Vulnerability data must be tracked in order to ensure remediation – or vulnerabilities can fall through the cracks leaving your organization exposed. Most vulnerability data comes from scanners, though the most important vulnerability data often comes from humans.
Security orchestration vs automation: what’s the difference?
In the post Are You Flooded with Vulnerabilities?, we explored the ever-growing mountain of data that organizations face in managing their vulnerabilities. While software is at the root of the vulnerability problem, it’s also the solution.
Are you flooded with vulnerabilities?
Most organizations have more vulnerabilities than can be fixed at current resource levels. Halfway through 2018 the NVD is on pace to match the historic 20,000 published CVEs in 2017. A perfect storm of circumstances can make it difficult for your threat and...