ips

Internal security vulnerabilities are the most prevalent and unfortunately the most destructive.  These vulnerabilities may stem from the very core applications that drive the business, and are often large and complex.

Merely learning the vulnerabilities from the manufacturer or vendor such as Oracle or Salesforce is not enough; many of these applications contain customizations and may transmit information in an insecure fashion, therefore rendering them non-compliant to policy requirements. 

Recognizing this gap, IPS has an internal team of application developers that assist our security consulting team during application analysis engagements.  Much more skilled than just testing for buffer overflow errors in fields, our development group often are called to perform code reviews and ensure the underlying platform hosting the application is sound, looking for issues surrounding redundancy and potential areas of data loss.

IPS also deploys specific network tools to maximize visibility when performing application analysis.  These tools are deployed on-site at the customers’ premise, passively collecting and observing data and transactions.  These include tools from our vendor partners including NetIQ Security Compliance Manager, Blue Coat’s Packeteer, and IPS’ own customized appliance.

Each assessment is a thorough report with easy and clear results and remediation steps in plain English, not just a massive report of false positives.  It includes printed bound reports as well as DVDs of all reports generated and raw data gathered, and a detailed follow-up meeting.