Nettitude Blog

Rowland Johnson

Recent Posts

Is penetration testing fit for purpose?

Posted by Rowland Johnson on Nov 6, 2017 3:00:25 PM

This may seem like a strange article for Nettitude to publish, on the basis that we are an award winning cyber security company focusing on penetration testing. We absolutely believe that penetration testing does have value when implemented and oriented properly. However, we frequently see organizations that have been executing penetration testing programs that have really missed this mark. This article discusses the top five failings of pen testing programs we have seen executed across industry.

Read More

Red teaming and blue teaming is shaping detection and response

Posted by Rowland Johnson on Nov 3, 2017 2:58:35 PM

For far too long, penetration testing has been focused on delivering assurance on organizations defensive capabilities. Organizations have initiated penetration testing exercises against internal and external network segments, against applications and databases, and in almost all instances the focus has been to identify vulnerabilities in defenses that can be exploited. Pen testers would assess the firewall build and identify weaknesses in its configuration. They would also assess web applications and identify vulnerable code and configuration. Pen testers assess databases, network shares and other security devices in the hope of identifying vulnerabilities that could be leveraged by an attacker.

Read More

Why the evolution of penetration testing matters for you

Posted by Rowland Johnson on Nov 2, 2017 2:18:42 PM

The cyber landscape is maturing at a startling velocity. An industry that barely existed 20 years ago is now projected to be worth $170 billion by 2020. As the amount of technical development has snowballed, so the need for security assurance has become a board level consideration. Assurance practices have had to evolve to remain in touch with the digital transformation that is occurring around us. Assurance has had to develop to reflect both the changes in the ways we engage with technology, whilst also staying abreast of the evolving threat landscape. Organizations that remain static in their assurance process will become increasingly vulnerable.  For organizations to build effective risk management processes, they must become agile, threat lead, and focus on people, process and technology collectively.

Read More

5 things your current pen testing provider doesn't do

Posted by Rowland Johnson on Oct 30, 2017 11:55:11 AM

Penetration testing is nothing new to the cyber security world.  For many years, organizations have been going out and testing their web applications, assessing their internal networks, and identifying vulnerabilities in their mobile apps. Penetration testing companies have been delivering assurance about the security posture of defensive controls providing guidance on whether the firewall rulebase needs to be updated, if the patching policy is effective, or whether the application code that powers your web infrastructure is free from vulnerability.

Read More

Threat detection in a borderless world

Posted by Rowland Johnson on Oct 6, 2017 3:40:25 PM

The Internet is evolving at an ever-increasing velocity.  With more internet connected devices being brought online, and always on services being delivered by Wifi hotspots and 4G, the average person is typically connected 24/7. 

Read More

UK Government & Regulators Demonstrate Importance Of Cyber

Posted by Rowland Johnson on Jun 13, 2014 2:04:03 PM

In less than ten days there have been two major announcements which demonstrate that the UK really is at the leading edge when it comes to dealing with the evolving cyber threat landscape. The UK Government has launched the Cyber Essentials scheme to increase basic levels of cyber hygiene within small and medium sized enterprises. This program will allow organisations to measure their levels of data security within an industry recognised framework.  It is designed to provide confidence to customers, investors, suppliers and insurers that organisations have basic technical controls in place to mitigate against the risk of a data breach. This proactive approach from the UK government is designed to raise cyber up the agenda for organisations and firmly place UK PLC on the information security map.

Read More

Topics: Security Blog, Uncategorized

Latest Security Breaches Spark Wake-Up Call For ‘The Board’

Posted by Rowland Johnson on Feb 12, 2014 1:58:01 PM

It would seem that there is no data and no organisation that is safe from a security breach in 2014.

Read More

Topics: 2014 Security Breaches, Neiman Marcus breach, Security Blog, Target security breach, Uncategorized

Does Conventional Penetration Testing Identify The True Risk?

Posted by Rowland Johnson on Feb 21, 2013 2:37:55 PM

Here at Nettitude, we have been delivering penetration tests for clients for more than a decade.  Over the last 10 years we have really seen the industry mature. Many organisations understand what penetration testing is, and as a consequence it has become an integral part of many organisations information security program. However, more often than not, organisations ask us to focus on the technical aspects of a penetration test, and ignore the social aspects. In many instances, we are told that ‘management’ don’t want to look at social engineering, and as a consequence, can we provide services that focus on the technology only?

Read More

Topics: Nettitude, Penetration Testing, Security Blog, Uncategorized

PCI London – January 2013

Posted by Rowland Johnson on Jan 29, 2013 2:37:55 PM

Nettitude were strongly represented at the AKJ Associates PCI London event at the Victoria Plaza Hotel on Thursday 24th January 2013. The PCI event allowed Nettitude to exhibit some new services such as our Forensic capabilities and incident response as well as showcasing our P2PE QSA accreditation.

Read More

Topics: Nettitude, PCI Compliance, Security Blog, Uncategorized

About Nettitude

Nettitude is the trusted cybersecurity provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Subscribe Here!

Recent Posts

Posts by Tag

See all