Nettitude has added another string to its penetration testing bow today, following confirmation from CREST – the not-for-profit organisation that serves the needs of the technical information security marketplace – that our testing team has successfully achieved full CREST STAR (Simulated Target Attack & Response) status. STAR is arguably one of the most sophisticated approaches for delivering penetration testing. Through combining comprehensive threat data with a “Red Team” style of testing, STAR assessments are designed to deliver some of the strongest levels of assurance available to organisations across the globe.
You can’t have failed to notice the media storm in the IT and security press around the recent vulnerability in the bedrock of the internet – SSL. The service designed to be protecting our data when sent over the big bad public wire has been wide open since early 2012 within many OpenSSL deployments (unpatched OpenSSL 1.01 or 1.02beta).
There has been a lot of talk both at Nettitude and all over the world over the last 24-hours regarding the Heartbleed bug. This is possibly the biggest kink in the armor of SSL ever found, due to the fact that it affects such a large portion of hosts on the internet1.
Here at Nettitude, we have been delivering penetration tests for clients for more than a decade. Over the last 10 years we have really seen the industry mature. Many organisations understand what penetration testing is, and as a consequence it has become an integral part of many organisations information security program. However, more often than not, organisations ask us to focus on the technical aspects of a penetration test, and ignore the social aspects. In many instances, we are told that ‘management’ don’t want to look at social engineering, and as a consequence, can we provide services that focus on the technology only?
Nettitude were strongly represented at the AKJ Associates PCI London event at the Victoria Plaza Hotel on Thursday 24th January 2013. The PCI event allowed Nettitude to exhibit some new services such as our Forensic capabilities and incident response as well as showcasing our P2PE QSA accreditation.
“Networks are no longer safe if a company takes the egg-shell approach of simply using perimeter-centric hardware devices, anti-virus and anti-malware software and other approaches to keep intruders out" - William Boni, VP and CISO T-Mobile USA – Jan 2012.
With the clamour for ‘Bring Your Own Device’ (BYOD) solutions increasing dramatically in the corporate workplace; IT departments are facing the dilemma of potentially unsecure personal devices connecting to the corporate network and threat of compromise to the once secure environment.
A new year started and why change good habits - or maybe this is a New Year’s resolution? I’m just back from the second New York Metro ISSA Chapter meeting of 2012. Here is my quick wrap-up.