Targeting 100% Known Web Application Vulnerability Remediation
“[You] must not only know, [You] must act”
W.E.B. Du Bois 1868-1963
With ‘000s of new application vulnerabilities and exposures being announced daily , the race is continual – either fix your applications or be exploited. Finding your vulnerabilities is where it must start, but with limited budgets how can you do this regularly enough to remain current, let alone prioritise, fix and monitor? A programmatic approach is what is required. One that takes in all available threat and vulnerability information, sorts, prioritises, then provides a broad range of advise, options and tools to deliver rapid and appropriate action. These tools must be able to remediate issues across self dev eloped, 3rd party and legacy applications. The defending systems must then be monitored 24/7 by developers and security consultants to support the requirement for time sensitive design changes. The whole program then has to start again next week Too much to ask? Not for RedShield
“For less that the price of a Single FTE RedShield protects my critical Web Assets more rigorously and provides more meaningful management reporting than when I had a team of 10 attempting the same task”
CSO Large Government Department
RedShield Service Overview
• Technical Risk Discovery & Management
• Web Application Shielding
Technical Risk Discovery & Management first requires effective risk discovery. To this end RedShield includes weekly scanning (PCI ASV if required) of web assets under management. These results can be supplemented by those discovered by 3rd parties via Scanning, Code Reviews, Penetration Testing, Threat detection feeds, Bug Bounties etc. Regardless of who found the issue, our analysts determine risk ratings and supply “all reasonable” remediation options i.e. Function disablement, risk acceptance, direct code remediation & baseline/advanced shielding.
Web Application Baseline Shielding provides attack traffic visability, D DoS protection an d market leading generic threat mitigation. It is also an option for configuration based remediation for a broad range of common application vulnerabilities if required.
• Advanced Shielding • Continuous Monitoring & Development
With Advanced Shielding RedShield developers modify and augment the application’s security logic to remediate specific code vulnerabilities. This is without the need to modify a single line of back-end source code. Whether buying time to design and fix the code in a managed fashion or remediating 3rd party or legacy applications (where there is often no other option), this ‘on the fly’ AppSec development capability is what makes RedShield globally unique.
Continuous Monitoring & Development by our team of analysts, engineers, pen testers and developers is required to be able to stay ahead of the exploiters. Attacks can happen at any time and new risks are continuously developed, we are always ready to respond.
“For less that the price of a Single FTE RedShield protects my critical Web Assets more rigorously and provides more meaningful management reporting than when I had a team of 10 attempting the same task” CSO Large Government Department
E: email@example.com | W: www.virtis-us.com | REDSHIELD SECURITY LTD 2016 ALL RIGHTS RESERVED