Eoin & The Security

Continuous Asset Profiling  Something we are pretty proud of at edgescan  is our Continuous Asset Profiling service which is part of any edgescan license. We call it HIDE (Host Index, Discovery & Enumeration). So what is it and why should I care? HIDE provides continuous asset profiling across blocks of our clients IP's So rather than asking a client to specify individual IP's, edgescan profiles entire IP blocks/ranges. But why do this? The reason we give our clients the ability to profile entire blocks is three-fold. HIDE can detect if a server/IP goes live since the last round of continuous profiling. HIDE can detect if a new service / port or firewall change has occurred on any asset profiled. HIDE can alert our client of any change to their external asset profile on an ongoing basis using various methods such as SMS, email or Live Feed. If, as per traditional approaches to profiling, we only assess named endpoints we don't get the full picture. HIDE

The State of Cyber Security : We don't  want a 15 year old breaching our systems, stealing data and taking 13% off our share price as a result.....hmm I think not. If I wanna be hacked the hacker has got to be elite and like an uber hacker right!! It is strikingly obvious that security is still weak for both the large enterprise and smaller organisations alike. Take  TalkTalk hacked by 15yr old  for example... We live in a world where multi-million euro businesses can be drastically hit by ANYONE with the will, determination and curiosity, I sh*t you not!!. Poor practices we accept in the industry Yearly security testing on sites & systems that change frequently We perform annual testing of our systems, in a time limited manner. Our systems are in a constant state of flux (for the below reasons) but we still only do the annual security test.  See anything wrong here? 3 words  for you... Window Of Exposure Changes in code Happen more frequently, we are mo

Vulnerability management involves a little more than finding security issues in code and/or hosting systems......I find that much of the industry does not understand that vulnerability management, penetration testing, threat detection, endpoint detection, malware prevention and even anti-virus services and tools are about managing risk. Managing risk is about reducing it to a suitable level based on the cost of reducing it in the first place. There is no point in spending lots of time and effort on an issues which have little impact or which are very unlikely. Firstly what we want to to reduce the impact of the stuff which has a decent chance of occurring and would be a real pain in the ass if it happened, it would disrupt our business etc. "A situation involving exposure to danger..." So blindly throwing tools at a problem to help discover risks to your business is not going to work....but why?? Tools don't understand Risk : automated tools cannot give you an

Security as a Service / MSS.....Why? A number of factors are driving the need for managed security services (MSS) which are namely expertise, cost and consistency.  Key concerns when considering an MSS should be included as detailed below: Cost : The associated cost benefits of using some MSS providers may appear a very attractive proposition.  MSS provides the ability for a company to have deep security expertise without the associated cost of full time employees.  For example our edgescan™ service gives our clients access to our security engineering team whom manage the security posture of their assets. A managed service should give you the ability to reduce your Capital Expenditure and control your security-spend without sacrificing quality. Using an MSS, you can maintain your security posture but reduce overall Cost of ownership. Accuracy : Security is about covering all the bases; a defender needs to manage all vulnerabilities, whilst an attacker need

Our edgescan   managed penetration testing service, today announced it has been selected as a Finalist for Red Herring's Top 100 Europe award , a prestigious list honoring the year’s most promising private technology ventures from the European business region. Hurray!! The Red Herring editorial team selected the most innovative companies from a pool of hundreds from across Europe. The nominees are evaluated on 20 main quantitative and qualitative criterion: they include disruptive impact, market footprint, proof of concept, financial performance, technology innovation, social value, quality of management, execution of strategy, and integration into their respective industries. This unique assessment of potential is complemented by a review of the actual track record and standing of a company, which allows Red Herring to see past the “buzz” and make the list a valuable instrument for discovering and advocating the greatest business opportunities in the industry.