Monthly Archives: June 2014

Too Small to Hack: Small Business and Security

If you are paying attention to the news, security is a big topic.  At least that’s what CNN and the Wall Street Journal think.  And I would happen to agree. (I may be a bit biased!)  But even with things like Heartbleed and 0-day flaws in IE, we still commonly hear from small businesses that they just aren’t focusing on security.

For many, the issue we find is that they don’t believe they can afford security.  And in many cases, this has been true. Security testing can be expensive and with the fast-pace of changes in IT and security, companies need to be able to test their security on a regular basis.  This can be overwhelming.

So Secure Ideas has attempted to fix this with the availability of Secure Ideas’ Scout!  Secure Ideas Scout is a multi-pronged service that focuses on testing an organization’s security in the places that attackers focus – networks, web applications and users.

The first service available is PassiveScout.  PassiveScout is a free service that performs a non-intrusive assessment of the infrastructure running an organization’s web application.  PassiveScout then returns a quick report of concerns around the application infrastructure.

The next service is NetworkScout.  NetworkScout focuses on the network services offered either externally to the Internet and/or internally.  Secure Ideas’ analysts perform a network security assessment.  But instead of just providing a report that often overwhelms the recipient, Secure Ideas evaluates the findings based on an attacker’s perspective.  This allows us to provide a report that explains the risks associated with issues and includes the issues that are important.

WebScout focuses on the web applications that an organization makes use of.  Since these are often the focus of attackers as they often have the most critical data.  WebScout focuses on testing the applications to find various security issues and logic flaws.  As with NetworkScout, Secure Ideas’ analysts will evaluate the assessment results to provide a report that focuses on the important issues related to the application.

Finally, Secure Ideas has created UserScout to assess the organization’s employees’ awareness of security.  Using phishing emails or phone calls, Secure Ideas analysts will assess how responsive an organization’s staff are to various social engineering attacks.  Then a report will be generated to allow the organization to focus their training efforts.

All of these services are designed to be affordable to small and medium size businesses.  Organizations can subscribe to one or more of these services and get a handle on their security concerns!

Kevin Johnson is the CEO of Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at kevin@secureideas.com or visit the Secure Ideas – Professionally Evil site for services provided.

What Do You Expect From A PenTest?

There are many reasons that a company has a penetration test performed.  Maybe it is due to regulatory compliance, like HIPAA, or they are just take security seriously.  No matter what the reason is, you want to get the most from a penetration test.  Any of you that have had a good penetration test done… Continue Reading