Cybersecurity Services: |
|
|
Have 2nd Sight Lab test your cloud environment and applications to see if we can break in like a hacker.
Get a report explaining the findings, how to reproduce them, and how to fix them.
A cloud security assessment is similar to a penetration test,
but it is more broad and less deep. 2nd Sight Lab uses similar tools to scan your environment, but on a penetration test
we would take those findings and try to break into your compute and storage resources.
We would then try to use that access to get even further into
the environment to show you how we could steal data, credentials, or install malware on some other system.
On a security assessment we only scan and report the findings, along with some analysis explaining the risk as far as we
can tell and how to fix them.
One thing 2nd Sight Lab likes to review on an assessment, which we would not do on a penetration test, is the process developers use to develop and deploy software from the development environment through to QA and onto production. We primarily gain information about this process through interviews and any documentation that the customer can and wishes to provide. Sometimes customers have no documentation so the analysis consists mostly of talking through the process with developers. We address things like policies, change management, roles and responsibilities. We cover things like source control repositories, container registries, and package managers as appropriate.
The questions we ask come from a combination of industry standard cybersecurity best practices and our own research into what is most likely to cause a data breach. We provide findings and recommendations to close gaps, and can help guide customers towards standardized compliance if that is something they seek.
2nd Sight Lab does not provide audits or assessments to decide whether companies are compliant or not. Our goal is primarily to help prevent a data breach, not for a company to become compliant. However we can provide findings aligned to compliance standards that will help companies fix gaps prior to bringing in likely more expensive auditors to complete the compliance process for things like S0C 2 compliance. 2nd Sight Lab has provided cloud security training to some of the companies that perform these types of compliance audits and can direct our clients to recommended auditors in our report.
Companies often want to show us a demo and get feedback on their security product. That time is our money. We also cannot in good faith recommend a product based on a demo. We need to get hands-on with the product, use it, try it out, analyze it, and possibly perform a penetration test on it. If companies want us to evaluate their products and make recommendations to fix gaps, we can perform a product security assessment.
Qualifications for Security Product Assessments
- Experience responding to data breaches
- Security education and penetration certification
- Due diligence for venture capitalists
- Due diligence for mergers and acquisitions for a security company
- Worked for a security vendor (firewalls, ransomware, APTs, endpoint security, network security
- Helped a security vendor move the cloud as cloud architect and director of SAAS Engineering
- Developing and reverse engineering software since the 1980s
- Worked on teams that use and deploy third-party products and the related challenges
- Writer able to review and make recommendations to product documentation
Check out our blog for more information on security assessments.
© 2018 2nd Sight Lab, LLC | Savannah, Georgia
Teri Radichel, CEO of 2nd Sight Lab, has spoken at some of the largest cybersecurity,
application security, and cloud conferences around the world. Listen to some of the
presentations or view the slide decks below. Click below to hire a speaker for your event.
View cybersecurity presentations on Youtube:
View presentation slides for past cybersecurity and cloud security presentations.