Beyond Security Technology Partners

Technology Partners

Beyond Security has partnered with the following companies and adheres to the following standards to deliver excellence in network and application security testing.

Are you interested in a technology partnership? Contact us at partners@beyondsecurity.com.

Integration Partners

Website

ArcSight Enterprise Security Manager (ESM) is the market-leading security correlation engine used by the most demanding public and private organizations in the world. It protects these firms from external threats such as bots and worms, and internal risks such as fraud and theft.

AVDS is integrated with ArcSight ESM to provide vulnerability assessment data.

Link: http://www.arcsight.com/products/products-esm/

Website

Service desk software from CA Technologies lets you optimize the business user's support experience. Gain the ability to deliver high-quality, consistent IT service support with Service Desk Manager. Be able to easily automate incident, problem, knowledge management, interactive support, self service and advanced root cause analysis. Deliver superior end-user support with simplified change and configuration management.

CA Service Desk and AVDS have been integrated to share vulnerability information.

Link: http://www.ca.com/us/service-desk-software.aspx

Website

CORE IMPACT streamlines penetration testing of servers, desktop systems, end-user systems, web applications, wireless networks, network devices, and mobile devices by automating tasks that would traditionally require significant time, effort and expertise to perform. CORE IMPACT automates the accepted best practice for performing penetration tests.

CORE IMPACT depends upon AVDS to identify vulnerabilities that it then attempts to exploit.

Link: http://www.coresecurity.com/content/core-impact-overview

Website

Imperva is the global leader in data security. With more than 1,300 direct customers and 25,000 cloud customers, Imperva's customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders.

Link: http://www.imperva.com/index.html

Website

Microsoft Security TechCenter provides security bulletins, educational materials and product updates.

AVDS reports link directly to the applicable Knowledge Base articles providing instant access to the solutions of Microsoft related security issues.

Link: http://technet.microsoft.com/en-us/security/default

Website

The Security Development Lifecycle (SDL) is a software development security assurance process consisting of security practices grouped by seven phases: training, requirements, design, implementation, verification, release, and response. The SDL Pro Network is a group of security consultants, training companies, and tool providers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the SDL.

Beyond Security is a member of the SDL Pro Network and beSTORM is a listed tool.

Link: http://www.microsoft.com/security/sdl/adopt/pronetwork.aspx?section=tools

Website

Pluron, Inc. is a web startup based in Silicon Valley. Our main product is Acunote - an Agile project management tool built on the innovative lightweight Scrum process.

AVDS delivers Acunote-ready vulnerability report data allowing Scrum managed remediation.

Link: http://www.acunote.com

Website

BMC Remedy is an IT Service Management solution that boasts reduced complexity and seamless integration of customer support, change, asset and request management.

By feeding vulnerability report information directly into Remedy, AVDS helps automate remediation planning.

Link: http://www.bmc.com/solutions/itsm/it-service-management.html

Website

Your IT infrastructure generates massive amounts of data. Machine data - generated by websites, applications, servers, networks, mobile devices and the like. By monitoring and analyzing everything from customer clickstreams and transactions to network activity to call records, Splunk turns your machine data into valuable insights. Troubleshoot problems and investigate security incidents in minutes (not hours, or days). Monitor your end-to-end infrastructure to avoid service degradation or outages.

AVDS seamlessly feeds scanning data into Splunk for centralized security data management and distribution of graphic vulnerability results to key staff and executives.

Link: http://www.splunk.com/product

Website

Symantec Security Information Manager enables a documented, repeatable process for security threat response and IT policy compliance via integrated log management and incident response solutions.

AVDS exports vulnerability incidents to the Security Information Manager allowing coordinated incidence response.

Link: http://www.symantec.com/business/security-information-manager

Website

TOPdesk helps organizations improve their services by offering user-friendly, standardized software. This personal approach has been successful for over 17 years now. Currently, 4,000 organizations in 40 countries use TOPdesk for IT, Facilities, HR and Shared Service Centres.

AVDS delivers vulnerability information to TOPdesk for integration into its incident management workflow.

Link: http://www.topdesk.com/it-departments/topdesk/incident-management

Website

Trustwave SIEM Operations Edition is event management software for the enterprise - scalable, flexible and easily integrated with the enterprise infrastructure. SIEM OE automatically transforms logs into security events and prioritizes high risk events, providing actionable alerts to help businesses stay secure and compliant.

By feeding it vulnerability test results, AVDS enables the log management functionality offered by SIEM OE.

Link: https://www.trustwave.com/siem/siem-operations.php

Standards Partners

Website

BASEL II is officially known as the International Convergence of Capital Measurement and Capital Standards. It is a framework established by the Basel committee, a consortium of Central Governing Banks from several countries. The applicable framework for information security in order to meet Basel II in the U.S. is the FFIEC Information Security Booklet (2003).

AVDS Vulnerability Assessment is a vital component of any Basel II compliance project.

Link: http://msdn.microsoft.com/en-us/library/aa480484.aspx#regcompliance_demystified_topic7

Website

CVE's (Common Vulnerability Enumeration) common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

AVDS is CVE compliant and includes CVE identifiers in its vulnerability reports.

Link: http://cve.mitre.org/

Website

CVSS is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities. CVSS helps organizations prioritize and coordinate a joint response to security vulnerabilities by communicating the base, temporal and environmental properties of a vulnerability.

AVDS incorporates the CVSS standard method of describing the severity of vulnerabilities.

Link: http://www.first.org/cvss

Website

The HIPAA (Health Insurance Portability and Accountability Act) Security Rule sets US standards for the security of electronically stored health information. Healthcare information handlers must implement electronic measures, including vulnerability assessment, to ensure that health care information is not improperly accessed, altered or destroyed.

AVDS provides reports that assist compliance with HIPPA standards.

Link: http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html

Website

ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements. ISO/IEC 27002 provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS).

ISO 27001 and ISO27002 compliance is simplified by AVDS and its ease of use and automated functionality

Link: http://www.iso.org/

.

Website

Information and Communication Technology (ICT) security standards have been established by the International Telecommunications Union Telecommunications Standardization Sector (ITU-T). Activities include: developing and maintaining security outreach material; coordination of security-related work; and identification of needs and assignment and prioritization of work to encourage timely development of telecommunication security Recommendations.

AVDS is used by some of the largest telecommunications companines in the world to establish secure networks. beSTORM is used by develpers of mobile handsets and applications to find and fix security weaknesses prior to release.

Link: http://www.itu.int/en/ITU-T/studygroups/com17/Pages/telesecurity.aspx

Website

The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels.

AVDS is appropriate for testing information and data controls, computer and telecommunications networks, wireless devices and mobile devices.

Link: http://www.isecom.org/osstmm/

Website

The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. OWASP stands for informed security decisions based on a solid, comprehensive understanding of the business risk associated with an application. The OWASP Foundation does not support, advocate, or recommend any particular product or technology.

AVDS web application scanning features can assist in the compliance with OWASP Published Standards.

Link: https://www.owasp.org

Website

The Payment Card Industry (PCI) has established a Data Security Standard (DSS) to provide clear policies for the safe collection, transmission and storage of credit card data. An Approved Scanning Vendor (ASV) is a company which has been tested by the Security Standards Council and found qualified to provide security testing of the web applications and supporting equipment that handles credit card information.

Beyond Security is an Approved Scanning Vendor and provides PCI scanning services.

Link: https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php

Website

SANS is the most trusted and by far the largest source for information security training and security certification in the world. The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through.

AVDS addresses the following critical controls:

  • Inventory of Devices
  • Secure Configurations
  • Application Software Security
  • Continuous Vulnerability Assessment

Link: http://www.sans.org/critical-security-controls/

Website

The Sarbanes-Oxley Act of 2002 (SoX) includes legal requirements for data accuracy and accountability. Section 404 of the Sarbanes-Oxley Act mandates that all publicly-traded organizations must demonstrate due diligence in the security and disclosure of financial information. They must implement internal controls and procedures to communicate, store and protect that data. They must protect these controls from internal and external threats and unauthorized access, including those that could occur through online systems and networks.

AVDS provides enterprise level vulnerability assessment and management, a vital component of data security and specifically required by SoX.

Link: http://www.sox-online.com/security.html

Mehr Informationen

Beyond Security

ist ein zugelassener Scanning-Anbieter für die Payment Card Industry (PCI).

Testen von Webanwendungen

Entdecken Sie Sicherheitsprobleme im Zusammenhang mit Webanwendungen, Websites und den zugehörigen Anlagen und Datenbanken.