Data protection
CyberArk Sensitive Information Management meets the needs for protection of the information during its transfer, as it allows sensitive information to be exchanged securely and efficiently, both inside and outside the company. The solution provides protection based on encryption and granular access control to protect the most sensitive files. The main characteristics are:
- Support of several transfer protocols
- Integrability with market applications or applications developed in house
- On premise solution or in cloud service
- Access and permission profiling
- Auditing of the actions carried out
Security testing
Codenomicon is the solution that provides tools for analysing the software and protocols for communication with Blackbox and Fuzzing test techniques to identify unknown vulnerabilities as well as known ones. Unlike other solutions, it does not modify the source code but the executable binary code and may reveal any vulnerabilities in Apps for mobile phones, firmware or other parts of the software, standard libraries for implementing communication protocols, encryption, violations of licences of libraries included in the software prior to its distribution.
An important solution is Codenomicon AppCheck, a platform onto which the user uploads an executable program, analyses it and provides a report on the composition of the software, listing any third-party libraries included and if their licence obligations are respected. The components are scanned for known vulnerabilities and the report suggests corrective action for any identified. This results in:
- Significant reduction of the risk
- Reduction of application testing and release times
- Saving of resources for continuous Patch Management
Security vulnerability management
The proprietary Security Vulnerability Management solution is used to manage the entire life cycle of the vulnerabilities found in the company's systems and applications. In particular, the solution enables the user to:
- define a vulnerability and associate it with an asset
- assign an owner to it
- analyse and assess it, associating a level of criticality with it
- define an adequate mitigation action and assign an owner to it
- monitor the implementation of the mitigation action
- close the mitigation action
- represent the vulnerabilities and their mitigation actions in specific reports