Feeds:
Posts
Comments

Archive for the ‘FAQs’ Category

This is typical scene and context you will hear before.

User make contact to help desk, yesterday still can access application, but today they encounter problem… due to developers make change and implement new functionality, and helpdesk support are not aware of it. DevOps support is challenging, in particular outsourced scenario.

For uncontrolled DevOps adoption at the rapid speed without consideration of helpdesk and users will happen and disrupt the operation. The promise of adopt DevOps and get business needed functionality at the business speed, using various continuous integration (CI) and continuous development (CD), continuous delivery and continuous deployment. With the strong believe users can aboard small, incremental changes introduced through a DevOps methodology without disruption of the business operation. Those are ideal scene. But we saw lot of large change and implemented in the bad way without coordination. For in-house developer maybe the disruption maybe less compare with outsourced due to accessible of the in-house developers team. But overall, that indicate the problem and issue where developers are not the good communicator and coordinate the smooth transition. A better approach bring in helpdesk and some user in the project line steering community group to make sure all the impact is noted and move in the manner every party can make their own contribution is the key. In the end, it is enterprise change, no just about developer developed application. Application required user to use and helpdesk to support.
For the best way is developer make use of system and tool where can provide user and helpdesk aware of what is going on, automation and integration to push all the needed information into respective group in their format of choice or what they used to. That will help to streamline and minimise the business disruption for the entire enterprise.

Feel free to contact E-SPIN for the various system and tools that we represented that capable to provide effective and efficient DevOps support for developer, helpdesk and user. From source code static application security testing (SAST), to dynamic application security testing (DAST), integrated platform, just to name some key result area (KRA) we can instant help.

Advertisements

Read Full Post »

Vulnerability Management Beyond E-SPIN

World keep changing and in the rapid way. No long ago we saw the changing landscape technology introduce by vulnerability management with “container security”. We can use to divide those who had it, work on it, and do not see it is part of the solution they will willing to integrate or work with 3rd party for it.

For past five years, for the initial introduce of Cloud Security and cloud based vulnerability scanner to vulnerability management. And now for those who possess it growing in the internet time be the large few player in the market. World keep repeat the same way, technology keep introduce, you either adapting it or you are out from the business. We saw player exist the market as well in the five year horizon, as the market, no really that long. If you can not commit resources for the head to head competition, better you give out and focus on other area you had the core strengths and competency.

As the industry established for so long, traditional vulnerability management (VM) market we saw long of changes, new technology, takeover, out of business, change of vendor direction, change of business model.

This article focus on few interesting topics.

Traditional vulnerability management market is now full of commercial and open source player. Include as well threat management (TM) player now offer vulnerability management (VM) through horizontal/vertical forward and backward integration or expansion. From the market and user point of view, total and unified solution, provide lower total cost of ownership continue to be strong value proposition. Unless it is hardcore and expert users, who depend on the specialized and more technical advance/complex tool and product solution, else generic and all-in-one product continue to provide massive benefits and market. It matter for the value, if you can not provide better functionality, then need to pricing right for it.

For professional and expert user who really know what it want to accomplish and possess the know how to do so. We are no surprising they use open source tool if they had the competency to do so.

Want we see most in the enterprise market is buyer more prefer report friendly tool and simple to operate and more “automation” feature set. This continue to be market dominance approach for big player, who will forward proposing more and more feature and functionality in the comprehensive offering. All commercial player aim to be prefer vendor for the chosen one.

For majority of buyer, most of them will settle down for generic all in one vulnerability management tool or suite, from affordable unlimited IP to those solution allow small IP node asset count, rather than commit huge IP block. Beware of the open source alternative keep provide alternative check whether the investment out weight the cost.

Few area of development is worth to following closely.

Toward Cloud. Despite it still had some very traditional industry and market do not accept cloud, but it is future proof and evidence all over the world how the cloud architecture solution do benefits the enterprise who adopted it. More and more enterprise infrastructure is migrated over cloud, if you still left behind in the cloud adoption in the right way, for sure, you will be spend lot of resources in the old fashion way. Cloud is not just about hosted on cloud, it also about automation, “cloud” system that go beyond traditional, capable to concurrent scan said 100k IP node at the same time. Just imagine, how much time you need to perform 100k IP assessment for the scanning if you do not do in the cloud way. It help the enterprise saving lot of time and money. More important, it provide the speed that traditional way can not be match. Scalability is another area, as they do not need to size up hardware and user is always paid by using thru subscription model, so no capital expenditure involved. Most of time we saw lot of people develop mis perception or maybe previously they are engage by no professional people mis to educate them correctly, and mis the opportunity to alignment the company resources for rapid business and technology transformation forward.

Container security. It a must for certain industry now. If your core business is on streaming video or data to mass market. Traditional vulnerability management fail on this due to speed and massive of streaming data they can not cope, this is why “container security” come in the age as the world evolved and require new form of technology.

DevSecOps. World toward cloud, online and speed, and adopted to DevSecOps as the way for be future forward and relevancy. Traditional way for separate process and wait for each other complete their stage before move to next stage manner is yesterday practice. Business now day demand application now and secure it immediately, where demanding for the automation, integration and instant end to end process. For traditional said just focus on dynamic application security testing (DAST) will found it out from the demand, where now the requirement is also provide static application security testing (SAST). Technology vendor who can provide it both and capable to integrate, automate all the process and workflow continue be relevant and needed for the future to come. Else, you need to lower your product pricing due to less value you bring into enterprise user use case and fulfil their business requirement.

Unified security, from infrastructure security to application security. Traditionally we saw player divide by the area, said application security, or enterprise vulnerability management field. As the market demand for the speed, we saw player from application security offering generic host vulnerability scanning. Same as well infrastructure security vendor offer application security or niche technology in their product suite portfolio (whether they take over another company or build in house for the technology).

Vulnerability correlation (VC) in more holistic and broaden area to make the data, intelligence can be leverage by other department and key result area (KRA). For example, for fit into Governance Regulatory and Risk Compliance (GRC) solution, co exist with Security Information and Event Management (SIEM) / Security Operation, provide vulnerability data for network and application security protection system for temporary “seal” the vulnerability to buy time for the developer fix their system, the opportunities and use case is limitless for leverage the information to benefits lot of related systems.

Vulnerability validation and exploitation testing or manual penetration testing. We expect the vulnerability management player either provide 3rd party support or integrated vulnerability assessment and pen-testing into single suite of product. This is also very appeal area we will look forward for the significant development. Surprising in case you are still no aware, it only had few main player on pen-testing, but we had lot of VM player. We also saw the recent development of pen-testing vendor offering VM as way responding to the market changes.

E-SPIN Group is active involved in vulnerability management and penetration testing (VMPT) business since 2005. We work with various of VM and PT supplier vendor and offering them as part of the solution that work for the enterprise market we served across the region of countries we do business. Feel free to contact our solution consultant for the business and partner requirements and opportunities.

 

Read Full Post »

This video is about BeyondTrust Powerbroker Password Safe Product Overview by E-SPIN

BeyondTrust Powerbroker Password Safe

For those who can not join us for the session, please see the summary and highlight clip for the event.

E-SPIN recently run a BeyondTrust Powerbroker Password Safe  what’s new session cover what new for new user and existing users.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

This video is about Visiwave Traffic Product Overview by E-SPIN

Visiwave Traffic Product Overview

For those who can not join us for the session, please see the summary and highlight clip for the event.

 

 

E-SPIN recently run a Visiwave Traffic Product Overview what’s new session cover what new for new user and existing users.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

This video is about Acunetix OVS What’s New by E-SPIN

Acunetix OVS What's New

For those who can not join us for the session, please see the summary and highlight clip for the event.

 

E-SPIN recently run a Acunetix OVS what’s new session cover what new for new user and existing users.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

This video is about Veracode Runtime Protection  Product Overview by E-SPIN

Veracode Runtime Protection Product Overview

For those who can not join us for the session, please see the summary and highlight clip for the event.

E-SPIN recently run a Veracode Runtime Protection what’s new session cover what new for new user and existing users.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

This video is about Dangerous of Ransomware and Solution by E-SPIN

Dangerous of Ransomware and Solution by E-SPIN

For those who can not join us for the session, please see the summary and highlight clip for the event.

 

E-SPIN recently run a Dangerous of Ransomware and Solution  what’s new session cover what new for new user and existing users.

For further information, please contact us or visit to our website on http://www.e-spincorp.com

Read Full Post »

Older Posts »