(Eduard Kovacs – SecurityWeek) Belden-owned Tripwire on Monday announced the availability of two new assessment services designed to help enterprises and industrial organizations find potentially dangerous vulnerabilities in their systems.
One of the new services, Industrial Cybersecurity Assessment, provides experts who can discover vulnerabilities in industrial control system (ICS) environments and determine if they can actually be exploited and if they pose a significant risk.
As part of the service, Tripwire employees review data from automated scanners, proprietary tools and manual reviews. Each finding is manually analyzed to check if the flaw actually exposes the organization, identify mitigating factors, and determine its impact.
Tripwire says it can analyze energy management systems, supervisory control and data acquisition (SCADA) systems, real-time control systems, distributed control systems (DCS), programmable logic controllers (PLCs) and other network devices without causing any disruptions.
The second service launched on Monday by Tripwire, Penetration Testing Assessments, is similar, but focuses on the analysis of an organization’s IT environment.
The pentesting service covers web applications, network services, wireless infrastructure, client-side and internal systems, and even physical security. Tripwire’s experts will focus on authentication and data flows on the network, and communications between systems and their users.
“We are expanding the ways Tripwire customers can partner with us in developing a strong security strategy,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Pen testing and assessment services are a good launching point for building a robust security posture. We provide organizations a tangible understanding of their security weaknesses and risks up front, and then help them develop a robust security strategy including critical security controls such as secure configuration and vulnerability management. It’s important that organizations – even those with the most mature security programs – test their defenses and stay up to date on vulnerability protection.”