Infrastructure & Architecture
Policy & Procedure
Infrastructure & Architecture
Develop, Test, Release
Security Right from the Start
It is too costly to bolt on application security after the fact. Saltworks Security conducts infrastructure and architecture reviews of security early in the design phase to help identify and mitigate security loopholes that leave your applications vulnerable.
Architectural Standard Creation
Architectural reviews of applications can bring sanity and order to roles and responsibilities in applications across your entire organization. Saltworks Security can help enterprises create architectural standards that ensure your data stays secure, including standards for:
Encryption can become weaker over time as new vulnerabilities are discovered, libraries become outdated, and algorithms fall behind new methods of attack. Saltworks Security can review your encryption libraries and settings to ensure your data stays protected.
Authentication ensures your users are who they say they are. Saltworks Security can evaluate all authentication processes, including that users are properly validated prior to account creation, are only logged in for pre-determined lengths of time, and that the identify of users is properly established before any reset/recovery activity takes place.
Authorization establishes roles and responsibilities for authenticated users. Saltworks Security can evaluate all authorization processes, including proper separation of duties and access, and ensure the principle of ‘least privilege’ is in place (meaning valid users are only permitted access to those programs, information, and/or servers necessary for their specific functions or job assignment).
Logging with SIEM integration
Most security incidents still occur at the application layer, so proper logging of events is extremely important. However, sensitive data should be masked or excluded for those events while still relaying enough information to resolve problems. Saltworks Security can ensure your logging processes are secure, including creating standards for proper protection and access controls for log files, archiving and destruction procedures, and log reviews and alerts.
Does your testing data potentially expose Personably Identifiable Information (PII)? Saltworks Security leverages Micro Focus Voltage to ensure your testing data remains secure with field level format-preserving encryption. Micro Focus Voltage is a powerful reversible encryption tool for structured data that uses National Institute of Standards and Technology (NIST) AES FFX mode FF1. Voltage works with an unlimited number of PII and other data types, generating keys that can be used for both encryption and decryption.
Event Correlation AI
Log files can quickly grow too large for humans to review with precision. Event Correlation AI involves implementing tools to review application security logs for events that match patterns of behavior that threaten security. Through user-defined rules, the tool can then perform actions, such as sending alerts for security events and application failures. Saltworks Security leverages Respond Software’s market leading Event Correlation AI to review application security logs with built in security intelligence. We help organizations optimize and maintain their implementation and define how they want the tool to respond to specific events.