Infrastructure & Architecture

Policy & Procedure

Infrastructure & Architecture

Design

Develop, Test, Release

Production

Security Right from the Start

It is too costly to bolt on application security after the fact.  Saltworks Security conducts infrastructure and architecture reviews of security early in the design phase to help identify and mitigate security loopholes that leave your applications vulnerable.

Architectural Standard Creation

Architectural reviews of applications can bring sanity and order to roles and responsibilities in applications across your entire organization. Saltworks Security can help enterprises create architectural standards that ensure your data stays secure, including standards for:

Encryption

Encryption can become weaker over time as new vulnerabilities are discovered, libraries become outdated, and algorithms fall behind new methods of attack. Saltworks Security can review your encryption libraries and settings to ensure your data stays protected.

Authentication

Authentication ensures your users are who they say they are. Saltworks Security can evaluate all authentication processes, including that users are properly validated prior to account creation, are only logged in for pre-determined lengths of time, and that the identify of users is properly established before any reset/recovery activity takes place.

Authorization

Authorization establishes roles and responsibilities for authenticated users. Saltworks Security can evaluate all authorization processes, including proper separation of duties and access, and ensure the principle of ‘least privilege’ is in place (meaning valid users are only permitted access to those programs, information, and/or servers necessary for their specific functions or job assignment).

Logging with SIEM integration

Most security incidents still occur at the application layer, so proper logging of events is extremely important. However, sensitive data should be masked or excluded for those events while still relaying enough information to resolve problems. Saltworks Security can ensure your logging processes are secure, including creating standards for proper protection and access controls for log files, archiving and destruction procedures, and log reviews and alerts.

Solutions

Data Encryption

Does your testing data potentially expose Personably Identifiable Information (PII)? Saltworks Security leverages Micro Focus Voltage to ensure your testing data remains secure with field level format-preserving encryption. Micro Focus Voltage is a powerful reversible encryption tool for structured data that uses National Institute of Standards and Technology (NIST) AES FFX mode FF1. Voltage works with an unlimited number of PII and other data types, generating keys that can be used for both encryption and decryption. 

Event Correlation AI

Log files can quickly grow too large for humans to review with precision. Event Correlation AI involves implementing tools to review application security logs for events that match patterns of behavior that threaten security. Through user-defined rules, the tool can then perform actions, such as sending alerts for security events and application failures. Saltworks Security leverages Respond Software’s market leading Event Correlation AI to review application security logs with built in security intelligence. We help organizations optimize and maintain their implementation and define how they want the tool to respond to specific events.

Chat with An AppSec Expert

Meet SaltMiner. A data warehouse and dashboarding tool. Learn More
+