Policy & Procedure
Infrastructure & Architecture
Develop, Test, Release
Continuous Monitoring equals Data-Driven Decisions
Application security is a continuous process, one that can’t end with deployment. Saltworks offers a variety of services to monitor applications for security vulnerabilities. This empowers organizations to make informed decisions based on application security testing data.
Applications, especially in the era of CICD, are not static entities. The longer code exists, the more vulnerable it becomes as new weaknesses are discovered, old platforms aren’t patched, and attackers update their methodologies.
Continuous Application Monitoring
Saltworks Security’s continuous application monitoring provides an expert option on what solutions you need as well as the experience staffed to execute it. Testing includes continuous application monitoring with real time alerts for when vulnerabilities are discovered, testing for changes in operational conditions, and code change detection.
SIEM Log IntegrationMost security events still occur at the application layer, so proper application security logging with SIEM integration is inherently important yet often overlooked. Saltworks Security ensures that your application event logging and SIEM integration are optimized by ensuring:
- Activities, errors and successes are logged but sensitive data is masked or excluded while alternative information is provided that can be used to investigate events
- Proper protection and access controls over the log files exist
- Data retention rules for logs, archiving and destruction are met
- Log review access and alerts expire in pre-determined timeframes (periodicity)
Saltworks Security works with several different technologies and vendors to provide solutions that help maintain application security after software has been released. Our experts can help install, maintain, and optimize configurations for solutions that help you achieve your best security outcome.
Threat Detection with Respond Software
Saltworks Security professionals can help you install and optimize Threat Detection capabilities with SIEM integrated always on continuous monitoring, analysis, and triage. Saltworks Security leverages Respond Software to help automate the analysis and triage of security data at machine speed, matching built in security intelligence with a depth & consistency unmatched by human analysis.
Web App Firewalls (WAF)
Attacks launched against existing applications are designed to steal sensitive data and deny services. Web App Firewalls (WAF) analyze and inspect incoming application requests to block potentially malicious traffic. Saltworks Security professionals can help you deploy Imperva WAF (on-premise, in AWS and Azure, or as a cloud service itself) to keep your deployed applications safe.
Runtime Application Security Protection (RASP)
Applications and services need embedded security controls that can mitigate vulnerabilities, prevent zero-day attacks, increase visibility, and improve risk management. Saltworks Security engineers can install and optimize Runtime Application Security Protection (RASP) to protect your application and prevent attacks during runtime, with no external dependencies required. Saltworks Security leverages Prevoty RASP to enable efficient and secure software development life cycles, monitor and protect applications at runtime, and neutralize known and zero-day attacks.
Security Dashboarding with Saltworks SaltMiner
With SaltMiner, enterprises have an automated way to aggregate, analyze, and report on results from scans conducted using different technologies, and to do it at scale. SaltMiner, Saltworks Security dashboard solution, helps enterprises see all vulnerabilities across all applications in an entire organization in a single dashboard view while also providing meaningful executive metrics. It’s a true enterprise tool, giving you a way to manage thousands of applications and scans and all the testers who interact with them.