R&D security scans

This digital era has led to new innovations which changed the way we use technology for both business as personal use. The continuously growing performance result in more and more data being produced, handled, and stored. In that fast-changing world, security has gotten a more and more prominent role.

In this blog Group 2000 wants to provide you with insight on the impact of security on our internal processes and LIMA products.

In general, there are two types of security scans:

  • External scans performed by our customers;
  • Internal scans performed by Group 2000.

The challenge with the first type is to find a corresponding way to communicate. Customers use certain tools or hire external companies to perform security scans. Therefore Group 2000 receives a wide variation of output produced by those tools and/or companies, but also the way scans are conducted strongly vary. That makes it hard to quickly understand and/or correlate an external scan result with other (internal/external) scan results.  Unfortunately, not every security scan tool takes the target environment into account. Tooling should be aware of the system or the solution that is currently scanned; otherwise, they report issues that are not applicable. Meaning that reports often contain findings on, for example, different Operating Systems or even different hardware. Those so-called false positives clutter the results and decrease the value of the scan results.

The solution is the usage of market standards combined with an agreement on how to report issues. By using the internationally recognized NIST Framework both customers and Group 2000 are able to exchange information in a transparent and aligned manner. Reported findings can be easily checked and confirmed against the Group 2000 security scan findings and quickly determine if there is a fix available or if there is impact on the environment of the customer.

In the opposite direction, the NIST framework is used to map the internal security scan results of the customers’ situation and notify the customer in a manner that is recognizable by the customer.

The second type of security scan is the internal security scan. Besides helping our customers and creating highly valuable LIMA products, we have to ensure that what was created remains safe and secure. Every day vulnerability definitions are updated, and various security scans are conducted on both existing LIMA products and new LIMA products or new features. The results are stored in a dashboard that is monitored to create and maintain a high-security awareness. Furthermore, the results are increasingly becoming encapsulated in the lifecycle of our LIMA product range.

Like many things in life, security is never finished. There are always areas to improve and new levels or attack vectors to add to our security suite. That requires frequent, almost constant attention. At Group 2000, we chose a structured approach by using a security maturity model. The security maturity model addresses all relevant areas and provides us with scoring capabilities(varying from initial to very mature) and an approach to frequently address areas in which we want to grow.

Every month we zoom in on such an area, determine where we can improve, and what steps are required to improve.

We perform this analysis with an open mind by looking at the whole lifecycle process. Starting with awareness and ending with the assurance that the issue is resolved now and in the future.

That assurance is required to mature and remain on par with (security) market standards. We are looking forward to further securing our products.

Group 2000, your architects in safety and intelligence.

 

 

Talk to our experts

Want to know more about this blog? Leave your information and our experts will call/email you back.

Get in touch with us today

Have a question, or have an urgent or complex case? You can call us to get in touch with one of our experts.

+31 546 482 400

Contact us
Subscribe to our Newsletter

Stay informed about group 2000, our solutions and industry related matters.