Capitis provides security solutions continuously throughout the development, deployment, and operational lifecycles. We have significant expertise in the following security services:
- Penetration Testing
- Risk and Compliance Assessments (HIPPA; PCI; NIST 800-53; SOX)
- Application Security
- Cloud Security, Automation, and Orchestration
- Security Configuration, Baselining, and Compliance
- Vulnerability Management
- Security Architecture and Design
Capitis has provided agile, integrated, and continuous security solutions to its customers for many years. Our team has a proven track record of delivering high quality work from the best of breed and industry leading professionals. We understand that security should be embedded in every aspect of an organization, from planning and development to maintenance and operations.
Penetration Testing and Security Assessments
Our world class security team uses best-in-class vulnerability assessment and penetration testing tools to supplement our manual penetration testing methodology. The Capitis methodology is designed to manually simulate real-world attacks, mimicking the same tactics deployed by malicious hackers.
We have designed a unique reporting methodology that provides actual and measurable risk-rated findings and recommendations to help you better protect your networks and systems from compromise.
Cloud Security Services
Capitis provides solutions to manage the challenges of cloud security. With the industry moving towards server-less frameworks, automation, and dependencies on API’s, the attack surface is continuously evolving and creating additional risks that traditional IT organizations are not accustomed to. Another deviation from traditional on-premise data center infrastructures is that security features are moving into the control plane and software defined networks are becoming more prevalent. We understand the risks associated with cloud expansion and have real world experience in conquering these challenges.
Attacks on cloud infrastructures are becoming more complex, sophisticated, and automated through the proliferation of advanced malware, bot nets, and the internet of things. Another issue that organizations face is that the “shared security model” implemented by many cloud providers poses additional risks that blur the lines of security responsibilities.
Within the “shared security” model, providers are looking to further enhance the features and security aspects that are the responsibility of customers to help improve their overall cloud security experience. This leaves organizations with the responsibilities of security in a variety of roles, including enterprise integration, governance, architectural views, and other areas.
Capitis web application security assessments offer the consistency of automated tools and reporting in addition to the benefits of manual testing to protect one of your most valuable IT assets. The Capitis methodology employs active exploitation techniques in order to evaluate the security of the application against best practice criteria, and to validate its security mechanisms and configurations to identify application/system level vulnerabilities. Custom and manual testing enables the Capitis security team to perform a more comprehensive assessment of the overall vulnerabilities that exist within your applications.
In addition to application security assessments, Capitis provides secure application development that integrates seamlessly with development and security operations. The Capitis team has worked on Department of Home Land Security (DHS) and Financial Industry applications for over a decade. Both industry platforms required the development and implementation of secure services that confirm to NIST 800-53 standards. In addition, we are experienced in implementing industry standard and cutting-edge security controls.
Research shows that 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year. Capitis can help your organization develop and maintain an effective vulnerability management program by focusing on fixing the vulnerabilities that we know exist while hunting for the unknowns in parallel. Although these vulnerabilities are easy to ignore, they’re also easier and more inexpensive to fix than to mitigate. Our professionals can build a comprehensive vulnerability management solution tailored to your organizations needs and requirements.
We help the business understand and deal with the reality of enterprise security and vulnerability management. Our team will engage any tool and vendor that can assist them in accomplishing their mission and their goals.
Risk and Compliance Assessments
Capitis can provide assessment services to build a complete risk profile of your organization and operating environment. Assessments can be performed against numerous types of regulations and requirements, with pre-built NIST, HIPAA, PCI and ISO27002 templates. We can perform multiple assessments ranging from policy reviews, compliance gap analysis, and procedure assessments, to in depth technical assessments that include penetration testing and advanced persistent threat reviews. We also have the expertise to deliver extensive gap analysis, compliance audits, and risk assessments.
Security Architecture and Design
Security architecture and design is an integrated and cohesive process that is focused on addressing potential and actual risks in the organization’s environment. Whether your organization is focused on meeting compliance requirements, addressing an evolving threat landscape, or identifying gaps in its security controls, our professionals can assist you with these challenges. We have the resources and expertise to objectively assess and prioritize opportunities for improvement within each organization.
Capitis can provide security architecture and design solutions and security architecture assessments. Our security assessments provide the benefits of:
- Identifying potential gaps in your organizations technical security controls by providing a comprehensive analysis of security controls and architecture
- Providing a compilation of a security architecture assessment, design guidance, recommendations and mitigation roadmap
- Implementation guidelines and standards recommendations
- Security device, application, and posture assessments