Focus | Aura Information Secuirty
Are you really cyber secure?
“It’s not that there’s suddenly more cybercrime than before, it’s just that people are starting to wake up to the impact of breaches and the relative ease of hacking into historically insecure systems,” says Andy Prow, founder and managing director of Aura InfoSec. “If you have vulnerabilities in your website or network and aren’t addressing them, then sooner or later, they will be exploited by cyber criminals. Such vulnerabilities include unpatched systems, insecure code or even just simple misconfigurations that leave tiny cracks in your IT defences.” Aura provide IT Security consulting services relevant to all technologies, from web to physical network, Wi-Fi, mobile and BYOD (bring your own device). Aura’s success has also come from its holistic approach to IT security. “We don’t just focus on the immediate security flaws of the system, but why they’re there in the first place - like old systems, poor coding, poor product selection, insecure build, lack of updates and management… the list goes on,“ he says. Aura therefore spend as much time performing secure developer and secure admin training, code reviews, threat modelling and risk assessments as they do performing the traditional penetration tests.
is built into our work. The team research new threats and security issues with all new technology advances and have presented both here in NZ and around the globe at leading IT security conferences.” However, vulnerabilities change on a rapid basis. New threats and attacks are being created daily, new code is being written and systems are being changed regularly. To keep up with the ever-changing risk profile, Aura launched a new business in 2008 called Aura RedEye. RedEye is a vulnerability management service that provides continuous monitoring of your network or websites and identifies all detectable or possible vulnerabilities. RedEye consists of custom software written by Aura, which has received four grants from MSI (now MoBIE) for the R&D behind RedEye. This software sits on servers in the cloud, on client sites and now inside a number of hosting providers around NZ, to scan both external and internal networks, and public and private websites and web-applications. “Our highly trained security specialists then review these issues and prioritise them for your business and are on-tap to provide expert advisories on how to resolve or mitigate any security issues.
“Areas we’re expanding more into in 2013 are wider training, focusing on all staff including the management and exec teams, and also Red-Teaming,” he says.
“We are also New Zealand’s first and only PCI Approved Scanning Vendor and our focus is on large enterprises wanting to achieve PCI compliance, as well as optimising their overall security posture.”
Red-Teaming is where Aura spend a longer amount of time performing real-world attacks of multiple systems, people and processes, to test the more real-world responses of organisations.
Andy says most large businesses underestimate the cost of a successful cyber exploit which can be measured in terms of lost time, reputational damage and ultimately revenue.
“To keep the team up to speed on the latest threats and technologies, regular research
Aura is continuing to develop new features into RedEye, such as its online vulnerability
Chief finance officer Diane Prow on the far left and managing director Andy Prow on the far right with clients.
<
Whether it be privacy breaches, website hacks or denial of service attacks, you cannot get away from the topic of cyber security. It’s good to know we have high-tech companies in NZ helping to fight against cyber-crime, and one such company is Wellington’s Aura Information Security (Aura InfoSec).
“
In their words
Aura RedEye can assist an enterprise with its information security by:
“Due to the high number of application updates we release every week, RedEye has been an essential service to help spot vulnerabilities immediately so that we can patch them as soon as possible.”
• Providing an external and internal vulnerability scanning managed service • Providing a comprehensive website to manage and mitigate vulnerabilities
- Alistair Grigg, chief operating officer, Xero
• reducing company time spent collating and interpreting complicated IT security reports
”
Hosting providers
• Alternatively, setting up and supporting Rapid7’s Nexpose for internal network scanning.
• Providing an expert vulnerability scannin managed service • Scan both internal networks, or all of your external interfaces, from websites to remotely hosted cloud sercives, including a growing number of NZ hosting providers who can scan within the data-center and private clouds
management portal and integration with Endace’s data-capture Probe and F5’s web application firewall (WAF) for a newly launched service called RedShield.
• Tune your F5 WAF with the new Red-Shield service to provide rapid protection of your websites
“RedShield is going to the next level”, Andy says. “RedEye as a system scans for security holes - now with RedShield we can quickly apply customised defences for vulnerable websites that provide a rapid level of protection whilst the site is being fixed properly”.
Wellington technology company in the New Zealand 2011 Deloitte Fast 50.
Aura RedEye’s work is being internationally recognised, winning the Australia New Zealand Internet Awards (ANZIA), as well as being named a finalist in both the prestigious Wellington Gold Awards and the AUT Excellence in Business Support Awards. Aura InfoSec also won the Electra Business of the Year in 2010 and Aura RedEye was named the Emerging Business of the Year at the 2012 Electra Kapiti Horowhenua Business Awards. As well as this Aura has been in the Deloitte APAC Technology Fast 500 for the last three years running and was the fastest growing
With the global Cyber-Security market being worth US $68 billion per annum, Aura is definitely a Wellington company to keep an eye on. Aura Information Security Level 12 Tourism & Travel House 79 Boulcott Street Wellington T (04) 894 3755 E sales@aurainfosec.com www.AuraInfoSec.com — Advertising Feature
When it comes to being hacked, it’s just a matter of time
e: sales@auraredeye.com Ph: 0508 REDEYE (733 393) International Ph: +64 4 894 3755
Aura RedEye from Aura Information Security is a vulnerability scanning managed service that provides continuous monitoring of your network or websites and identifies all internationally-known vulnerabilites. Our highly trained security specialists then review these issues and prioritise them for your business. Through an easy-to-use secure website, they can even provide advice on how to fix issues, when necessary.
Upgrade your cleaning service today Are you suffering issues with your business cleaning service? Are you having trouble getting a quick response to issues you raise? Here’s how Masterclean2000 may be able to help. Masterclean2000 takes responsibility and works hard to avoid issues, but should you ever have a query, we will address it directly, quickly and completely. Clients span the Corporate, Industrial, Property Management, Commercial, Retail, Education and Medical Sectors. See our website for details www.masterclean2000.co.nz
The difference is, we care.
Masterclean2000 proudly associated with Aura Information Security
For information on how we can help you, contact us today: Ph: 04 5892020 E: care@masterclean2000.co.nz
On contract acceptance receive 15% off your first month’s invoice.
www.wellingtontoday.co.nz February/March 2013 | 29
WT#81 Pages 29-56.indd 29
22/01/13 9:44 AM