New Solution to Provide Physical Penetration Testing and Social Engineering Security
CHICAGO (October 5, 2010) - Trustwave, a leading provider of information security and compliance solutions, is now offering Physical Security Testing to help businesses and organizations identify and remediate security weaknesses in their facilities. The service will be lead by Ryan Jones, the practice manager for physical security and social engineering, and implemented by Trustwave's SpiderLabs, the advanced security team responsible for incident response and forensics, penetration testing, application security and security research.
Physical Security Testing is designed for businesses that need to assess the physical security of a building, campus or other physical location. Physical security controls have technical weaknesses that can be easily exploited. They may also suffer due to poor policy implementation and a lack of security awareness, leading to social engineering attacks in which well-meaning employees volunteer information to malicious individuals.
"We've found that physical vulnerabilities are often overlooked when securing sensitive information from external attacks," said Robert J. McCullen, chairman and CEO of Trustwave. "Our traditional security and compliance solutions are now augmented by our physical security capabilities to ensure that businesses can protect their information from all threats, all the time."
Trustwave's SpiderLabs works with businesses and organizations to assess the physical security of a location, calculate risk and evaluate security system upgrades. Physical Security Testing includes a site survey, controls testing and networked physical security access control systems testing, as well as:
- Client-side Penetration Testing: Social engineering and other methods are used to ensure staff are adhering to policy that security awareness exists across an organization and key systems and endpoint security are performing well.
- Business Intelligence Testing: Data mining tools help determine if employees are inadvertently sharing intellectual property through social networking, using location adware software while posting comments about their company or blogging about an upcoming product release that has not been publicly announced.
- Red Team Testing/Physical Penetration Testing: Physical security subject matter experts are dispatched to survey a physical location to determine methods of attack, penetrate physical security and gather sensitive information to report all possible penetration points and unsecured data.
"Trustwave is a proven leader in the field of information security, so depending on them for physical security was a logical choice," said Colin Edwards, GSEC, systems administrator at I.U.O.E. Local 478. "We selected Trustwave's Physical Security Testing because we wanted to ensure our information security was not vulnerable to something as obvious as a crowbar or a pair of pliers, and wanted to verify that our security awareness training was effective and did not leave our employees susceptible to social engineering attacks."
Ryan Jones, Trustwave's physical security and social engineering practice manager, leads the group and performs physical security assessments, client-side testing, business intelligence testing and red team testing.
"The opportunity to work with top information security professionals at SpiderLabs to perform advanced security testing is very enticing," said Jones. "I am excited to work with a team of experienced security professionals whose skills complement my talents in physical security testing and social engineering."
Jones has more than 15 years of experience with a focus on physical security during the past six years, working with several leading information and physical security teams across the United States. Additionally, Jones has performed physical security and social engineering tests against government, transportation, education, financial, healthcare and retail organizations with close to a 100 percent success rate.
About Trustwave
Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions including SIEM , WAF , EV SSL certificates and secure digital certificates. Trustwave has helped hundreds of thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com/en-us/.