CodeSecure™ implements complex Static Source Code Analysis and Verification technology on a Web-based plug-and-play appliance. This low-overhead solution ensures vulnerability-free and hacker-proof web applications, and represents a more cost-effective and lower-risk alternative to the common build-first secure-later paradigm.
Information Security Products
Torrid Networks in association with its global allies brings best-of-breed information security products to secure its clients' information assets. With its expert information security practices, Torrid's product implementation and maintenance provides complete peace of mind for its customers. Our product portfolio ensures end-to-end information security including perimeter security, network security, application security and end-point security. Below are different products under our current offerings:
Real-Time Protection at the Web Application Layer
SmartWAF™ is a host-based integrated Web Application Firewall (WAF) that hardens and regulates access by detecting and blocking malicious code embedded in web application traffic. As a software plug-in on the Web Server, it is not designed to replace existing network perimeter security controls such as stateful/proxy firewalls, antivirus gateways or reverse proxies but to complement them by protecting against attacks that these technologies typically miss.
- Identifies, classifies and blocks malicious exploits embedded in the web traffic stream that specifically target web applications
- Integrates with both CodeSecure™ and HackAlert™, importing their findings to explicitly block web application exploits targeted at vulnerabilities identified by those processes
- Installs as a software plug-in directly on the web server (Apache, IIS) itself or on the security gateway (Microsoft ISA, IAG)
HackAlert™ is a 24x7x365 subscription-based monitoring service that notifies website administrators in the event that their site is injected with malicious code.
HackAlert™ puts control back in the hands of administrators, who now have the power to react immediately to website security breaches. With the knowledge that their website is under constant vigilance, peace of mind is ensured.
HackAlert™ Software Service
- Web-based Software-as-a-Service (SaaS) solution requires no application installation, signature updates or ongoing maintenance
- 100% non-intrusive scans provide around-the-clock monitoring for malicious code or links injected into subscribers' websites
- Detects injected code or links that could subject web clients to "drive-by-downloads" of malware such as viruses, Trojans, rootkits, etc
- HTML analysis engine identifies the existence of malicious links, typically embedded in mechanisms such as encoded JavaScript or hidden iFrames
- Dynamic malware analysis engine makes use of an API hooking sandbox and Spyware Behavior Extractor (SBE) to identify what the malware is, where it is downloaded from, and where it is written to on the victims' client PCs
- Detects known and unknown zero-day malware through pattern-free behavioral analysis technology with an extremely low False Positive rate
AVDS is a network vulnerability assessment appliance for networks of 50 to 200,000 nodes. It performs an in-depth inspection for security weaknesses that can replace exhaustive penetration testing. With each scan it will automatically find new equipment and services and add them to the inspection schedule. It then tests every node based on its characteristics and records your system's responses.
In a matter of hours and with no network down time or interruption of services AVDS will generate detailed reports specifying network security weaknesses.
Database of tests is updated daily with the most recently discovered security vulnerabilities. The AVDS database includes over 10,000 known vulnerabilities and the updates include vulnerabilities discovered by corporate and private security teams around the world.
Simple, Fast and Comprehensive
Manual vulnerability assessment is expensive and infrequently done. Assessment software can be time consuming to set up and operate, plagued by high false positive rates and cause network resource issues.
Automated Testing Using AVDS:
- Gets your tactical security work done routinely and quickly
- Provides the fixes you and your staff need for fast mitigation
- Buys you time to focus on security strategy
- Automatically scans new equipment, ports and applications
- Scales to handle multiple networks, business units, countries
- Reduces your patch-work by identifying exactly what is needed
Security and Compliance Challenges
The frequency and increasing severity of today's security threats are forcing companies to:
- Simplifies PCI-DSS, SOX and HIPAA compliance and reduces costs
- Strengthen current network security processes and procedures to protect against virulent worm/virus attacks from both external and internal threats
- Deploy new security solutions that span the entire network
- Restrict customer and partner access and permissions
- Respond to "Security Compliance" mandates, IT upgrades and internal policy changes
- Perform more frequent penetration tests.
Vulnerability Management
AVDS conducts automated vulnerability scans daily, weekly or monthly, or on ad-hoc basis. It records results and generates vulnerability trends for your entire WAN a LAN or single IP address. With three levels of reporting, each business unit can receive a report on it's own network and local results can be combined into a company wide picture.
Know What You Are Up Against
Pin point your most vulnerable IPs by either a ranked list or graph. Use AVDS to identify exactly which patches, solutions and workarounds to install. Re-scan networks and hosts after solutions have been implemented to verify and document compliance and remediation.
Solutions to Vulnerabilities Delivered
Each AVDS report contains the exact solutions to repair the problems found. This in-depth information shows how to fix and improve the security of your network, both as whole and for each of the devices in it. The recommended solutions include device specific information as well as custom tailored solutions for your environment.
Manage Vulnerabilities Across the Enterprise
Whether your network is as small as one LAN or involves hundreds of business units separated by firewalls, or even continents, all testing and report generation can be managed and controlled from one location with individual reports being automatically delivered to each business unit. Multiple scanners can be used to overcome bandwidth restrictions, firewall segmentations or to load balance and provide fault tolerance.
beSTORM performs a comprehensive analysis, exposing security holes in your products during development and after release.
beSTORM represents a new approach to security auditing. This new approach is sometimes called "fuzzing", "fuzz testing" or "fuzzer" and can be used for securing in-house developed applications and devices, as well as applications and devices of external vendors.
Most of the security holes found today in products and applications, can be discovered automatically. By using an automated attack tool that tries virtually all different attack combinations, with the ability to detect certain application anomalies and indicate a successful attack, those security holes can be found almost without user intervention.
WSSA (Web Site Security Audit) examines your website pages, applications and web servers to find security weaknesses and vulnerabilities that would give hackers an opportunity to do damage. Get the solid facts and recommendations you and your IT staff need to take corrective action.
It will quickly identify website security issues, including SQL injection and Cross Site Scripting (XSS), help you secure your site and then test it routinely to keep it secure! Just provide your domain name and WSSA will do the rest. There is nothing to install and tests will not disturb your site or visitors.
Our Clients
Torrid Updates
