During a Security Review with Halo Security, our team looks to understand your public-facing environment to ensure that perimeter scanning is configured correctly and to optimize testing coverage.
The review process will begin after you have provided a list of your domains and subnets. We'll then evaluate your current scan targets to confirm that our scanning technologies are applied in the best way possible. We use 5 different technologies that cover the network layer and the web application layer to effectively test all public facing components in your environment.
Custom scan configurations will also be evaluated during your Security Review. This may include setting up authenticated scanning to allow our automated scans to test beyond login. If you're working with custom-built APIs, our engineers can build custom scan policies to ensure they are tested effectively for vulnerabilities.
Additionally, we'll determine your risk score and evaluate how we can help mitigate any issues impacting it. To help you reduce risk over time and track improvements to your risk score, a risk meter is built into your Halo Security dashboard.
Once our review is complete, we'll meet with your team to discuss our findings and make recommendations. A follow-up meeting may be scheduled if it's determined that manual penetration testing is needed.
As an extension of your security team, Halo Security is happy to work with you to optimize configuration, establish workflows, and assist in remediation.