We continuously monitor your infrastructure by taking regular snapshots of resource configurations. Through rule-based analysis of those configurations, we can identify, quantify and help you manage all sorts of risk.
Because we store that historical data, not just findings, we can leverage that data for more than just identifying vulnerabilities or quantifying risk at a given point in time. For example, we’ve worked with clients to help explain how their environments have changed over time, or explain how certain assumptions they made about their environments stopped being true. Additionally, we can use this information to support other efforts, like compliance (like providing evidence that certain standards were met historically, even after the fact) or incident response (like checking the state of potentially compromised infrastructure when it was compromised). You can read more about our approach to building security tooling on our blog.
Throughout the life of the engagement, Latacora will keep an eye out for scenarios that present risk. This includes:
Latacora can also guide as needed for the remediation of existing resources and guidance for new architecture plans.
We run ongoing network penetration assessments for all our clients, which includes routine scheduled light-touch scans and collecting open-source intelligence indicators.