As a leading risk management solutions provider, Pentura seeks to find its clients long-term strategies to secure their IT networks. “We believe in developing long-term relationships with [our] customers through offering a flexible engagement and ‘going the extra mile,’” says Smith.

As a result, Pentura provides expertise to a wide swath of companies, including BT (formerly British Telecom) and UK convenience store chain Somerfield. “By looking at the challenges from technical and management perspectives, we are able to deliver services and solutions in line with what the business needs, rather than just delivering point products,” Smith adds.

Pentura researches and chooses its partners based on their ability to offer Pentura’s clients best-of-breed solutions. The firm actively works with IBM, Blue Coat Systems, Checkpoint Systems, Skybox Security, and Websense, among others.

Risk Assessment & Intrusion Prevention Experts

Pentura’s expertise really shines in its Risk Assessment Services offerings, which provide clients with granular insight into both internal and external threats to their data and to their enterprise networks. “By measuring the risks associated to business-critical services and assets, we provide visibility of these top vulnerabilities and plan delivery of prioritized remediation,” says Smith.

Pentura offers several services that fall under the risk assessment umbrella, including vulnerability risk assessment, data risk assessment, firewall risk assessment, and intrusion detection and prevention assessments. Pentura delivers these services by leveraging the expertise of its consultants and ultimately finding the right combination of technologies that will lead to a solution, says Smith.

Smith points out that many of Pentura’s clients that have IDS (intrusion detection system) or IPS (intrusion protection system) deployments experience an overwhelming number of alarms, which he says can lead them to tune their policies down so far that they are no longer producing helpful information.

Pentura’s IT security consultants have years of experience deploying and managing IDS and IPS implementations and fully understand the process involved in doing so, says Smith. Pentura offers a comanaged service called LANSweeper that gives users control over their security systems while working closely with Pentura to continuously assess risk and implement, optimize, monitor, and maintain security. “The service delivers comprehensive identification and analysis of security events that require immediate action, thereby preventing costly downtime and potential loss of revenue,” Smith says.

How To Measure & Control The Risks

According to Smith, Pentura does not recommend, let alone deploy, any solution until it has detailed and shown what those risks happen to be. Recently, the company advised BT on the best solution for securing its wireless infrastructure. This required Pentura to help BT find a framework that could automate intruder detection capabilities, offer visibility into vulnerable access points, and provide a means to enforce these policies across its mobile workforce without hampering the company’s business. Moreover, this solution had to work with a Cisco-based network infrastructure.

Smith says that helping clients pinpoint their needs helps his company determine existing solutions’ effectiveness and aids Pentura in developing tailored risk management solutions. And Pentura does independent research on a significant number of security-related products, giving it the insight of current technologies and solutions.

“Only when a requirement definition is in place do we engage relevant partners that we have identified as best of breed,” Smith points out. “We provide visibility of the actual business risk imposed by vulnerabilities and network access exposure to internal, external, and B2B threats, and this visibility allows us to deploy the most appropriate technology using a prioritized, methodical, and [cost-effective] approach to secure platform and sensitive data.”

Working On Both Sides Of The Pond

Although Pentura is a UK-based company, it has a U.S. office in New York and offers its services to American organizations, as well. Smith says that Pentura has captained a number of global technology deployments. “We work with these companies to pull together the relevant resources in the timescales required and then deliver projects in line with regional compliance based on individual country regulations,” he says.

In addition, Pentura provides its Penetration Testing Services to U.S-based enterprises. According to Smith, Pentura has specialized in this type of testing for many years, deploying the same tools and techniques that a malicious attacker would use and providing complimentary retests to make sure that all of the discovered vulnerabilities have been secured.

Smith notes that Pentura is accredited as a member of Britain’s National Technical Authority for Information Assurance, or CESG (www.cesg.gov.uk). Moreover, every member of the company’s penetration testing staff holds a CEH (Certified Ethical Hacker) certification from the International Council of Electronic Commerce Consultants (www.eccouncil.org).

by Robyn Weisman