Security Architecture & Engineering

Application Security

It is globally recognised that an organisation’s data would be considered its “crown jewel” asset when it comes to investments in cybersecurity. Ensuring that an organisation can service its customers, and protect their data, is of the utmost importance, as data is irreplaceable.

​

Protecting data first starts with protecting the applications that an organisation’s customers are interacting with. Web applications and APIs are the lifeblood that power modern business and protecting them from attack requires a deep understanding of how applications are developed, implemented and operated in production. Unlike traditional infrastructure-based controls, application security starts at the very beginning of source code-level security.

​

As applications are developed, through their lifecycle, they are integrated with software libraries, code repositories, test automation harnesses and are promoted between environments to ensure the functional outcomes the organisation needs to service its clients.

​

Protecting applications and the data they process requires a deep understanding of the entire software development lifecycle and associated controls, processes and tooling.

​

SALTT Tech are well regarded as application security experts. Our cybersecurity team are all developers and take a developer led approach to application security.  This includes a range of application security capabilities, including:

​

• Web Application Firewall (WAF)

• API detection, control and response security

• Distributed Denial of Service (DDoS)

• Bot detection & protection

• Web Application Scanning

• DNS security

• Application high availability and load balancing

Endpoint

Endpoint protection platform (EPP) capabilities should be considered an absolute baseline capability that every organisation should implement across every single computing device in their environment. This extends beyond laptops, desktops and servers and into cloud-hosted environments, including ephemeral workloads, containers and even serverless environments.

​

Implementing strong EPP controls on every single endpoint in the organisation should deliver complete visibility through EDR (Endpoint Detection & Response) surveillance coupled with strong defensive capabilities to protect against malware and viruses.

​

SALTT Tech is proud to partner with SentinelOne as a leading provider of advanced EPP capability that we deploy and manage for our clients.

Email

SALTT Tech recognises that the email security industry and capability have advanced significantly in recent years. Traditionally, cybersecurity professionals would deploy a Secure Email Gateway (SEG) that logically sits in between an organisation’s email service and the internet and is focused on edge blocking, virus scanning and spam protection.

​

Email is a cheap, effective and highly leveraged attack surface that modern adversaries regularly employ as the launchpad for broader and more devastating attacks. Their Tools, Techniques & Procedures (TTPs) have evolved significantly beyond spam and virus delivery over email. Furthermore, the consolidation of email services into two primary cloud-delivered providers (Microsoft & Google) has seen strong growth in the native email security controls offered by these providers. Collectively, these shifts have devalued the role of a traditional SEG in the overall defensive capability of organisations, necessitating the need for a new approach to email security.

​

SALTT Tech has shifted the focus of email security into the protection against modern adversarial threat techniques such as financial fraud and funds redirection, supply chain compromise, business email compromise, as well as spear and lateral phishing techniques.

​

SALTT Tech is proud to partner with Abnormal Security as a leading provider of API-integrated email security solutions that we deploy and manage for our clients.

Internet

The internet is, without doubt, the most critical piece of global infrastructure today. Organisations rely on the internet for so much of their business operation without fully realising it – be it for email access, data sharing, engaging with customers, online B2B or B2C platforms and more.

​

The internet, however, offers both valid business and nefarious content and services. While absolutely critical for business operations, the internet is also home to malicious threat actors, malware sources, dark web repositories, illicit websites, fake and phishing content and more.

​

Organisations require the ability to filter and control access to the internet for their staff so that only valid services are used to hold, transmit and share sensitive company information while, in parallel, access to malicious content is blocked and controlled. Staff should only use valid cloud services to host company data and not place the organisation at risk but storing company data on unauthorised services – commonly referred to as Shadow IT.

​

Implementing policy-based control for accessing the internet from corporate devices is an absolutely critical element in any organisation’s cybersecurity defences. SALTT Tech is proud to partner with Netskope as a leading provider of secure internet access solutions that we deploy and manage for our clients.

Identity & Access Management

Identity & Access Management (IAM) remains one of the key cybersecurity domains and capabilities that organisations must consider as a baseline in the overall architecture of their environment as it integrates with everything else in the organisation. Effectively managing identity can be complex due to the sprawling nature of applications and data storage systems.

​

IAM solutions and the associated threat landscape attached to identity have changed significantly in recent years led by the mass adoption of cloud services across the enterprise. From a threat actor perspective gaining access to compromised credentials is cheap and easy, providing an effective way for an adversary to gain initial access into a company and then move laterally once access has been established.

​

Protecting and controlling identities requires significant attention to detail. This includes key elements such as:

​

• Onboarding & offboarding processes

• Integration with Shadow IT control and cloud services

• Identity Threat Detection & Response (ITDR)

• Service Accounts and Shared Identities

• Secrets Management internally and externally

• Integration with strong MFA and biometrics

• Exceptionally strong control over administrative privileges

​

SALTT Tech recognises that there is no “one size fits all” approach when it comes to IAM. Given the broad and pervasive nature of IAM as a critical control, SALTT Tech has developed technical capability together with technology from Microsoft, SentinelOne and Keeper Security.

Zero Trust

The rise of cloud applications and mass adoption of SaaS services has meant that the traditional concept that the internal network is “safe” and the internet is “unsafe” has completely collapsed.

​

The internet is where we do business today. Our data is stored in more places than ever before, including the enterprise data centre. Our teams work from my locations using more devices than ever before. This distribution of team members, devices, applications, and data has necessitated a complete shift in cybersecurity architecture, which has given rise to zero-trust models.

​

In a Zero Trust architecture, access to applications and data is based on policy – the user, their identity, their security posture and the applications they are accessing. Access is controlled based on security policy, not just because they are inside or outside a physical office location.

​

Transitioning to Zero Trust requires careful planning, modern technical capability and agreement on security policy frameworks. SALTT Tech is proud to partner with Netskope as our Zero Trust partner that we design, deploy and manage for our clients.

Vulnerability Management

Vulnerability management is a key pillar in the cybersecurity capability of every organisation globally and is considered foundational in every single cybersecurity framework. Detecting, prioritising and classifying vulnerabilities should be considered a baseline capability for every organisation when managing cyber risk.

​

Beyond basic vulnerability scanning, SALTT Tech takes great pride and effort in prioritising vulnerabilities based on business impact and not just CVSS scoring by the tool vendor. A vulnerability may be high, but factors such as the criticality of the system/data, compensating controls, exposure of the vulnerabilities, and others can influence how organisations prioritise remediation changes significantly.

​

SALTT Tech offers a comprehensive Vulnerability Detection Service (VDS), which empowers our clients to quickly identify their real risks and focus remediation on where the maximum exposure has been created.