Solution combines automation with human expertise
A lack of understanding is an important pitfall in achieving optimum security and performance in web applications. In order to help companies in this area, Computest is launching Marvin_. This hybrid service offers a daily automated security scan and continuous monitoring of web applications combined with the advise of experts. Moreover, Marvin_ has been optimised for integration with Google Analytics and compatibility with cloud servers.
By developing Marvin_, Computest is meeting companies' need to get a better grip on cyber security and on the performance of web applications. New threats emerge quickly, while peaks and troughs in visitors and users are ever harder to predict. By deploying a hybrid service that keeps track of both security and performance on a daily basis, firms can act quickly with the support of Computest's experts to counter undesirable developments such as vulnerabilities, delays or errors.
Relevant vulnerabilities
Marvin_ performs a vulnerability scan every day on the company's infrastructure and checks it for vulnerable services, misconfigurations with a security impact and known vulnerabilities. The results of the scan are manually verified by security specialists. In the special security dashboard in the Marvin_ portal, customers can see at a glance the relevant vulnerabilities, the hosts with the most vulnerabilities and communication from the security experts who evaluated the scan results.
Beside the results of the automated scans, the issues found during the pentests carried out earlier can also be displayed in the dashboard.. In addition, companies receive periodic reports containing both the numbers of vulnerabilities found during a set period and the average time for resolution. This information can be used to monitor these metrics in a focused manner and manage them.
Performance of web applications
In order to keep track of the performance and functioning of web applications, Marvin_ goes through set pathways through the application every five minutes. In doing so, it simulates a normal user and looks at whether important conversion paths in the applications are functioning properly. In addition, Marvin_ records what the response times for all the steps were. This reveals whether preset limits are being exceeded and how visitors experience the speed at every moment of the day. In this way, Marvin_ can also be used as an independent party for monitoring performance contracts with suppliers, for example.
“Although online security and performance are mission-critical to most companies, few manage to monitor and configure them properly”, says Hartger Ruijs, CEO of Computest. “The idea behind Marvin_ was that providing insight is an important first step in delivering platforms that are always available and secure. You don't know beforehand where the bottlenecks are, but our experts will tell you immediately when action needs to be taken and if necessary will help to resolve the problems. In this way, we give you more grip and peace of mind.”
Besides the daily scans and continuous insight into security and performance, customers who use Marvin_ benefit from several useful features:
Integration of Google Analytics
The integration of Marvin_ with Google Analytics for performance measurement not only tells you how long it takes until a page loads, you can also see how many visitors were on the site at that moment and how many pages were being viewed. This provides a realistic picture of a possible causal link between the slowing of the site and the number of visitors. So for example, it immediately becomes clear if a large peak in visitors and not the server is the reason why the website is getting slower.
Cloud compatibility
Marvin_'s security scanner is compatible with the cloud. This means that companies can take a more flexible approach to the cloud servers to be scanned which they hire from AWS, Google or Microsoft, etc. Whereas most vulnerability scanners work with a static list of assets, with Target Scope Management, Marvin_ offers a simple way of automatically updating the list of systems to be scanned. This makes it suitable for companies with dynamic cloud servers where IP addresses change regularly.
On-premise scanning
Marvin_ also makes it easier to perform scans on companies' internal networks, for example by placing an on-premise agent or VPN access. That way, you also gain an insight into the security risks within your internal network. To this end, Computest has streamlined the process so that it can safely take over a large part of the configuration. This leaves systems administrators more time to focus on other challenges.