Application Risk Management Service (ARM)

Latus has a highly focused Application Risk Solution that recognizes the complexity of securing enterprise applications.  Increasingly, applications are seen as the “new perimeter” and a significant source of security risk.  Software flaws are targeted by organized crime and have been exploited in many successful break-ins.  The statistics are compelling:  95% of vulnerabilities are in software; 75% of attacks are at the application level (source: U.S. Computer Emergency Readiness Team).

Regulations and standards such as the PCI-DSS mandate secure coding and application security testing.  However, many current solutions are not effective:  tools require esoteric skills to properly test code and interpret results, development teams may not know how to respond to findings, and often the “root cause” of application flaws is not fixed.

Latus addresses these shortfalls with a fully integrated risk management solution that includes specialized people, process, and technology needed to manage the risks in an enterprise software portfolio.  The following diagram shows the application risk management services offered by Latus.  Our Services address both the application development process and the code itself to ensure that flaws are found and root causes are fixed.

Latus has integrated all the components of an effective application risk management program and offers this service on a subscription basis to provide a full “care package” of services that can scale to any size application portfolio. As shown in the diagram above, our service includes multiple methods of flaw detection, including code analysis, vulnerability testing, and manual penetration analysis. It also includes consulting services to integrate root-cause fixes into the software development or acquisition process to ensure that flaws are fixed and do not re-appear in the application portfolio.