Deploy with Confidence
Our experienced research team evaluates each product to identify vulnerabilities and then recommends solutions.
Whether you are a government organization deploying a product in a new environment or a commercial developer introducing a new or revised product into the market, Tresys product security analysis services can help you deploy with confidence.
We perform security analyses on laptops, servers, mobile devices, operating systems, system components, mass storage devices, and embedded systems. By dissecting your product and analyzing it for vulnerabilities against agreed-upon security objectives, we uncover the unknowns related to security posture, risk and liability, and regulatory compliance.
We go beyond standard list of security controls to define your specific security objectives. This personalized approach is vital not only to conducting a targeted test and analysis, but also for reporting and recommendation purposes. Our in-depth understanding of your security goals allows us to rank vulnerabilities and help you determine the best method to harden your security with the least impact on cost and schedule.
Our services include white box, gray box, and black box testing. In addition, organizations that acquire or modify off-the-shelf equipment come to us to verify that the security posture of the customized device meets their needs. Our team of highly qualified security specialists uses the latest commercially available and Tresys-developed forensic and reverse engineering tools to analyze the deepest aspects of system security.
The primary output of our product security analysis is a vulnerability assessment detailing all observable security weaknesses identified during testing and analysis. Understanding potential vulnerabilities enables you to mitigate security liabilities and deploy with the assurance that your system is appropriately protected.
An Engineering Approach to Security Assessment
- Determine security objectives
- Establish a control and baseline (if needed)
- Define assessment plan
- Apply test criteria to the product under evaluation
- Utilize reverse engineering and forensic techniques
- Report and rank vulnerabilities and risks
- Make recommendations to improve security posture