Designed to increase the flexibility and efficiency of security testing while reducing associated costs and overheads, DAVE is a software application that resides on the network or in the Cloud and can be activated to carry out rigorous penetration testing on demand.
Tests are carried out manually by specialist Digital Assurance penetration testers, providing the same levels of expertise while eliminating the costs associated with bringing in personnel and direct site access.
DAVE also enables the client to monitor tests in progress, providing greater visibility and control of the penetration testing process and helping to facilitate compliance with emerging data protection legislation.
DAVE is available in various configurations and can be held remotely in the Cloud, on a hosted network, or locally on client infrastructure.
The modular system incorporates up to four levels of complexity, allowing the client to ramp up or scale back the level of testing and to trigger or suspend tests on demand.
The client can also view tests in progress over a secure GUI or web interface, enabling the administrator to view the systems being scanned and activity over the network in real time.
Crucially, the process also generates an audit trail which can be incorporated into the final report, providing the client with unprecedented visibility of the testing process.
DAVE confers numerous advantages over the traditional penetration testing process.
By providing the client with access to the testing process and a comprehensive and accessible audit trail, DAVE provides greater control.
It also dispenses with the need for a lengthy consultation process, site visits and associated expenses, making the solution more cost effective.
And DAVE also provides instantaneous testing enabling clients to comply with emerging legislation such as the EU Data Protection Directive reforms which stipulate that organizations need to identify and report data breaches to a designated national data protection authority and all affected individuals within 24 hours.
“DAVE is a virtual penetration tester. Unlike other Penetration Testing appliances, which just use software to scan the network, DAVE is a gateway that puts the client in direct contact with the security provider,” explains said Phil Robinson, Director, Digital Assurance.
“Reforms to the Data Protection Directive will make it compulsory for organizations to report breaches within 24 hours. By giving the client greater visibility and control over the pen testing process, the DAVE application enables tests to be carried out on the same day. It’s that immediacy of response that these new regulations will require.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.