Peter Thermos, CEO
"About 25 years ago, when we were working at Bell Communication Research (Bellcore) Security and Fraud group, we recognized that organizations required a formalized process to manage vulnerabilities effectively,” reminiscences Peter Thermos, CEO, Palindrome Technologies. The insight later took the form of Palindrome Technologies, the firm that is a pioneer in providing Information Security and Assurance professional services helping clients develop and maintain a simple and robust vulnerability management program to manage existing and emerging threats.
Established in 2005, Palindrome Technologies helps in ensuring an organization’s overall security posture including, Cybersecurity, Incident Response, Business Continuity, Risk Management, and alignment with regulatory requirements. “One of the key principles in our vulnerability management framework is to ‘accept that all networks are susceptible to attack, no organization is immune’. Once you recognize that, you instinctively evolve your efforts to continually improve security controls and processes in order to manage the associated risk in your environment,” adds Thermos. This principle is applied to people, processes, and technology when the firm implements a vulnerability management framework process to manage vulnerabilities across an organization. While implementing the Vulnerability Management process for a customer, the firm ensures that each phase produces a tangible product which supports the other areas (e.g., remediation, patch management, incident response). “Some of the common key challenges and questions we receive from customers often include, ‘How do we determine that our incident response plan works? Do we understand our cyber insurance plan and how to respond? Do we have the right technologies and monitoring in place for internal and external threats? Is there adequate user awareness and how can we improve such? Are we responsive to the legal and regulatory environment? How will we be able to monitor when more effective technologies are available for threats?’. Our expertise and services help answer these questions and address those challenges.”
In addition, Palindrome’s principal consultants monitor and contribute to industry standards which help clients keep abreast of developments in cyber security in order to maintain best practices for both existing and emerging technologies.
Our threat management philosophy is governed
by the fundamental principles of confidentiality,
integrity, availability, and accountability that
help our customers operate with ‘confidence’
in a constantly evolving threat landscape
“Our threat management philosophy is governed by the fundamental principles of confidentiality, integrity, availability, and accountability that help our customers operate with ‘confidence’ in a constantly evolving threat landscape,” says Thermos.
Furthermore, the company’s flagship product RECAP was developed through customer demands to identify vulnerabilities and detect specific threats associated with mobile devices. Several of the vulnerabilities included in Recap were discovered through the firm’s research efforts and reported to the OEMs. The Recap Security suite is a comprehensive approach for organizations to manage and prevent mobile security threats. Palindrome’s Recap Threat Prediction platform uses dynamic multi-vector correlation and behavioral pattern analysis to identify and report weaknesses in mobile device OS software and applications along with an integrated static security analysis platform that addresses mobile application defense needs. The Recap Security Analytics dashboard provides the ability to monitor the security posture of a device by collecting, correlating, and prioritizing vulnerability and threat data from mobile assets.
The firm maintains a security research program, on emerging technologies including IoT, SDN/NFV, and mobile device security, which helps enhance processes, procedures, and tools so as to bolster customer confidence through knowledge transfer. “We are very excited about our research projects because they provide valuable insight to understand emerging threats and identify new attack vectors and vulnerabilities. While some of our research projects are tailored to specific customer requirements, we also conduct collaborative applied research with academic institutions.” he concludes.