IOT APPLICATION MOBILE CLOUD NETWORK

Professional Services OverviewInternet of Things (IoT) Security Assessment and Advisory Services

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

We Are the Security Experts Solving Your Cybersecurity Problems

2

HIS

TORY

HIS

TORY

ATTR

IBU

TES

PRO

POSI

TIO

N

‣ Superior technical prowess

‣ Comprehensive reporting

‣ Trusted business acumen

‣ Time-tested methodologies

‣ Praetorian provides end-to-end Internet of Things (IoT) penetration testing and security assessment services that help organizations successfully balance risk with time-to-market pressures.

ATTR

IBU

TES

PRO

POSI

TIO

N

MA JOR IOT VERTICALS

IoT Platforms

Connected Home

Industrial Internet

Connected Vehicles

Healthcare

Critical Infrastructure

FOCUSED ON FORTUNE 1,000 & VENTURE-BACKED

STARTUPS

‣ Founded in 2010

‣ Headquartered in Austin, TX

‣ Self-funded

‣ Profitable since inception

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

An Established and Growing Services Firm

3

When you're constantly advancing your industry and helping to secure today's leading organizations, people notice.

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

Our Engineers Are “The Security Experts”

4

‣ Top 5% of the industry

‣ Certified expertise includes: OSCP, OSCE, CISSP, CISA, CSSLP, CEH, GCIH, GSEC, GNSA, GCIH, GCFW, GWAPT, GAWN, GCFE

‣ Respected authors, researchers, federal security policy contributors, patent holders and open-source developers

‣ Speakers at major security conferences and professors at major universities

‣ Educational backgrounds in computer science, engineering, and information systems

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

We Act as the Security Experts for Today’s Leading Organizations

5

Praetorian is uniquely positioned to spot gaps and anticipate shifts in Internet of Things security trends across our diverse customers and industries served

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

Clients Focused on the Internet of Things (IoT) Include

6

Praetorian is uniquely positioned to spot gaps and anticipate shifts in Internet of Things security trends across our diverse customers and industries served

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

Partnerships Across the IoT Landscape — From Chip to Cloud

7

Security Program for Azure IoTPraetorian was the first global auditing partner under Microsoft's Security Program for Azure IoT.

Microsoft recognized Praetorian as a “best-in-class" IoT security auditor

https://blogs.microsoft.com/iot/2016/10/26/introducing-the-security-program-for-azure-iot/

Chip

Cloud

Rem

aini

ng p

rodu

ct a

gnos

tic w

hile

dev

elop

ing

re

lati

onsh

ips

wit

h Io

T ve

ndor

Par

tner

s

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

Built on Expertise, Engineered to Scale, Unified through Software

8

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

Internet of Things (IoT) Security Assessments, from Chip to Cloud

9

INTERNET OF THINGS END-TO-END SECURITY

Gain confidence that your Internet of Things (IoT) devices and data are securePraetorian provides end-to-end Internet of Things (IoT) penetration testing and security assessment services that help organizations successfully balance risk with time-

to-market pressures. Our solutions provide coverage across technological domains, including embedded devices, firmware, wireless communication protocols, web and mobile applications, cloud services and APIs, and back-end network infrastructure.

Run-time Analysis

Binary Analysis

Static Analysis

Design Analysis

Hardware Analysis

PROFESSIONAL SECURITY EVALUATIONS

GET STARTED

IOT WEB MOBILE

CLOUD NETWORK ICS

APPLICATIONS We actively analyze web and mobile applications for any weaknesses, technical flaws, or vulnerabilities.

CLOUD SERVICES It is critical that cloud services and APIs be tested to determine whether they can be abused by attackers.

INFRASTRUCTURE Is backend network infrastructure that is supporting your Internet of Things product ecosystem secure?

EMBEDDED DEVICES Identify physical and logical security threats to the

embedded systems in IoT product ecosystem.

DEVICE FIRMWARE We help ensure hardware and chip makers have sufficiently addressed IoT firmware insecurities.

WIRELESS PROTOCOLS Validate security and configuration of wireless

communication such as ZigBee, 6LoWPAN, and BLE.

Penetration Testing

Reverse Engineering

Code Reviews

Threat Modeling

Device Testing

(800) 675-5152 info@praetorian.com www.praetorian.com

Guided by OWASP Application

Security Verification

Standard (ASVS)

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

Professional Security Evaluations Overview

10

Based on IEEE Computer

Society estimates

Run-time Analysis

Binary Analysis

Static Analysis

Design Analysis

Hardware Analysis

PROFESSIONAL SECURITY EVALUATIONS

GET STARTED

IOT WEB MOBILE

CLOUD NETWORK ICS

Penetration Testing

Reverse Engineering

Code Reviews

Threat Modeling

Device Testing

(800) 675-5152 info@praetorian.com www.praetorian.com

Guided by OWASP Application

Security Verification

Standard (ASVS)

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

OWASP Application Security Verification Standard (ASVS)

11

Praetorian follows the OWASP ASVS standard, which normalizes the range in coverage and level of rigor applied to each application.

Cursory

LEVEL 0

Opportunistic

LEVEL 1

Standard

LEVEL 2

Advanced

LEVEL 3

Level 0 (or Cursory) is an optional certification, indicating that the application has passed some type of verification.

Level 1 (or Opportunistic) certified applications adequately defend against security vulnerabilities that are easy to discover.

Level 2 (or Standard) verified applications adequately defend against prevalent security vulnerabilities whose existence poses moderate-to-serious risk.

Level 3 (or Advanced) certified applications adequately defend against advanced security vulnerabilities, and demonstrate principles of good security design.

Run-time Analysis

Binary Analysis

Static Analysis

Design Analysis

Hardware Analysis

PROFESSIONAL SECURITY EVALUATIONS

GET STARTED

IOT WEB MOBILE

CLOUD NETWORK ICS

Penetration Testing

Reverse Engineering

Code Reviews

Threat Modeling

Device Testing

(800) 675-5152 info@praetorian.com www.praetorian.com

Guided by OWASP Application

Security Verification

Standard (ASVS)

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

OWASP Application Security Verification Standard (ASVS)

12

‣ Authentication

‣ Session Management

‣ Access Control

‣ Malicious Input Handling

‣ Cryptography at Rest

‣ Error Handling and Logging

‣ Data Protection

‣ Communications Security

‣ HTTP Security

‣ Malicious Controls

‣ Business Logic

‣ File and Resource

‣ Mobile

‣ Embedded Devices

OWASP ASVS defines the following security requirements areas:

Praetorian follows the OWASP ASVS standard, which normalizes the range in coverage and level of rigor applied to each application.

NEW

Run-time Analysis

Binary Analysis

Static Analysis

Design Analysis

Hardware Analysis

PROFESSIONAL SECURITY EVALUATIONS

GET STARTED

IOT WEB MOBILE

CLOUD NETWORK ICS

Penetration Testing

Reverse Engineering

Code Reviews

Threat Modeling

Device Testing

(800) 675-5152 info@praetorian.com www.praetorian.com

Guided by OWASP Application

Security Verification

Standard (ASVS)

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

OWASP ASVS for Internet of Things (IoT) Testing Coverage Matrix

13

OWASP ASVS defines specific test cases that are in scope for each ASVS Level

Coverage Key

Excellent  Good  Fair

Inadequate

Security Control Group Level 1: Opportunistic Level 2: Standard Level 3: Advanced

Architecture, Design, Threat Modeling 1 / 11 8 / 11 11 / 11

Authentication Controls 17 / 26 24 / 26 26 / 26

Session Management Controls 11 / 13 13 / 13 13 / 13

Access Control 7 / 12 11 / 12 12 / 12

Malicious Input Handling 10 / 21 20 / 21 21 / 21

Cryptography at Rest Controls 2 / 10 7 / 10 10 / 10

Error Handling & Logging Controls 3 / 13 9 / 13 13 / 13

Data Protection Controls 4 / 11 8 / 11 11 / 11

Communications Security Controls 7 / 13 9 / 13 13 / 13

HTTP Security Controls 6 / 8 8 / 8 8 / 8

Malicious Controls 0 / 2 0 / 2 2 / 2

Business Logic Controls 0 / 2 2 / 2 2 / 2

Files and Resources Controls 7 / 9 9 / 9 9 / 9

Mobile Controls 7 / 11 10 / 11 11 / 11

Web Services Controls 7 / 10 10 / 10 10 / 10

Configuration Controls 1 / 10 5 / 10 10 / 10

Embedded Device Controls 10 / 29 20 / 29 29 / 29NEW

To help product teams address emerging security challenges, Praetorian has created research-driven evaluation methodologies that incorporate guidance from the OWASP Application Security Verification Standard (ASVS), which normalizes the range in coverage and level of rigor applied to each application.

With its 3 levels of testing rigor, 17 security control categories, and 211 defined test cases, this approach allows our team to meet your unique testing and budget goals by offering tiered pricing based on the comprehensiveness of the security review.

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

Built on Expertise, Engineered to Scale, Unified through Software

14

Bug TrackingEXPO

RT

THE SECURITY EXPERTS WWW.PRAETORIAN.COM

15

Find out why 97% of our clients are highly likely to recommend Praetorian. Based on all-time Net Promoter Score (NPS) of 86

Gain confidence that your Internet of Things devices and data are secure.We help product teams focus on innovation by helping solve their complex security challenges.

Learn More About Our Approach

and expertise https://www.praetorian.com/expertise/internet-of-things

EXCELLENCE IN SERVICE