Services on Latacora

Virtual CISO

Mon, 01 Jan 0001 00:00:00 +0000

Mapping your security posture

Latacora engagements begin with getting to know your overall security posture. Latacora’s Security Architecture Review (SAR) process is a broad-spectrum, holistic look at your organization’s information security risks. This allows us to collaboratively drive priorities based on the risks presented by your current security stance, rather than being solely based on hunches or findings devoid of context.

Risk & compliance

Mon, 01 Jan 0001 00:00:00 +0000

Risk & compliance

If SOC 2 is on your roadmap, we’re here to help! Substantially all of our clients either have a SOC 2 or are in the process of getting one, and we’re a key partner in making that happen. We’ll help figure out where you’re at process-wise, gauge your current readiness, and deliver actionable steps to get you ready for your audit. If you have timelines for SOC 2 in mind, we’ll also help figure out how realistic they are.

Sales enablement

Mon, 01 Jan 0001 00:00:00 +0000

Summary

Make security a part of closing more deals and close deals faster
We handle vendor security questionnaire answering, including knowledge base maintenance and prep work
We’ll jump on sales calls to help close critical deals
Working with GTM strategy to make sure your security is being fully leveraged for your prospective customers

Vendor security questionnaire support

Many of our customers are inundated with vendor security questionnaires. This is a great problem to have, but it’s hard to scale. Questionnaires answered by people without the right expertise won’t fly with your most discerning customers, and questionnaires answered by your key staff will quickly drain their productivity. We help our clients streamline this process, and enable their sales teams to quickly and accurately respond to these requests.

Application security, cryptography & SDLC

Mon, 01 Jan 0001 00:00:00 +0000

Application security, cryptography & SDLC

Most of our clients build software, and we’re here to help them do that safely. We help clients build out a program that’s both effective and unobtrusive. We help you incorporate security throughout your systems development lifecycle via a combination of tooling and processes.

We’ll review design documents and code as it gets developed. As your new feature takes shape, we’ll design and execute an appropriate security testing plan. Rather than performing monolithic tests and generating one-off “Pentesting” reports that are out of date within days or weeks, we’ll generate documents demonstrating an ongoing security review and assessment program that goes far beyond a performative checkbox approach.

Detection & response

Mon, 01 Jan 0001 00:00:00 +0000

Executive summary

Latacora provides a cost-effective, transparent, low-commitment detection & response program.

Scalable and predictable pricing
Complete: includes visibility tooling (such as SIEM, EDR, email security) and combines detection engineering, incident response, endpoint detection & response, and related tools and services to make them effective
Month-to-month, no long-term commitments, like the rest of Latacora
No surprise fees (for example, investigation tool SKUs, Latacora infrastructure costs… are all included)
A broad range of technical and legal expertise
Proprietary Latacora tooling empowers detection & response teams to do things they otherwise could not, such as examine complete historical resource graph snapshots of Cloud environments to inform investigations

Approach

Building and scaling an effective detection & response practice is a complex ordeal. There is an entire alphabet soup of industry marketing terms (SIEM, IR, EDR, MDR, XDR, SOAR…) with subtly different and overlapping interpretations across different vendors. We’ve leveraged our economies of scale and broad range of expertise to design a solution to these problems. We can serve even the smallest clients with a broad range of capabilities that would be out of reach for those clients independently.

Infrastructure security

Mon, 01 Jan 0001 00:00:00 +0000

Infrastructure security monitoring

We continuously monitor your infrastructure by taking regular snapshots of resource configurations. Through rule-based analysis of those configurations, we can identify, quantify, and help you manage all sorts of risk.

Because we store that historical data, not just findings, we can leverage that data for more than just identifying vulnerabilities or quantifying risk at a given point in time. For example, we’ve worked with clients to help explain how their environments have changed over time, or explain how certain assumptions they made about their environments stopped being true. Additionally, we can use this information to support other efforts, like compliance (like providing evidence that certain standards were met historically, even after the fact) or incident response (like checking the state of potentially compromised infrastructure when it was compromised). You can read more about our approach to building security tooling on our blog.

Managed IT

Mon, 01 Jan 0001 00:00:00 +0000

Lightweight IT support where it matters most

Many of our customers find themselves in the situation where an engineering or tech leader has to wear an IT hat for a fraction of their week. This results in the classic case where your IT challenges fall off the radar or relegate to your third or fourth priority. The standard solution is to hire an MSP - but many fall short of taking the management load off your plate - consuming considerable hours but requiring you or your team to continue to don the IT hat to tie up loose services.