WisDM Achieves 'Strong Security Posture' in Recent Penetration Test

Data security is one of the critical focuses in today's digital age. We are happy to share that WisDM, our IoT Fleet Management Cloud-based platform, received a rating of 'strong security posture' during its annual penetration test.

Given the increasing threat of cybercrime, which Cybersecurity Ventures projects to cost the world $10.5 trillion annually by 2025, this achievement underscores our commitment to upholding the highest security standards for our products. We remain dedicated to ensuring that our solutions provide robust protection against emerging cyber threats.

Read on to learn more about the penetration test.


Overview of WisDM

WisDM plays a key role in multi-gateway management for IoT networks. Designed to streamline the configuration, monitoring, and maintenance of multiple gateways, WisDM allows enterprise customers who have purchased WisGateEdge gateways to efficiently manage their devices remotely. This cloud-based solution offers useful features like real-time alerting, synchronization, and emergency roll-back.

Our IoT fleet management solution supports a wide range of industries. Industries currently utilizing WisDM include campus safety monitoring, livestock management, healthcare monitoring, construction monitoring, and power equipment monitoring. Each of these sectors benefits from WisDM’s ability to oversee complex IoT deployments with the same simplicity as managing individual gateways, thereby enhancing operational efficiency and security across diverse applications.


The WisDM Penetration Test

A penetration test, often referred to as a pen test, is an authorized simulated attack on a computer system designed to evaluate its security. It involves ethical hackers using the same tools, techniques, and processes as malicious attackers to uncover vulnerabilities and weaknesses. Penetration tests reveal security gaps before real attackers can exploit them, helping organizations bolster their defenses and mitigate risks.

The WisDM penetration test was meticulously designed to meet stringent security requirements and ensure the highest standards of confidentiality, integrity, and availability. The penetration test for WisDM was conducted by LRQA Nettitude, a certified third-party lab, ensuring an unbiased and thorough evaluation.


Vulnerability Scoring:

  • Common Vulnerability Scoring System (CVSS) v3.1: This system determines the severity of identified vulnerabilities.
  • Exploitability and Impact Metrics: Various metrics are combined to create a base score, which may be adjusted based on specific environmental factors.

Strong Security Posture Rating for WisDM

The results of the recent penetration test reaffirm the exceptional security measures in place for the WisDM platform, culminating in a 'strong security posture' rating. Based on our risk profile and the vulnerabilities identified during the engagement, the web portal was assessed at the highest level. The results reveal that with only one minor informational finding, WisDM effectively maintains robust defenses against potential threats.

LRQA Nettitude's evaluation highlighted several key strengths:

  • Resilience Against Common Web Application Attacks: The platform demonstrated strong defenses against typical vulnerabilities, ensuring that WisDM remains secure against widespread attack methods.
  • Successful Remediation of Previous Vulnerabilities: Notably, any vulnerabilities identified during initial testing have been effectively addressed, illustrating our commitment to continuous improvement in security practices.

These findings not only highlight the effectiveness of WisDM's security protocols but also underline our dedication to safeguarding our customers' data and maintaining trust in our IoT fleet management solutions.

Production Principles Behind WisDM’s Strong Security

  • Confidentiality, Integrity, and Availability: The product is designed to meet the Application Security Verification Standard from OWASP.
  • Zero-Trust Security Model: Each service within the WisDM platform requires authentication, and all communications and data-at-rest are encrypted using modern algorithms.
  • Secure Software Development Lifecycle (SDLC): Security is integrated from the initial stages of development through to release. Key principles like Separation of Duties and Least Privilege are applied to mitigate risks of malicious activities.

Detailed Overview of the Secure SDLC Approach

  • Early Integration: Security measures are incorporated from the beginning of the development process.
  • Continuous Security: Security principles are followed through all development stages to release.
  • Separation of Duties: Ensures that no single individual has control over all aspects of any critical function.
  • Least Privilege: Limits access to the minimum necessary for performing job functions.


Advantages of WisDM's Security Investments for End Users

WisDM's commitment to security doesn't just end with robust architecture and stringent penetration testing; it directly translates into practical benefits for our end users. Here are some of the key security features that enhance user experience and ensure data safety:

1. Strong Authentication Protocols

All users are required to establish secure and complex passwords, ensuring that unauthorized access is effectively prevented and user accounts remain secure.

2. Automatic Session Termination

For added security, the system is designed to automatically log out users after a period of inactivity, preventing unauthorized access due to unattended sessions.

These features are not isolated add-ons but are integrated into the entire design philosophy of WisDM. By embedding these security measures into our platform, we ensure comprehensive protection from the ground up, providing our customers with a secure and reliable IoT fleet management experience.


Final Thoughts

We recognize that maintaining a security posture is an ongoing commitment. Therefore, we will continue to conduct annual penetration tests to ensure our product security remains at the forefront of industry standards.

Customer trust and data protection are fundamental to our business. Safeguarding sensitive information is more crucial than ever, and we are dedicated to implementing the best practices to achieve this.

To learn more about how WisDM can enhance your IoT fleet management while ensuring top-tier security, visit our WisDM webpage.

Read LRQA Nettitude’s letter of attestation on the security testing they conducted for WisDM.