Foundstone is a practice within McAfee Professional Services that provides computer security services.
History
Foundstone was founded in 1999 by George Kurtz, Eric Schultze, Stuart McClure, Chris Prosise, Gary Bahadur, and William Chan. The company primarily provided information security consulting services then later created the Foundstone Enterprise Vulnerability Management product. Foundstone was acquired by McAfee in 2004. After the acquisition, the product team was integrated into McAfee's product development group and the services team was separated out into the Foundstone Division. Later the various service divisions of McAfee all merged under a single new division, called McAfee Professional Services and Foundstone became a group within it. Although Foundstone is owned by McAfee, it stays vendor neutral in order to remain impartial in its services.
Services and Training
The company's services are divided into four categories: Incident Response and Forensics, Strategic, Tactical, and Training with core services in the following:
- Incident Response and Forensics: The investigation, assessment, and containment of computer attacks and malware outbreaks.
- Infrastructure Assessments: The security evaluation of networks and systems to identify software and configuration vulnerabilities.
- Software Security Assessments: The identification of hardware and software vulnerabilities through black box, white box, and gray box testing.
- Program Development and Risk: The development of information security programs, policies, and procedure. Also included within these services are information security risk assessments.
- Training: Public and private classes on ethical hacking, incident response and forensics, and software security,
Community Involvement
Foundstone has maintained a presence within the computer security community through speaking engagements, free tools, whitepapers, and other initiatives. The company was one of the first to publicly offer their penetration testing methodology, described in the Hacking Exposed series of books.
- Publications
- The Hacking Exposed series of books were written by three founders of Foundstone: George Kurtz, Stuart McClure, and Joel Scambray. Foundstone employees of often contribute to newer editions of the series. Foundstone employees have also authored other books such as "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services" and "Web Hacking: Attacks and Defense".
- Whitepapers
- The company has released a number of white papers on computer security, compliance, and policy development.
- Free Tools
- Free software such as Superscan and Hacme Bank have been released by Foundstone since its early inception. The security centric tools provide aid to penetration testers in ethical hacking and teach software developers security fundamentals.
- Open Security Research
- In 2011, Foundstone began sponsoring Open Security Research, a project dedicated to sharing computer security information. Open Security Research currently consists of a blog and YouTube channel.
References
