Many years ago we identified a need to automate the collection of configuration settings from Windows servers due to regulatory requirements like Sarbanes Oxley or others and mandated periodic internal audits. To fill that need, we developed a software program to query and retrieve those settings. As time passed, the number of available configuration options increased dramatically and there was too much information to simply dump out.
Focusing on risk, efficiency, and speed, we designed a proprietary decisional information engine known as SocratesEngine(sm). It uses decision tree branching to collect only security relevant information. Based on the information that Velosecure discovers during execution, it will branch off into different modules and retrieve only the most critical information for a security assessment or audit.

For example, if your Windows server was determined to be an Exchange Mail server on Windows 2003 Server, Exchange specific registry keys would be probed and the Exchange directories would be passed to the directory permissions module for parsing. For a detailed understanding of a small portion of the decisional branching and more information on SocratesEngine please click here.

Velosecure Compliance Assessment utilizes Win32 API calls to interrogate all Windows servers. The product requires no installation and has no residual existence. This means that you don't have to create or delete files, registry keys, or values and there is no installation, rather a simple unzip to the directory of your choice. While the GUI is compact and intuitive to use, the slim command line interface facilitates the scripting and batching of Velosecure as part of your normal computer operations. The extensive parameterized architecture allows for totally customized execution.

The built-in Velosecure modules, which are executed against your target machines, analyze data from that target and determine the security information scope. Velosecure then utilizes its SocratesEngine to determine how, and to what level of detail, it will continue probing the server; thereby collecting and assessing only appropriate security information. All components of Windows security are evaluated making Velosecure truly comprehensive.

Velosecure produces highly reliable output while maintaining a safe execution environment. The software runs in read-only mode ensuring that no modification of data can occur on the target server. Additionally, because Velosecure runs remotely against a single server or a group of servers, no data files are stored on the targets and minimal performance and memory is hit, thereby reducing risk. This facility allows for a secure, centralized repository of highly sensitive security information.

Last year was a very successful year for Velosecure LLC and many large organizations and auditing firms provided continual feedback. Those customers were very helpful in supplying industry best practices which could then be incorporated into our software. We have recently expanded and built a new enhanced product line: Velosecure Compliance Assessment (VCA). Velosecure C.A. is our flagship product. It will empower technologists with the ability to gain confidence in the sustainability of confidentiality, integrity, and availability of critical business systems running Windows.