Penetration Testing: this type of testing is very similar to the methods and tools an attacker would use during a real event.
Why : choose to run a penetration test (or pentest) to ensure existing security controls are correctly implemented, operated and to discover unknown weaknesses. This test is fully customized for relevance with the target environment.
What : a penetration test can be executed against web applications, internet facing servers, cloud resources or internal systems, depending on the desired attack scenario. It is recommended to execute the tests on identical but not production environments, as these types of tests can break a running system.
How : during project kickoff several things are agreed with our customers, such as the exact scope, the attack scenario, the 'terms of engagement' (what is allowed / what isn't allowed), the format of the final report and other legal aspects. The test follows a standard approach, including Reconnaissance, Scanning, Exploiting, Elevating Access and submitting the resulting report. In the final report we include both detailed findings and recommendations for implementing fixes or otherwise mitigating the risk.
- Vulnerability Scanning: while not as broad in scope as penetration tests, this type of scanning can be run more frequently, and will identify known vulnerabilities and applicable fixes.
Why : choose to run scheduled, frequent, vulnerability scans to ensure your servers and applications are not vulnerable against known threats, such as discovered vulnerabilities in various software components.
What : web applications and any internet facing server or service can be scanned. These scans are typically safer than a penetration test, so they can be executed against production environments. Nevertheless, when executed against a separate dedicated environment, the scanner can be configured to inspect more items.
How : these scans are executed with several different automated tools and the results are validated/interpreted by our security analysts before a final report is submitted. The report also contains remediation instructions such as required configuration changes or links to patches which must be installed.
- Security Assessment: a checklist based approach to review IT policies and operations, network architectures and configuration.
Why : this is typically one of the first exercises an organization performs in order to understand the weaknesses and threats which must be addressed.
What : infrastructure, operating systems, applications, IT, Development/DevOps and Security operations can be assessed.
How : this exercise is based on checklists that you can complete yourself or assisted by our Security Analysts. A prioritized action plan is provided at the end of the exercise.
- Security Operations Design: project-based design, implementation and training of staff to use tools and techniques required to elevate one's security posture.
Why : smaller companies often struggle getting their first Security Engineers / Analysts hired and seeing results from their security teams. Having walked this path many times before, we can assist you getting your team built and up to speed in a short time.
What : we can work with your IT or dedicated Security staff, Juniors or Mid-level to kick off a Security Operations Program.
How : we'll help you review the Attack Surfaces, likely Threats, then build and implement Security Controls, Security Monitoring procedures, Incident Response processes and finally automate repeating actions. This allows you to focus on the growth of your business while making sure that your staff can scale the Security function as fast as you need them to.
- Incident Response: on-demand support during cyber incidents.
Why : as they say, there are two types of companies: companies which have been hacked, and companies which will be hacked. When that dreadful moment comes, lots of junior teams struggle to respond, fully contain and remove the attackers. We provide Incident Response support services for certain types of major incidents.
How : once triggered, we will assign a dedicated security analyst which will work with your own staff to ensure your response to the cyber incident is efficient. Nevertheless, do note that there are no guarantees that once we join the IR team attackers will be contained, data won't be lost or your business won't be affected - this very much depends on your existing Security Architecture, Threat Model and proper Operations. Due to the nature of this service, we are available 24x7.
- Managed Security Services: administer and operate security tools, SOC Tiers 1,2 and 3 for small and medium companies during normal business hours.
Why : we can augment your existing IT and Security staff and take care of some of the processes for you.
What : examples of processes we can help you with: Patch Management, Antivirus Management, Firewall and NextGen Firewall Management, WAF or Proxy Management, Security Monitoring, SIEM Management, CASB Management, Incident Investigations. We have experience managing well-known brands from all of these categories of solutions.
How : these services depend on a remote connection to your environment which can be used to connect to the platforms and implement changes as requested, or monitor the proper functionality of those solutions. These services are delivered during normal business hours (GTM+2) or early morning US hours (PDT until 11AM).
- Automation & Custom Software Development: automate repeating processes and create on-demand software.
Why : if you need to integrate custom solutions into your existing processes or want to avoid manual operation or repeating actions.
How : we can automate responses in a SIEM tool (playbooks), build custom scripts or write more complex software packages.