We help you to see your IT environments from a different perspective. And get you back into the driver’s seat.
We help you to answer several key questions about your information security posture.
We help you to define a comprehensive and risk-based approach to become and stay secure.
We believe that the most effective approach to achieve a sufficient level of security in any IT environment is to apply the defense-in-depth concept. According to this concept, it is crucial to design multiple levels of controls throughout the environment. These controls must focus on the correct setup of the processes of the organization, building the right company information security culture. In other words, embedding these essential mechanisms into the organization’s DNA.
These are the focus areas where we can provide assistance:
External perimeter security
The key questions we will help you to answer:
- What services are visible at our perimeter from the internet?
- Are there some vulnerable services on our perimeter?
- Are our perimeter devices and servers configured correctly and securely?
Utilizing our proprietary network scanning platform (ScanBatch), we can assure your perimeter is well controlled. Newly deployed services are detected and their security level and configuration are checked proactively.
Our platform enables us to execute Vulnerability scanning with several commercial and open-source technologies and tools.
As a result, you receive a very specific and simple to read report that will show you the current posture of your perimeter, or help you build our “perimeter timeline”.
Internal network security
The key questions we will help you to answer:
- How vulnerable are we to an attack originating from inside our network?
- How are we doing with patching our servers and workstations?
- Are our network devices, middleware services and other components configured correctly and securely?
Although the perimeter provides an essential layer of protection from the attackers, it must not be treated as the only one. The notion of almighty perimeter protection appliances stopping all possible attacks is the way of past.
Having your external perimeter and internal network nice and tidy (secure) is the way to go.
Application security
The key questions we will help you to answer:
- Are the applications we are using well configured and secure?
- Are we developing secure applications?
- Are our suppliers doing a good job in developing secure applications?
We are living in a world with a tremendous number of applications. We use applications on our computers, mobile phones, televisions, watches, cars, entry doors, fridges and running shoes. The trend of recent days is to integrate and connect everything. That trend is also making its way into corporate environments.
We can help you to secure the whole application lifecycle, including the business requirement definition, security architecture, development, continuous integration and deployment (CI/CD), penetration testing and decommissioning.
The matter is even more important, if you outsource development to an external partner. That goes from selecting the right partner, preparing an outsourcing contract and finally to assessing the quality of the end product.
Configuration security
The key questions we will help you to answer:
- Do we utilize the right security hardening on our devices, middleware and software components?
- Do we manage configuration of devices in a secure way?
- Do we employ the right mechanisms to keep control over the configuration management?
Nowadays the era of configuration is coming. Configuration tends to define everything in today’s IT environments. Configuration defines networks, firewalls, computing environments within the concepts of software defined networks, and infrastructure as a code. Configuration is also very dynamic and it is a challenging task for an organization to keep it under control.
We can help you understand if your devices, middleware and software components are configured securely. We can help you to find the right processes and tools to manage your complex configurations and utilize the right state-of-the-art technologies to be the right helping hand.
Cloud security
The key questions we will help you to answer:
- Are our cloud environments well configured and secured?
- Are we utilizing the right cloud components (SaaS, PaaS, IaaS)
- Did we choose the right cloud provider?
Companies have to be involved with cloud services every day. Sometimes it is difficult, or even close to impossible, to keep up-to-date with ever-changing cloud offerings. Myriads of different components can be configured in thousands of different ways. Required integration with on-premise systems is not making the situation any easier.
We can help you to orient in these cloudy offerings and find the most appropriate and secure way for your needs, was you plann migration of resources into the cloud. We can help you assess your current cloud environments and make sure that all components are secure.
Penetration testing / Security assessment
This is where we “close the circle”. Doing a penetration testing (eventually security assessment) is a key element of the iterative process of building defense in-depth (also known as a castle approach). It provides you with an absolutely required mirror that can tell you if you are going in the right direction and speed during virtually any part of your journey.
The key questions we will help you to answer:
- Is our security management program effective?
- Does an external / internal attacker have a chance to attack our company?
- Ultimate Question of Life, the Universe, and Everything (apologies to Douglas Adams).