VAPT (Vulnerability Assessment & Penetration Testing)
- Review all processes, policies, assets for units under scope (Operations, Finance, etc)
- Perform vulnerability assessment of units in scope internal (network / systems / infrastructure /applications)
- Conduct L2 penetration testing (with approval) of units in scope internal (systems / Infrastructure / applications)
- Assess current configuration and patch state
- Assign Risk rating on identified vulnerabilities (i.e. Systems / Infrastructure / Applications)
- Run through hackers hunt scenario test
- Run through inside threat scenario
- Run application exploit scenario
- Scenario test of DOS/DDOS/Top 10 perimeter / network / end point exploit mechanism
- Detailed recommendations for review of management
Cyber Risk Assessments
- Review adequacy of existing security policies, standards, guidelines and procedures
- Analyse assets, threats and vulnerabilities, including their impacts and likelihood
- Review existing perimeter security, network security, end point security, data security, infrastructure design
- Conduct technical and procedural review and analysis of the network architecture, data flow (Egress / Ingress) protocols and components to ensure that they are implemented according to the security policies
- Conduct and review F2F sessions with security team, IT network team, IT security provider
- Review and check all critical IT assets – configuration, implementation and usage of remote access systems, servers, firewalls and external network connections, including client internet connection
- Review identity and access management, patch management, incident management and authentication mechanisms
- Review current level of security awareness and commitment of staff within the organization
- Develop practical technical recommendations to address the vulnerabilities identified, and minimize security risk
Cyber Security Education
- We impart cyber threat intelligence education service to enable our clients prepare for latest tools/techniques used by threat actors.
- Our 3x per year training is focused on Email, USB, Internet, password, data protection subjects, and 2x social engineering tests per year (e.g. simulated phishing/spam test).
Cyber Incident Response
- We assist our client in addressing and managing the aftermath of a security breach.
- Our Cyber incident response includes tactical response to real-time spam, phishing, virus, and malware breaches (i.e. incidents) and insight into threat actors, attack methods, and motives. 5x per month incident analysis.
- We focus on handling the situation in a way that limits damage and reduces recovery time and cost to our client.
Security Risk Management
- A unique way of assessment, tracking and remediation for vulnerability management.
- We have designed it to take care of cloud environment too.
Project Management and Security Certifications
- We deliver and support for any industry security certifications like PMP, CISSP, CEH, etc.,
For more details please contact us.