PREVETION, VERIFICATION AND SUPPORT
Cyber threats are becoming increasingly sophisticated and safeguarding the company from dangerous events and attacks is now essential. The Secure Group security intelligence services allow to prevent, diagnose and analyse attacks in order not to sacrifice business and corporate growth.
VERIFICATION & CONTROL
When an incident occurs, it is important to understand how it could have happened, what damage it has caused and what the consequences may be.
- Computer Forensics
- Live analysis
- Information retrieval
- Deleted media analysis
- APT / Malware analysis
- Incident Response
- Network Forensics
- Virtual Forensics
- Cloud Forensics
- Data leakage
The security assessment service is one of the essential audit components of the corporate cyber security. It consists of activities useful for identifying the degree of vulnerability of the analysed IT environment, verifying the technical / architectural correctness of the computer network analysed and establishing whether external or internal factors could compromise corporate security. This process is mainly based on three intervention methods:
The detection of the services provided, the fingerprinting of the operating systems adopted and the analysis of all known vulnerabilities (applications, systems, equipment, configuration, etc.). In this phase different tools are used (for example: Tenable-Nessus, Nexpose, Qualys, NCircle, AppScan, etc.) to control the 26,000 vulnerabilities present in the various constantly evolving global databases (CVE, CWE, CCE, Bugtraq, OSVDB etc.). In this phase it is important to use different types of tools (commercial and non-commercial) in order to identify the maximum number of known vulnerabilities.
Starting from the results of the Vulnerability Assessment, every single vulnerability is tested and exploited for intrusive purposes, through Penetration Test tools (for example: MetaSploit, Predator, Saint, etc.) that test all known exploits in order to test their effectiveness. In some cases, where the vulnerabilities could cause service interruption (Denial of Service), it is preferable to agree with the client on the possible implementation of such attempts.
Where exploits or misconfigurations are successful, we proceed with an escalation activity in search of new resources to exploit (Pivoting) or information to be captured. This phase is a real challenge, carried out with the experience of Secure Group Security Engineers who simulate the activity of a hacker. If the intrusion is successful, it is possible to repeat the analysis starting from the second phase, with a view to new resources discovered.