VA/PT
Is your company safe from cyber attacks?
The risk of a hacker attack if part of our digital lives, as individuals and as a business. But for every company it is becoming increasingly hard to protect themselves without suitable security planning.
«WHY SHOULD THEY ATTACK ME?
IT’S NEVER HAPPENED BEFORE!»
Thinking like this is a risk for the company. Cybercrime affects everyone indiscriminately on a large scale, and like individuals, companies are victims of attacks every day.
1 Mio
Spear phishing attacks in 2022 in Italy, of which 20% with major consequences for the companies affected.
73 %
Internal security incidents caused by software vulnerabilities and incorrect actions by users.
+52 %
Increase in phishing and social engineering attacks in 2022 (vs. 2021).
+4,5 %
Increase in DDoS attacks in the first half of 2022 (vs Q1 2021).
Sources: online public news
VA/PT solutions
It is possible to have a complete overview of the cyber risks of your company with the Security Assessment service, which includes two different Offensive Security or Red Team activities:
VULNERABILITY ASSESSMENT
Scanning to identify the infrastructure and IT network vulnerabilities.
PENETRATION TEST
Actual simulation of an attack by an ethical hacker on a potentially vulnerable target.
Vulnerability assessment
This guarantees two advantages: it allows the customer to have a snapshot of the exposure of their internal and external systems to all the known vulnerabilities, and also checks which risks the customer runs if the protections they have adopted are bypassed.
1
80% AUTOMATED SYSTEM ACTIVITY
To know details of their configuration and any vulnerabilities.
2
HIGHLY DETAILED VISION
The checks are performed quickly across a very broad perimeter.
3
HORIZONTAL ACTIVITY
It identifies and classifies as many risks and vulnerabilities as possible out of a large number of company systems and devices.
4
20% MANUAL ACTIVITY
The CYBEROO ethical hacker checks the results produced by the scan and investigates and removes any false positives.
5
«SAFE CHECK» MODE
The activity has practically no impact on the operations of the analysed systems and can detect vital information for a company’s cybersecurity posture.
APPROACHES
INTERNAL
The internal network is analysed on-premise or using virtual machines on the customer’s local infrastructure, as well as on the services delivered through the internal network.
EXTERNAL
The external perimeter analysis consists in an activity aiming to identify all the vulnerabilities on the appliances and services displayed on the Internet in relation to the customer’s network.
APPLIED METHODOLOGY
The methodology adopted for the activity is called “SafeCheck”, and complies with the ISECOM Open Source Security Testing Methodology Manual (OSSTMM) and the definitions given by the Open Web Application Security Project (OWASP) to Security Assessment.
- Use of the risk indicator calculated according to the FIRST (Forum of Incident Response and Security Teams) CVSS framework (Common Vulnerability Scoring System).
- Where possible, the description of the vulnerabilities also includes the CVE code (Common Vulnerabilities and Exposures).
Penetration Test
The Penetration Test is an in-depth analysis of a specific application or service aiming to identify functions which, when exploited by malicious agents, can lead to a security breach.
1
80% MANUAL ACTIVITY
The impact of exposure to vulnerabilities that cannot be verified by automated software and particularly the results that can be obtained by the simultaneous interaction of individual vulnerabilities.
2
SKILLS OF THE CYBER SECURITY TEAM
The ethical hacker simulates intrusions on different levels, imagining different attack scenarios and combining sophisticated manual techniques with the use of complex IT tools.
3
VERTICAL ACTIVITY
This focuses mainly on specific services identified with the customer,
analysing all the functions precisely and in-depth.
4
PREVENTION
This prevents potentially destructive security incidents, solving and therefore mitigating the risk of being compromised.
Our PT activities
WEB APPLICATION PENERATION TEST
Activity performed to identify vulnerabilities in web applications; may be focused on all areas of the application.
MOBILE PENETRATION TEST
Activity to test the security of Mobile applications, Backend services and Mobile systems.
PT INFRASTRUTTURALE
Activity aiming to identify vulnerabilities in a given infrastructure.
PT WIFI
Activity performed to test the validity of the WiFi network configuration with a view to a potential attack.
SCADA/OT ENVIRONMENT PT
Specific activity for industrial and production environments, aiming to identify all possible vulnerabilities with particular attention to business continuity.
BLACK BOX PT
The activity is performed by simulating a hacker attacking the company and compromising its security.
CODE REVIEW
Activity aiming to identify vulnerabilities by directly studying the source code of the application/service analysed.
BENEFITS
Awareness
Awareness of the security level of your systems and the consequent opportunities to reduce or eliminate the risk.
Complete overview
Complete and detailed overview of the cyber risk relating to your own IT ecosystem.
Prevention
It is extremely important for a company to find out its weaknesses in advance in order to adopt all the appropriate countermeasures.
Continuity
With high-level protection, the business continuity of a company is guaranteed and the risk of economic losses reduced.
CYBEROO VA/PT STEPS
1
Pre engagement Interactions
2
Open Source Intelligence
3
Threat Modelling & Vulnerability Identification
4
Exploitation
5
Post Exploitation, Analysis & Recommendations
6
Reporting
WHY CHOOSE CYBEROO DOCETZ?
Highly skilled
staff
with technical knowledge and extensive experience in IT security.
In-depth analytical
methodology
to identify and precisely assess IT risks and threats.
Tailored
approach
to the customer’s specific requirements, guaranteeing a high-quality and reliable service.
