Different requirements, countless processes, complex interrelations and company-specific standards: IT security must always be customised to protect your company from threats. We can help you with this.
For small businesses in particular, a pentest in the beginning is like using sledgehammer for cracking a nut.
The short Security Checkup gives you an objective view of the current state of IT security in your company. With our RedBOX, standardised and partially automated tests are carried out in your network by real hackers. Documents found and vulnerabilities will, of course, be treated as strictly confidential and deleted after the check has been completed.
The results are prepared in an understandable manner and handed over to you at the end: In addition to the documentation and metadata, you will receive an action plan that shows the problems found in a legible form. This is explained in an online presentation and the possible measures will be discussed.
A penetration test is a check of your IT environment for security gaps and weak points. Ultimately, it is nothing else than an attempt to break into your IT system using all technical means from an attacker's perspective. Depending on the requirements, it has different characteristics, focal points and test depths. For example, a single application within a network or also the entire network can be the target.
What's in it for you? You get an honest picture of the actual protection level of your IT infrastructure. We will show you the existing weak points and the resulting “construction sites” without whitewashing, the influence of third parties or any security documents.
All of our penetration tests are carried out by former hackers. We offer you a wide range of techniques, methods and realistic scenarios. Our IT security experts use current and actually existing attack methods. Transparency is very important to us: After completing the test, we will explain in detail how we proceeded and which techniques and methods were used.
In a nutshell: We make the penetration test tangible. We show you the current state of your IT environment and its protection in an understandable and comprehensible manner. In addition, we will provide you with possible solutions so that you can resolve the found problems quickly and sustainably. Our penetration testers are trained, qualified and certified. They are continuously instructed in the area of data protection and are therefore experienced in handling confidential data. The continuous development of our skills and attack scenarios in our laboratory, regular training and cooperation with a broad IT security community enable us to test your company for the latest security gaps and vulnerabilities.
External IT Security Team
According to estimates by the EU Commission, around 100,000 IT security experts will be missing in the EU by the end of 2020. People who could be doing the job within a company are therefore in high demand. This demand also increases the costs, which are often unattainable for small to medium-sized companies.
However, the fact that nobody monitors your company's IT security can represent a dangerous knowledge gap regarding binding compliance regulations and security gaps in your company.
This is exactly where an external IT security team helps: You get all the skills and experience, but without the total cost of an additional employee. And there should be an independent information security department in every company. Because IT security differs fundamentally from IT administration (more about this here). And if an IT security department doesn't regularly actively examine your IT environment from an attacker's perspective, it won't protect you from the real dangers either. The result: financial damage, criminal and civil law consequences or loss of reputation.
We perform comprehensive security checks, advise directors and board members on potential liabilities and weaknesses in the current system, and offer solutions to ensure compliance with legal regulations. We can also help you train and train your staff.
IT security management
There are different approaches for IT security management, also called ISMS (Information Security Management System). The two best known are the BSI IT basic protection (which, due to its extent, should be called IT super protection) and the well-known ISO 27001.
These two systems are very extensive in use and are not exactly resource-saving. If there is no separate department for operating such processes, the IT departments usually considers the effort as too high. IT security then only exists in the mind and on paper.
We want to live IT security and promote it in a way that everyone can implement. That's why we opted for a more pragmatic approach: We use the so-called ISIS12 procedure. The IT security process is reduced to 12 key points and forms a clean intersection between IT basic protection and ISO27001.
Books can be filled about the setup and process of the IT security process, we recommend: Call us and we will be happy to answer your questions!
Security Information and Event Management (SIEM)
A security information and event management solution (SIEM) collects log files from various systems within a network in a central database. It helps to uncover current security incidents and to minimise the risks for future ones. By linking data from different systems, conspicuous behaviour patterns can be recognised and a decision can be made as to whether they could be dangerous.
Principally, no attacks are prevented. But with a SIEM you can not only look back, you can also look ahead, identify potential dangers in good time and take prompt action before major damage occurs.
The GDPR puts companies under pressure in general: Since May 2018, security incidents involving data breaches can have even harsher consequences. A SIEM can help to meet the requirements.
We help you to find and implement a system that is suitable for your company.