Our cyber security services are designed to ensure the security of corporate IT systems and networks, as well as applications created for mobile devices. Discover below the entire range of services we propose for the protection of company data and for the devices used by your employees.
NETWORK DISCOVERY (ND)
The Network & Service Discovery activities are preparatory to the subsequent phases of Vulnerability Assessment, Penetration Test and Web Application Testing and have the purpose of identifying the weak points of the company’s IT infrastructures in order to prevent cyber attacks. These preliminary searches verify the exposition of companies in Internet, the consultation of publicly accessible databases (RIPE, WHOIS, etc.), the analysis of the main search engines and discussion groups and, finally, the execution of queries DNS on authoritative servers. This type of activity allows the identification of relevant data relating to the corporate network environment, the technologies used and any other sensitive information directly or indirectly accessible through the Internet.
VULNERABILITY ASSESSMENT (VA)
Vulnerability Assessment activities aim to identify all the vulnerabilities present on company systems through automatic scanners. This allows you to test a large number of systems in a limited time frame. An accurate manual analysis is subsequently carried out on the collected data by the analysts of SAB Consulting, who identify, verify and evaluate all the vulnerabilities present, assigning them a level of IT risk and simultaneously proposing corrective actions capable of lowering the latter.
NETWORK PENETRATION TEST (NPT)
The Network Penetration Test (NTP) is a cyber attack simulation performed on networks, systems, network devices (e.g. routers, switches, firewalls, balancers, etc.) with the aim of discovering and exploiting vulnerabilities that allow to violate the integrity and confidentiality of data as well as service continuity. Overall, this is an activity that focuses on a deep vulnerability analysis to check if it is possible to compromise the systems in a predetermined and agreed timeframe. The aim is to simulate, with the greatest possible fidelity, the cyber attack scenarios that could occur.
WEB APPLICATION PENETRATION TEST (WAPT)
The Web Application Penetration Testing (WAPT) activity aims to increase the overall security level of a web application. This result is obtained by simulating complex attacks on the website with the aim of acquiring access to information and data that should be protected and limited only to specific authorized users of the site. The analysis methodology adopted to conduct these checks, complies with the OWASP (Open Web Application Security Project) standard, an internationally recognized project dedicated to the security management of software applications. The penetration tests for web applications become essential considering that, very often, the development processes do not yet include a standard phase of security verification before the applications are released. The consequence is that many security problems are identified when the software is already in production, making the process ineffective and often prohibitive from the point of view of the costs necessary to implement structural remedies.
MOBILE APP SECURITY ASSESSMENT (MASA)
The Mobile App Security Assessment activity (MASA) involves analyzing and testing Android and iOS packages of mobile applications. The analysis to identify security issues and vulnerabilities of mobile applications and to provide indications on the corrective actions to be applied for their resolution.
COMPANY STATION SECURITY ANALYSIS
One of the main targets in case of cyber attacks are the clients used by corporate employees. These are generally a weakness in the security chain within the company. A corporate client is exposed to all, by nature, unpredictable behaviors of human beings, such as e-mail phishing attempts or attacks by browsing compromised sites. It is essential that the defenses placed on the client are able to protect the business user even from careless actions. The Sab Consulting service allows you to analyze a normal company workstation by simulating various types of attacks and evaluating their impact. Within this activity is also evaluated the reliability of the protection of navigation channels and corporate e-mail.
The “Malware Detection” solution aims to identify the presence of malware on the client and server workstations of the client. The activity will be carried out thanks to the help of specific tools for scanning together with the support of security analysts with decades of experience in the data analyst activity.
With the help of the scan tools and the analysis of our analysts it will be possible to identify the stations infected with malware, the positions at high risk of infection (e.g. those probably attacked in case of malware infection within the network), the suspicious workstations that have a behavior comparable to that of a PC infected with malware.
At the end of the scans, two exhaustive reports will be produced, one technical and one executive, with all the information on what has been found in the scans and with suggestions for any corrective actions to take to mitigate the risk of new infections.
Sab Consulting Srl
Headquarter 20063 – Cernusco Sul Naviglio (MI) Via G. Mazzini, 3/C Registered office 24047 – Treviglio (BG) – Via S. Mulitsch, 13 VAT Number: 04145090967 REA: BG-366953 Chamber of Commerce Code: 12.000 Municipality of registration C.C .: Bergamo