Organizations assess their cyber-security posture to determine their cyber-maturity level, compared with industry peers. An organization with an inadequate level of cyber-maturity is putting its digital assets, customers and shareholders at risk.
We provide organizations with a methodological approach to assessing their cyber-maturity level. Our report covers domains including cross-organizational security methods, policies and procedures; cyber-security operations; network level security; hosts and endpoint level security; application level security; sensitive data management; identity management and remote access, as well as physical security.
We work remotely and on-site to conduct a comprehensive cyber-security assessment report and management presentation that summarizes our findings. Reports are submitted to the customer in English or German, in line with the organizational needs. Upon identifying the key weaknesses in the organization’s various domains we work together with the organization to improve its cyber-security posture as cost-effectively as possible. We focus on improving first the high-priority areas, which pose the greatest cyber risk to the organization.
Penetration tests are done to identify weaknesses in specific areas, such as newly-launched applications, existing applications, Internet perimeter, servers, and others.
When conducting a pen-test, we identify the weakest security points in the organization’s defined tested area; we analyze the root cause of the security vulnerability; we recommend cost-effective solutions for the identified security vulnerabilities; and we present an initial remediation and mitigation plan.
Our tests are conducted carefully with close communication with the customer, to refrain from any business interruption or downtime.
We offer our customers to conduct the test in either one of the following ways:
“Bug-Bounty” Penetration-Testing. We allocate the task to a vetted, trusted community of ethical hackers, who compete against each other to identify the vulnerability in our customers’ systems. Our customers define the target area for the penetration-test, as well as the budget they allocate for this specific task. The hackers compete with each other to get the most effective result for our customer.
Our penetration-testing reports and presentations can be submitted in English or German.
With 90% of successful attacks starting with phishing or spear-phishing emails, employees are widely seen as the weakest link in the organizations. The problem is, that not all employees are adequately familiar with the level of threat they pose to their organization.
We offer training sessions for employees, management and boards to better understand the cyber-crime world, identify phishing effectively, and reduce the overall organizational risk level. We execute cyber-security exercises and demos for boards and management. We offer our lectures in English and German.
According to Synantec, 43% of cyber attacks in 2016 targeted SMEs with fewer than 250 employees.
Small and Medium Enterprises are at a dilemma when it comes to cyber-defense. On the one hand, not taking active cyber-security measures leaves the organization vulnerable to attackers, who are targeting the “low-hanging fruit” (or the unprotected organizations). On the other hand, expert cyber-defense services and technologies tend to be too expensive and not affordable for an SME. For this reason, we have developed a special offering for SMEs, which is affordable, and can reduce the cyber-security risk of an SME.
Not all organizations are large enough to justify the hiring of a Chief Information Security Officer, or a CISO. Small and medium size organizations with a few dozens of employees, may be well-equipped with an external function overseeing the CISO responsibilities in the organization, and working hand-in-hand with the C-level management of the organization.
We offer to support you with our CISO-As-A-Service offering, in order to balance between your budget needs, and your concern with cyber-risk. Services are offered in English and German.
Cyber attacks cannot be predicted and can hit an organization at the worst moment. In the scope of our Incident Response offering, we provide our customers with a 24/7 phone number they can call if anything happens.
We commit to managing a cyber incident within a pre-agreed period of time. We provide the highest standards of cyber-security incident response, based on our team’s experience in incident response in the elite cyber-security military units in Israel.
We work together with venture capitalists to identify the most promising startup investment opportunities in the Israeli cyber-security ecosystem.
Industrial control system networks have increasingly become targets for cyber attacks. While IT networks have been traditionally covered, the ICS (or OT) networks have been largely left uncovered.
The risks associated with a cyber-attack on ICS networks vary from business interruption, in the best case, to the loss of human life, on the other hand. The convergence of the physical and the cyber domains has become riskier than ever.
We offer a software solution for ICS network, powered by Israel’s leading ICS provider. The product monitors the ICS network and detects any anomalies within minutes of seamless installation. The product enables to map – within a click of a button – all the devices connected to the ICS network, thus saving the manual mapping of such devices. The tool can generate a comprehensive vulnerability assessment report on the ICS network. The product has been implemented successfully across global Swiss industrial manufacturing, pharmaceutical, energy and utilities companies.
The DarkNet is a restricted-access network that is used, among others, by cyber-criminals to trade stolen information: stolen credit card numbers, bank accounts, usernames, passwords, and other sensitive information.
Our solution scrapes the DarkNet and produces valuable security-driven cyber threat intelligence for an organization. An organization can plug in its most targeted digital assets – URLs, executive names, domain names and other types of assets – and identify what critical information has leaked to the DarkNet, and what cyber-attack campaigns against it are currently being discussed on the DarkNet. The solution also offers remediation of these campaigns at a click of a button. The solution has been successfully deployed among dozens of leading Swiss and international companies.
The number of smart, connected IoT devices that are used in corporate environment, is on the rise. Corporate environments today consist of dozens of IoT devices connected to its networks – including coffee machines, web cameras, vending machines etc.
The challenge is to gain visibility into what is connected to the network and detect any malicious activity. We offer a sensor-based solution which can assist organizations in controlling the IoT environment effectively, and detect any malicious activity in this environment before damage is done.
Software developers are busy writing thousands of lines of codes. But to what extent is this code secure?
The cost of adding a security layer to the code, when the writing is complete, is 100 times more expensive than writing code that is secure to begin with. The challenge is often that software developers and engineers are not too excited about security. They just want to write code. We offer a seamless solution which allows developers to write code securely, scan for vulnerabilities and mitigate it.
Extended layers of security in E-commerce transactions or banking applications can harm user experience and the user-friendliness of the application. Behavioral authentication is an approach based on dozens of behavioral parameters, which can detect whether the user is the real user, or a fraudster, with high percentage of accuracy.
The behavioral parameters include elements such as,
The machine-learning algorithmic SDK solution learns the user’s behavior over a few short sessions of behavior, and can later detect effectively whether the user is the real user or not, in an ongoing authentication process. Transactions that are suspicious are blocked, while transactions that are not fraudulent, allow for a much more seamless digital experience.
Email attachments can be highly problematic because they can contain malware. This solution scans attachments, "disarms" the attachment from any malware, and reconstructs them to come clean to the receiver.
Anti-viruses are known not be sufficient any more. Companies are seeking solutions that give visibility into the endpoint. This solution allows CISOs to detect any malware on the endpoint, and remediate it immediately ("automated incident response").
We conduct in-depth analysis of the product and the team to secure that the product is suitable for our customers. We enable our customers to select whether they would like to interact directly with the Israeli vendor, or conduct the business through Cyverse AG. Both options are available.