Russia, Moscow 1/1 Vasilisa Kozhina Str.,
Business center Park Pobedy
Range of works on checking the cyber security processes quality in a company and the ability to track or prevent a possible attack. During the work, there is close interaction with the defense team to track down possible gaps in correlation rules, deficiencies in security information configurations or incident response processes.
We offer a set of actions aimed at checking the strength of passwords used on a corporate network against hacking or guessing. As a result, the customer receives a list of those accounts that can be compromised in a short time using online brute force techniques and data on public leaks of authentication data.
Wireless networks, due to the range of access points outside the controlled perimeter, can become another entry point into the internal network. As part of this service, a set of actions is performed aimed at checking the possibility of intercepting and hacking wireless network authentication data, organizing spoof access points and carrying out attacks on network clients. The ability to penetrate the network through wireless networks is assessed both with a presence in the controlled area and outside it.
Range of works on assessing the security status of applications as a separate information system. The work is carried out taking into account generally accepted practices and recommendations of OWASP and SANS/CWE. Not only technical aspects are checked, but also the business logic of applications and the possibility of carrying out attacks on application clients.
Verification of compliance with information protection requirements established for SIS, PDIS, CII, APCS. Development of certification tests program and methods, on the basis of which certification tests are conducted. As a result, certification tests protocol and conclusion on the possibility or impossibility of issuing a certificate of conformity are drawn up. If the conclusion is positive, a certificate of compliance with information protection requirements is issued for the informatization object.
Cyber security maturity level audit in the development and Roadmap establishment to improve security. Development safety assessment for compliance with the world's leading DevSecOps practices. The current state of application development cycles is analyzed and a roadmap is created for improving cyber security and building a DevSecOps process. The service is based on OWASP SAMM v2 methodology.
The repository being created uses an approach with a step-by-step verification of code downloaded from publicly available sources, using specialized tools from the leaders of the Russian cyber security market. Not only the code quality is checked, but also dependencies on other open-source software. Seamless integration into existing development processes, preparation of work regulations for IT and cyber security teams, training.
Technical audit of the Kubernetes microservice infrastructure configuration. This will provide expert assessment for further improvement of container application security level, ensure protection of microservices at the network level and their compliance with international requirements throughout the entire lifecycle.
Building in-depth protection of microservices throughout the entire lifecycle.
Assessing the risks of possible attacks on the network and implementing settings for specific methods of enhancing security level of the network infrastructure.
Implementation and configuration of systems that provide intrusion detection and prevention.
Implementation and configuration of systems that provide protection against DDoS attacks.
Updating existing or creating new network infrastructure map (L2-L3 diagram), conducting network inventory, auditing network equipment configurations. The data obtained is used to plan equipment modernization and rotation of existing foreign solutions. Work can also be carried out to configure equipment to enhance the security of systems.
Raising the level of cloud infrastructure information security by conducting an audit with an assessment based on Cloud Security Alliance industry best practices and developing a roadmap and implementing the necessary measures or implementing solutions.
Set of measures and solutions that provide additional control of incoming documents, continuous data collection and endpoint monitoring and honeypot placement.
Protection of virtual machines from malware, as well as implementation of access control for users and administrators at the virtual machines and hypervisors level.
Creation of system for ensuring information security of automatic process control systems under the requirements of Order No. 239 of FSTEC of Russia as of December 25, 2017 and Order No. 31 of FSTEC of Russia as of March 14, 2014.
