SECURITY ENGINEERING
Application Security: integration of adaptive platforms for the protection applications (databases, SAP, SOA Architectures, Portals, Application Framework) able to provide levels of “external” protection to specific software implementation.
Email & Web Security: design platforms for the safety of e-mail services and Internet browsing (Antispam, Antivirus, URL filtering, WAN optimization, etc.) integrated with services and infrastructure of Data Loss Prevention.
Log Management and SIEM Integration: specialist support on platforms Security Information & Event Management, for the collection, normalization and correlation of heterogeneous data sources aimed at the visibility of context and at the management of any operational problems or safety.
Fraud Detection & Management: specialist support for systems management and fraud detection realization, identification and description of the fraud scenarios, design and tuning of rules, support for survey and post-mortem analysis of fraud.
MSSP Engineering: design security services MSSP (Managed Security Service Provider) to the perimeter outsourcing of specific functions of prevention and control.
SECURITY ASSESSMENT
Security & Network Review: architectural reconstruction of the network platform and security currently in operation and evaluation of possible infrastructural criticality.
Penetration Test: full audit of vulnerability or problems about applications and services exposed by the scope of the analysis. Testing and Certification upgradeable protocols / custom applications or legacy.
Source Code Auditing: full audit of the source application using regression testing of functionality and critical pattern used within the framework application or custom products.
Configuration Audit: massive verification of configurations of equipment, systems and critical platforms in non-invasive mode.
Surface Attack Analysis: verification hacker’s style oriented to critical information. It integrates the activities typical of a Penetration Test of social engineering attacks, trashing, physical access, etc…
Unconventional Testing: laboratory services for the safety evaluation of products or third-party systems through analysis of binary or source of communication protocols.
SECURITY OPERATION
SOC Implementation: support for the definition of the operational model suitable for the control and management of ICT security, and for the provision of infrastructure monitoring appropriate to the internal operating processes.
Security Monitoring: specialist consulting for monitoring and real-time analysis of security alerts generated by systems and applications covered in the scope of control.
Security Platform Management: specialist consulting of first and second level for the operational management solutions or platforms on the market for ICT security.
Incident Handling: specialist support on-call for post-mortem analysis of potential fraud or cyber-attacks. Support for the forensic analysis for the assessment of possible computer crimes.
Early Warning: intelligence service and alerting managed by security bulletins relatively new vulnerabilities, rumors and new methods of attack, malware in circulation, etc…