Threat Intelligence

proactive counteracting to cyber threats

a proactive counteraction of cyber threats, providing information on new cyber threats and risks as well as delivering information on potential Zero Day type threats

Smart Building Cybersecurity

identification and reduction of cyber risks for Smart Buildings

a comprehensive service that allows to assess the state of security, identify risk areas and present recommendations and for Smart Building systems and components

Security code review

application and its source code analysis in search of vulnerabilities

analysis of applications and their source codes in search for vulnerabilities, comprehensive security code reviews using modern static and dynamic analysis methods to detect potential issues

Secure Product Development

support in creating and developing secure software

implementing practices meant to increase security awareness, ensuring the product’s quality and security throughout the development cycle: from the initial design stage, through creation and testing, to implementation

Red Teaming

What is Red Teaming?

Red Team is a panel of experts whose operational philosophy is to assume the role of a potential opponent

Red Team operations

cross-enterprise security verification

activities that allow testing the readiness of teams, processes and technologies to protect critical company resources by simulating real attacks aimed at breaking security

Penetration tests

vulnerability identification in ICT systems and infrastructure

conducting a broad analysis of the infrastructure, systems and software by identifying resources and devices on the network, detection of potential weaknesses, vulnerabilities and recommendations for corrective actions

NIS Directive Audit

Analysis of the compliance of enterprises with the requirements listed in the NIS directive

The NIS directive audit is an assessment of the company’s readiness to fulfil the requirements set out by this regulation. Basing on a detailed analysis and identification we present a dedicated approach for improving areas such as risk management, system maintenance and configuration management as well as physical and environmental security, access management, business continuity, vendor management and incident management.

Network Segmentation

network architecture improvement to increase cybersecurity

a thorough assessment of network segments combined with an analysis of communications using our platform in order to ensure the effective execution of the network rule creation process

Mobile Device Security

testing for malware, unauthorised modifications and traces of attack

analysis of network traffic focused on the presence of malware and an assessment of applications, searching for malware or other indicators of the device being compromised as a result of malicious activities

Industrial Control Systems Security Audit

multidimensional cybersecurity assessment

recommendations on adjusting the security measures to comply with applicable standards and good practice, assessments of individual risk areas at the technical, process and business levels

Cybersecurity Bill of Materials

firmware components identification and safety assessment

analysis and security audit of third-party software components, including their versions and existing vulnerabilities based on the source code, firmware or back analysis of the device itself

Critical Infrastructure Protection

comprehensive analysis of critical infrastructure components in terms of possible threats

assessment of the security level of components and systems included in the infrastructure, aimed at finding critical vulnerabilities and recommending solutions to maintain business continuity

Cloud Services Security

threat identification and security assessment of cloud services configuration

threat identification and security assessment of cloud services, offering recommendations for corrective actions in accordance with applicable standards and best practice

AWS Level 1 MSSP

Managed Security for your solution on Amazon Web Services

AMI System Security

Security audits and protecting AMI systems and smart meters from cyber attacks

analysis and security audit of third-party software components, including their versions and existing vulnerabilities based on the source code, firmware or back analysis of the device itself

Penetration tests

Challenges The focus on effective delivery of business services sets a rapid pace for modern companies’ operations. The multitude and variety of ICT systems as well as the lack of appropriate procedures for inventory and configuration management can lead to a failure to update systems, uncontrolled connections being established between unknown devices and the infrastructure or the occurrence of vulnerabilities in systems. These types of violations could lead to an increased exposure to difficult to detect cyberattacks, the aftermath of which may affect the company’s image and budget.

NIS Directive Audit

Challenges The NIS directive (in Poland implemented as “Ustawa o Krajowym Systemie Cyberbezpieczeństwa) obliges key service operators and digital service providers to demonstrate appropriate cybersecurity capabilities, in order to ensure the continuity of digital services as well as confidentiality, integrity and availability of data processed in systems supporting the key services. how can we help you? Depending on a company’s specific needs, we offer: a detailed audit of information system security including penetration tests, security code review and compliance with the Cybersecurity Bill of Materials,

Network Segmentation

Challenges ICS and critical infrastructure are becoming the targets of cyberattacks. The variety of producers, solutions, and often undocumented modernizations of network infrastructure, as well as the provision of Internet devices pose a threat to the security and continuity of production or availability of services. Industrial networks should be designed and modernized in a way that considers cybersecurity. In accordance with the principle of the least permissions and transferring only necessary information, industrial automation systems should ensure the movement of only the necessary packets in areas where controllers, visualization systems, and actuators are located.

Mobile Device Security

Challenges With the development of mobile technologies, the security of smartphones has become as important as the security of servers or personal computers. Modern phones are devices used not only for telephone communication, but also for navigation, Internet browsing, or electronic payments. Their widespread use, also for business purposes, results in the need to verify their security against unauthorised access. 3,5 MM malicious mobile applications identified in 2019 130 K cases of the installation of stalkerware (programs designed to spy on private individuals) 43 countries in which the government-created malware Pegasus was detected How can we help?

Industrial Control Systems Security Audit

Challenges Equipment manufacturers and integrators might not provide adequate cybersecurity measures at the stage of implementation and maintenance of control systems. More and more frequent attacks on industrial infrastructure indicate the need to include cybersecurity aspects in key risk analysis. How can we help you? We offer assessments of individual risk areas at the technical, process and business levels. We identify high-risk areas. We present recommendations of corrective actions increasing ICS cybersecurity, adjusted to the needs and capabilities of the company.

Cybersecurity Bill of Materials

Challenges In today’s world, where malware, ransomware, botnets appear overnight and during the week are able to paralyze the work of hospitals, offices and factories around the world: the question is how much we are able to trust software and hardware manufacturers in terms of their security solutions? As practice shows, most attacks are carried out using vulnerabilities in open source components that are not updated frequently, and using vulnerabilities in the ICT device firmware, IoT and OT.

Critical Infrastructure Protection

Challenges The loss of control over infrastructure assets can lead to severe consequences. The sources of threats are not only natural disasters but also cyber attacks by terrorist groups and state organisations. The introduction of TCP/IP protocols and the penetration of IT and OT networks, even in critical infrastructure systems pose a threat to security and the availability of services. Adversaries may use known or unknown vulnerabilities to take control of protection devices, IEDs, PLCs, RTUs, and SCADA systems.

Cloud Services Security

Challenges Many companies using cloud computing services are not aware that their cloud resources can be accessed by anyone from the comfort of their preferred search engines. The default configuration in most cases does not fully meet the business’s needs and may not provide an adequate level of security. How can we help? We offer a detailed analysis of cloud services configuration, including: identity management systems, virtual network settings, event monitoring and logging, privileged account controls, access control services: firewall, permissions and roles, NAT settings, load balancer We will recommend corrective actions to increase the level of security as part of the service.

AWS Level 1 MSSP

Challenges Constantly maintaining adequate level of security of cloud solutions often becomes taxing on both time, and resources. Is growth of your solution impeded by security operations overhead? Or maybe your environment is scaling outside your capabilities? Do you need expertise in niche cloud security area that require difficult to obtain experience? Share responsibility for security of your AWS environment with specialists that will allow you to focus on your business, not it’s maintenance.

AMI System Security

Challenges In the last couple of years, energy providers have been expanding their infrastructure, whether by replacing previously used meters with Smart Meters or integrating newer models equipped with integrated remote metering systems. The EU 2009/72/WE Directive enforces a requirement for at least 80 percent of energy receivers to be supplied with smart meters by 2026, creating several new responsibilities for energy distributors, namely subjects such as meter and router management, ensuring sufficient communication standards, storage of passwords and DLMS authentication keys as well as software updates.