We provide preventive services both in the form of comprehensive risk analyses and deeper and more advanced security analyses. In addition to this we provide continuous protection in the form of a service for IT surveillance/monitoring, and we have also recently published a beta version of a tool comparable to an IT alarm system for personal computers.
Out risk analyses aim to identify and classify risks. The analyses are often based on the four areas of system security, communication security, physical security and administrative security. As mentioned in the presentation of our company model, this structure is used to ensure that the all-round protection is balanced between all different types of protection. We assess threats to availability, authenticity and secrecy in accordance to ISO-17799. We evaluate the balance between vulnerability and protection, and we assess the probability that an attacker would be successful by help of a model based on work related to ISO-15408. We also assess the consequences for the businesses in several possible scenarios, and suggest measures to deal with these from a corporate risk management perspective. By using our services you will get a view of how security in your organization compares to that of others.
We strive to offer one of the most advanced security analysis services of software in the business. We do e.g. evaluate access protection, authenticity protection, confidentiality protection, accountability related security and protection against viral modification. We offer source code audits, machine code audits and practical tests in lab environment. Our work is based on well-known frameworks such as ISO-15408, FIPS 140-2 and OWASP.
We offer penetration tests and security audits of most available computer and application systems, including web applications. We base our penetration tests on several different scenarios, e.g. a fully external attacker, or malicious users that are already inside the system to different degrees. As with all other areas, we also work with established frameworks and standards for these penetration tests, like OSSTM. For security audits we examine the target system with full privileges. We verify software versions against databases with known vulnerabilities, and also verify all server configuration areas using both general security business experience and checklists/recommendations from e.g. Microsoft, NSA and CIS.
In connection to our analyses we do of course also offer to help strengthening the existing security of your systems. We have many years of experience with helping different kinds of organizations design secure networks. This ranges from smaller local area networks (LAN) to global virtual private networks (VPN). In the context of network security we also have great experience with different types of applied cryptography. Further, we have long experience helping organizations with administrative systems for information security (LIS) according to ISO-17799.
We offer a cost-effective monitoring service, helping to discover unexpected and unwanted events, incidents and activity in your network and systems. This service is mostly based on advanced log analysis (for example on firewall, syslog, and web server logs). We provide continuous summary reports covering all noteworthy events, e.g. attack attempts and in the worst case successful attacks. During the last years we have also at several different occasions showed that our analysis system is capable of discovering completely new and unknown trojans and backdoors that have been planted inside the networks we monitor. The service is also a very good tool for measuring how the security level of an organization develops over time.
We have recently released beta versions of our local alarm and monitoring tool "The All-Seeing Eye" for Windows-based computers. This tool helps revealing what is going on behind your back in your computer, with a focus on events that may indicate that your computer is under attack by spyware, trojans or hackers who already managed to get past your initial barriers of protection like e.g. antivirus or a personal firewall. Among other things, it monitors several different types of suspicious modifications of operating system configuration, file system and the Windows registry.
You are very welcome to contact us by email at the following address if you have any questions whatsoever: