- IT Security
- SAP Security
- IT Infrastructure
- Managed Services
- Professional Services
- Security TV
Are you sure that your business is secure?
What is your company's security concept?
Does it bear up against all internal and external threats and requirements? Together with you, we can analyse these aspects and find the right answers, as early prevention is better than expensive damage control. The German Act on Control and Transparency in Business (KonTraG) has underlined that security interests are in fact management interests. Therefore, identify the security holes of your system architecture by means of a security assessment and let us show you the most effective way to close these holes. For every detected security hole, you will receive a risk rating and recommendations for its elimination.
Modular security audits
Our IT security checks have a modular structure. Depending on the service category, they can comprise the security policy, the network with diverse components and system platforms, the security architecture, as well as log files and configuration data of your existing security systems. The behaviour of the employees can also be checked with social engineering.
Procedure
We can assess your IT security objectively and neutrally on the basis of standardised, tried-and-tested procedures. Our security experts conduct security analyses with the help of highly efficient automated tools and manual techniques. Apart from regularly searching relevant forums, archives, and newsgroups for security holes and attack possibilities, we rate and classify all identified vulnerabilities in a well-structured technology and management report.
Analytical efficiency
Our security experts conduct security analyses with the help of highly efficient automated tools and manual techniques. The analyses include a wide range of automated testing procedures and provide many advanced methods for advanced IT security analysis. Automated tests can identify a known vulnerability. However, the decisive difference is that a highly qualified team manually exploits the vulnerability with a systematic approach. This is vital to clearly identify, qualify, and eliminate the actual threat potential arising from the vulnerability. As soon as an active system is successfully attacked, the infiltrated system and its trust position towards other systems are further analysed. In this way, any further security holes that might pop up and that an automated tool would not have detected can be identified and objectively evaluated. Manual testing enables deeper audits in line with the methods used in the course of a real attack.
Application pentesting
Apart from penetration tests for networks, we offer you security tests for specific applications, e.g. for mail platforms or e-trading. Application pentesting serves the identification and objective evaluation of potential security deficiencies and risks of publicly accessible applications. The individual tests are adapted to the specific implementation of the customer. Among other things, an e-trading services audit can comprise authentication and authorisation mechanisms, input/output methods, forms, scripts, database connections, customer software, and the interaction between these applications.
Comprehensive result documentation
The results of our IT security audits are documented in detailed security reports that specify all identified security deficiencies and explicitly show the resulting risks. Divided into an executive summary and a technical report, the need for action and the required measures are summarised in a comprehensible and well-structured form for the company management and the IT management. Moreover, all security vulnerabilities are described with detailed technical information for your system engineers. Optionally, we can offer you a comprehensive workshop.
Pentesting vs vulnerability & risk management
Pentesting cannot adequately replace professional vulnerability and risk management. A pentest conducted once a year loses its authority and effect after six months, at the latest, as identified and eliminated vulnerabilities may have been superseded by new ones. We would be pleased to inform you of several other reasons.
Information on our vulnerability and risk management services is available.