A threat analysis is a complex and comprehensive security due diligence that includes the identification of risks to the company, the systems used and the processes implemented. It examines whether the protection measures against cyber security threats are working effectively and cover all aspects of the relevant areas of the organization.
Vulnerability / penetration testing
Laboratory-level security testing
Source code analysis
During a security audit, we assess the state of the company's information security according to international methodologies by measuring the extent to which it meets the relevant set of criteria. A comprehensive audit typically examines the security of the system's physical architecture and environment, software, information management, operational and security processes, and user awareness and practices. We provide our partners with a security audit report that includes the deficiencies identified, conclusions drawn, and recommendations.
Vulnerability / penetration testing
A vulnerability scan is a comprehensive audit of an IT system to identify potential security weaknesses. The first phase of the vulnerability assessment is performed using automated target tools, followed by manual validation and threat analysis.
During penetration testing, our experts assess a system's resistance to targeted attacks. Penetration testing is based on exploiting vulnerabilities identified during vulnerability testing. Once the analysis is complete, attack patterns, exploited security vulnerabilities and corrective recommendations are documented.
Laboratory-level security testing
As a cybersecurity testing laboratory accredited by the National Accreditation Authority, we regularly perform laboratory-level testing of software products, IT systems, and industrial systems. As such, we audit our partners' threat levels according to international methodologies, standards, and guidelines.
Testing may include architecture, implementation compliance, software security features, and other requirements in line with industry conventions. Testing can include source code analysis, penetration testing, vulnerability scanning, human resources security, IT asset management, incident management, and emergency management.
One of the reasons for the emergence of new and broader security risks is the growing dependence on digital systems. Companies that detect these new digital risks early can gain a competitive advantage through improved performance and stronger resilience. Our risk identification service aims to highlight the strategic, operational, and technological risks inherent in information systems and software, providing the space for informed security decision-making and cost-effective solutions to problems.
Our security configuration analysis service checks the security settings of IT system components, such as permissions, file system access, encryption and hash procedures, running processes, and available services, which may affect the security of the system or its environment. During the scan, we detect security flaws and anomalies that may not always be detectable from outside the system (e.g. from the network direction), but may still pose a threat. They may provide access to the attacker in case of an attack from outside or may result in an internal authorization elevation. The scanning is performed using automated and manual methods along with the CIS recommendations.
Source code analysis
Source code analysis is a process of assessing the security compliance of the code, identifying existing vulnerabilities specific to the programming language, identifying solutions that do not conform to current best practices, and compiling a list of unsupported, unsuggested, or obsolete components. Source code analysis is performed using automated and manual methods, which complement each other to produce a comprehensive final result of code analysis. During the analysis, we check for the presence of errors in the source code from the CWE/SANS TOP 25 collection.
Open Source Intelligence (OSINT) is the collection, processing, and analysis of information from publicly available data sources, such as social media, registries, published documents, websites, and infrastructure elements. First and foremost, it collects, organizes, and produces information that can be analyzed to answer the client's questions. It plays a defensive and preventive role in cybersecurity but is also a useful toolkit for detecting various events or incidents or for other detection or investigation activities.
With our threat analysis services, you can get a transparent and easy-to-understand status report on the current security state of your company.
Knowing the cyber security threats detected by our services helps you make informed information security decisions based on objective data.
Knowing the risk of existing threats allows you to create a proportionate and effective strategy to reduce and eliminate information security exposures.
After mapping the threats in the technological and operational environment, we create a risk-based security action plan that meets the short, medium, and long-term security needs of the organization. After setting the appropriate goals, we help you select the ideal technologies and systems, prioritize the existing security risks and then gradually increase IT security.
During feasibility planning, we objectively and rationally identify the strengths and weaknesses of the project, the opportunities, and threats of the technological environment, and assess the resources needed for implementation. Based on these, we then develop alternatives for possible implementation. This planning is essential at the outset of any complex cybersecurity investment, as it allows us to assess the necessary inputs and the potential outcomes, which must be proportionate to each other.
By developing a security specification, we support our clients in the process of planning, designing, and transforming their cyber security system by identifying the relevant security requirements in addition to the necessary functionality and technological capabilities. The security specification we create sets the framework for the security-relevant operation of the required systems, software, and functions. In this way, by applying the Security by Design principle, threat management is addressed at the planning stage.
After listing the threats, we make recommendations on how to mitigate and eliminate them to serve our customers' security efforts in the short, medium, and long term. These proposals detail what should be done and how, in tactical and operational timeframes, and the order in which they should be implemented, along with the resources required. As a result, our partners will know exactly what they need to do to make their businesses, systems, and processes more secure.
Risk analysis involves the categorization and assessment of potential threats to form a comprehensive risk matrix. After risk identification, it is necessary to understand the type, severity, and likelihood of threats to the organization's operations. Once these have been parameterized and prioritized, we can put together a risk management strategy to significantly reduce, address, or transfer the impact of the risks. In addition, our service includes documenting the risk management process and the retrospective reviewing risk factors, as these may change over time.
The security strategy we create is the result of an extensive planning process that includes defining the company's cybersecurity goals and the path to achieving them. The security strategy provides a framework for action planning, so the two are closely linked. The resulting plan helps to provide our partners with a clear and logical view of the company's current security status and future goals. They can also assess the type and scale of the resources required to achieve them.
When introducing a new IT system or strengthening a new competence, process management becomes essential. This activity involves assessing the state of our partners' information security processes, recording and analyzing them, and proposing any changes that may be necessary to ensure their secure operation. Through the models and documentation developed, the processes will become transparent, while optimization opportunities will become clear.
In cybersecurity, there is also a high price to pay if a company does not strive for a regulated operation, i.e. if the team does not know who is responsible for each step, who is involved, and what inputs and outputs are generated. Process regulation is inevitable to ensure these roles are self-evident, while the process is easy to manage, monitor, analyze, and reproduce. Our regulation service helps establish these, thus improving resilience to threats and confidentiality, integrity, and availability of data and systems.
The cybersecurity strategy balances long-term objectives with day-to-day operational activities by identifying cybersecurity focal points.
Action plans provide clear, straightforward guidance to achieve the objectives set out in the cybersecurity strategy.
In addition to implementing the planned actions, we help you to effectively respond to and retrospectively analyze any unexpected security incidents that may occur.
As part of our implementation support service, we offer our independent expertise as a security consultant to help our partners build and operate their cybersecurity on solid ground. We also take an active role in developing the technology environment, selecting the ideal vendors, controlling and testing processes, and auditing and reviewing the compliance of implemented systems.
Handover security testing
Project quality assurance
As independent cybersecurity experts with proven impartiality, we work to provide customized professional support to our partners. Our aim is to contribute to the targeted development of IT security through our experience and broad professional insight. In all cases, we represent our client's interests, which includes making vendor- and brand-independent recommendations and supporting their implementation. We use our professional competence to propose tools and solutions that are 100% adapted to the specific needs of our partners.
As a vendor and brand-independent security expert, we also support our partners in implementing their cybersecurity plans with systems, software, and other solutions that cover their needs to the greatest possible extent. As independent experts, we only consider what is in the best interest of our clients. Accordingly, once security is designed, we recommend vendors, security solutions and software that can serve your business and cybersecurity needs long-term.
Handover security testing
Once a new service or project is delivered it is essential to verify their true security capabilities. Our experts subject the delivered solutions to security audits and testing to ensure that they fully meet the pre-defined cybersecurity requirements. We take the burden of testing off our customers, while as an independent expert, we act as a protective shield between the company and the supplier.
Risk management involves identifying, analyzing, and responding to risk factors that are part of the physical and digital operating environment. The key to effective risk management is to control and continuously monitor future outcomes to the greatest extent possible, by being proactive rather than reactive. This approach offers the opportunity to reduce both the probability of risks occurring as well as their potential impact.
Project quality assurance
We provide project quality assurance services to help our partners avoid the most common mistakes in information security projects during the implementation of their investments. Problems can be caused by inadequate security planning, lack of systematic approach, or failure to carry out security audits of the implementation process and deliverables. Our expert team will help ensure that your project meets your security needs.
A cybersecurity or information security officer (CISO) and the team behind him perform specific monitoring and analysis activities. They provide guidance in strategic operations and planning while monitoring cybersecurity environments and program implementation. The objective is to ensure compliance with security rules that will reduce risks in the long term. We provide our clients with a cybersecurity officer who makes a major contribution to information security planning and efficiency in project implementation.
The state of cybersecurity in a company depends not only on planning and implementation but also on the ability of IT operators and staff to identify with and enforce the processes that are in place. With our extensive cybersecurity experience, we can also support you in building security awareness, which can be a big step forward in improving your company's security level. Training can be part of a project or as a standalone service, showing our clients how to think and perform day-to-day tasks with a security mindset.
With our implementation support services, you get a 360° security management approach that ensures the long-term security of your business.
As independent experts, we fully tailor your information security system and maintenance to your company's requirements, resources, and identified risks.
We provide a wide range of services to ensure that our clients' cybersecurity investments are implemented to the highest possible quality.
Through our cybersecurity research, development, and innovation services, we contribute to making cyberspace, its services, and cyber-physical systems more secure in the long term. We are committed to innovative solutions, and our researchers, engineers, and technology experts are key to building a more secure future.
Preferred research areas
While most companies are focused on solving today's IT security problems, we work with our academic and business partners to develop answers to future cybersecurity challenges.
We support our partners in the cybersecurity sub-areas of research, development, and innovation projects and research projects specifically focused on cybersecurity.
Theme identification, conceptualisation
Through our work, we identify existing and future cybersecurity challenges and hypothesize possible solutions.
We further break down our concepts into milestones, tasks, and potential deliverables, with associated resources, time windows, and decision priorities.
Carrying out research activities
We collect and aggregate available research results, then conduct tests to validate hypotheses and draw conclusions.