In addition to reactive defense services, Innovery’s CERT offers proactive defense services, which aim to prevent security incidents by continuously searching for threats that may impact the customer (not just ICT infrastructure) and immediately reporting them to the appropriate personnel.

The services offered by our CERT are in line with those provided by the Computer Security Incident Response Team (CSIRT) Services Framework, a high-level document describing in a structured way a collection of cyber security services and related features that CERT and SOC teams can provide in the field of both reactive and proactive defense.

The services we offer are the following:

Early Warning

Vulnerabilities management services offered by our CERT include the identification, analysis and management of security vulnerabilities, both new ones (zero-day) and those reported by the authoritative sources (CVE). Vulnerabilities can be detected by the team, within the CERT, dedicated to vulnerability management or through other activities that are part of the CERT’s normal operations.

The vulnerability analysis consists of activities aimed at gaining an understanding of the vulnerability and its potential impact on the customer’s infrastructure, identifying the root cause that allows it to be exploited, and as a result, identifying one or more remediation or mitigation strategies to prevent or minimize the risk exposure.

In Innovery, this process has been automated with the INNEW service, Innovery Early Warning, specifically designed to inform our customers about the potential vulnerabilities on their systems as quickly as possible, both related to CVEs and cyber threat intelligence feeds.

The service uses a variety of information feeds available from both public and commercial sources, including several privileged feeds that are not available elsewhere.

INNEW filters hundreds of events we receive each day and, using customers’ asset inventory, it matches those that are relevant to their infrastructure and promptly notifies them to contacts via reports/ emails and the Early Warning portal.

The service does not actively scan Client networks, so it is totally non-invasive, but it can be integrated with Continuous Vulnerability Management tools in order to improve the speed of threat response.

The service enables an effective collection, analysis, and sharing of information about critical vulnerabilities, in association with information about the involved technologies, the availability of exploits, and the existence of zero-day vulnerabilities together with the resulting level of risk.

Once the impact of the vulnerability is analyzed, clients are properly informed so that their systems can be kept up-to-date and monitored in order to check whether the vulnerability can be exploited.

Cyber Awareness

Thanks to the type of services carried out by our CERT, we are able to collect relevant data related to cyber security threats from a large number of sources, to perform analysis, and to assess trends and risks for our clients’ security.

Our CERT works together with security experts and technological partners in order to increase the collective understanding of the threats and the actions that can be undertaken to prevent or mitigate the risks caused by these threats, sharing our know-how with our customers who have subscribed to CERT’s Knowledge Transfer service.

Indeed, it is also CERT’s task to transfer this knowledge to clients to improve not only security posture, but above all the awareness in cyber security.

To increase the level of awareness about cyber security risks our clients are exposed to, CERT-INN uses digital cyber security awareness tools and platforms, which are provided in SaaS mode.

With the support of our partners, we deliver advanced cyber awareness services so that our clients’ personnel gain the necessary knowledge of the correct behaviors to adopt in order to prevent or counter risks, protecting personal and corporate data from cyber threats.

The SaaS platform we use to deliver Cyber Awareness services has the following purposes:

  • E-learning training for non-specialist personnel based on teaching methodologies that take into account the digital learning methods more effective for this purpose; it consists of short multimedia classes, carried out in educational and not specialist language, able to attract the interest of the participant
  • Anti Phishing Training able to produce effective results thanks to its unique experiential training methodology based on automation and machine learning, which enables it to keep “trained” – through simulated phishing campaigns – two important human defensive factors: readiness to recognize phishing and responsiveness in reporting it to responsible parties.

Cyber Threat Intelligence

Cyber Threat Intelligence is the ability to identify, process, understand, and communicate cyber threats that are part of the CERT’s area of competence and that could impact the operations or reputation of our client companies.

For this purpose, we continually gather from sources available on the web (OSINT and CLOSINT) information regarding the threats that are being spread, then checking internally and externally to the corporate perimeter whether and how these might affect the security posture of our clients.

The goal of gathering cyber threat intelligence information is to acquire useful information to prevent and mitigate cyber threats, to identify vulnerabilities and security gaps in computer systems and to strengthen security measures in order to respond promptly to any cyber attacks. 

The collection of information takes place in different ways, including finding information on the Clear Web (social media, forums and websites frequented by malicious actors) and in the Dark Web (TOR network). 

To this end, we have developed a technology, based on Artificial Intelligence and bigdata analysis that automatically and continuously collects, analyzes, catalogues and store information from multiple sources (OSINT and CLOSINT) in accordance with the OSINT information processing steps: 

Cyber threat intelligence information comes from a variety of sources, including those processed by our CERT team, our partners, and various business sources. They are collected in a specific database and this allows us to further enrichment and investigation, as well as generate alerts and reports.

The information thus becomes “actionable” and can be shared in standardized formats.

Customers and community partners can use them directly on their security and monitoring platforms such as Firewall, IPS/IDS, SIEM, SOAR, Endpoint Protection, and others to automatically block identified and detected attacks.

We can support you to create an ecosystem where there is a real-time sharing of actionable information in the community, able to increase the defenses of community members to allow prevention, identification and mitigation of Cyber Threat before there can be a real impact on your business.