A response plan that has not been tested is as useful as having no plan at all.
The midst of a cybersecurity incident is not a good time to test the plan.
Scenario-based testing of your cybersecurity incident response capability is a high-impact way of engaging your response teams (which includes executive leadership and not just the IT team) in the business decision-making process, that goes with reacting to a critical incident. Regular testing of your response plans will help everyone involved to be familiar with the process and prepare them to react when a critical incident occurs.
The focus is no longer prevention: you can’t stop attacks. It’s now about better detection and readiness for the inevitable in order to survive in today’s complex world.
The Cyber Security Due Diligence is a cyber security service which aims to discover any valuable assets, apps, accounts, and points of presence that reside on digital channels and remain susceptible to all types of attack and abuse.
In order to provide an effective and reliable Cyber Security Due Diligence, Innovery Group makes use of bespoke OSINT tools and third-party commercial sources empowered by the cyber security skills of its team.
Approach and Methodology
The Cyber Security Due Diligence consists of the following activities:
• Leaked credentials collection and credentials stuffing
• Data breach investigation
• Domain Typosquatting check
• Deep and Dark Web investigation
• Social Media monitoring (SMM)
• Vulnerability Assessment OSINT-based
Innovery Group will provide one technical report for the Cyber Security Due Diligence at the end of the engagement. The technical report will include detailed technical analysis along with the recommendations and remediations.
A score will be calculated by the vulnerabilities/alerts’ amount and severity and will reflect the digital cyber risk status of your company.
Network Security Assessment (NetSA) reveals real-world opportunities for attackers to be able to compromise systems and networks in such a way that it allows unauthorized access to sensitive data or even take-over systems for malicious/non-business purposes.
This type of assessment is an attack simulation carried out by our highly trained security consultants in an effort to:
• Identify security flaws present in the environment
• Understand the level of risk for your organization
Help address and fix identified network security flaws
Web Applications Security Assessment (WebSA) allows you to identify security vulnerabilities that are present in both your commercial and in-house developed web-based applications.
By testing the security of your web-based applications, Innovery Group helps you to:
- Identify security vulnerabilities and security design flaws affecting your web applications.
- Understand the contextualized risk posed by issues found and the impact of security violations.
- Reveal your exposure to internal (e.g.: malicious employees) and external attackers (e.g. malicious users and anonymous attackers).
- Learn your applications’ overall security posture and how the latter can affect your business.
- Receive detailed recommendations on how to solve issues found, mitigate identified risks and improve the overall security stance of your web-based applications.
Mobile applications are becoming more dominant than ever, this evolution has created a full range of new attacks that are not relevant in the classic web applications world.
During Mobile Security Assessment (MobSA) testing, Innovery Group simulates a multitude of attacks, both general application attacks and mobile dedicated attacks.
At the end of this assessment you will be aware of how a real hacker penetrates the different applications and retrieves confidential data. In that respect, Innovery Group has created a research-driven mobile testing methodology that incorporates guidance from the OWASP Application Security Verification Standard.
Using a combination of manual and dynamic analyses, along with custom harnesses for automated fuzzing, our mobile security testing provides verification and validation across all major control categories, including authentication, session management, access control, malicious input handling, cryptography at rest, and much more.
Business Insider Intelligence forecasts that there will be more than 64 billion IoT connected-devices installed around the world by 2026*. Globally, that will be 3.5 networked devices per person.
While (Internet of Things) IoT is going to improve life for many, the number of security risks that consumers and businesses are prone to face will increase exponentially. IoT security ecosystem gathers embedded software, data, mobile application and cloud security.
In that sense, Innovery Group has created a research-driven IoT testing methodology that incorporates guidance from the OWASP IoT Security Verification Standard.
Our Internet of Things Security Assessment (IoTSA) covers the entire IoT ecosystem:
- Authentication/Authorization process.
- Network Services analysis.
- Encryption strength.
- Mobile Interface.
Software/Firmware security analysis.
Traditionally, SCADA environments were completely closed systems that used their own isolated equipment and networking protocols. More recently, however, SCADA environments have become IP enabled and interfaced to IP gateways.
Therefore, the risks to SCADA environments are growing and organizations are actively looking at vulnerability assessment and penetration testing against these resources.
The first stage of any SCADA Security Assessment (ScadaSA) test performed by Innovery Group is to understand the technologies in use, which can vary significantly, from old proprietary solutions to more modern web-based interfaces, with or without additional authentication solutions.
Once the solution is understood, Innovery Group’s consultants evaluate the potential attack vectors, develop an appropriate test plan and proceed testing.
As we understand the sensitive nature of testing Process Control and Industrial Automation systems, especially within live production environments, our team have developed a proven methodology to test systems with no interference to the availability and integrity of the process.