Good security relies on a good threat assessment: from design, audit, testing and day to day monitoring of your business
Systems security is constantly evolving by nature: the threats are evolving whilst the infrastructures need to adapt and grow, and the people need training.
We are prepared to help you every step of the way.
Design & Planning
"Any good security strategy includes multiple layers of protection" (Kyle D. Dent)
Because security starts with a good design. Too much software has been released without adequate security, simply because the functionnality went in first and the security was only an afterthought. We argue that a sound approach to systems design must integrate security concerns, rather than hamper the development of features, it should be helpful in designing a solid base on which it is then easier to develop new features, which will be secure by default.
Part of the difficulty is in selecting the right tools, we are proud to support any action that increases the availability of quality tools for professionals. We constantly evaluate new tools as they become available, from all sides of the security equation... "Know your enemy"
Be prepared for the worst: because we can never be fully protected from 0-day exploits, security breaches and other unfortunate events (fire, lightning, etc). Contingency plans, preparation and disaster recovery must be in place before they are needed.
Implementation & Quality Control
Only experienced professionals can produce secure code by default and be able to see a vulnerability where others would just see inelegant or somewhat convulated code.
It is next to impossible for someone who has no idea where the threat might come from to write secure code, even when the threat is known it is not always possible to thwart it, often maintaining control and being prepared to act is more important than trying to prevent what cannot be predicted.
In our experience, we have often found that secure code leads to better code overall, because it helps enforce certain important principles of quality software design.
Testing & Audits
Guaranteeing the security of systems takes an integrated approach but also the right tools to test the measures and counter-measures in place.
It is therefore absolutely crucial to be able to have access to the best tools available for a certain task, this is why we actively support full disclosure policies.
Maintenance & Monitoring
Once an environment is deemed secure, complacency becomes one of the biggest threats.
That is why we provide remote maintenance and monitoring for a comparatively low cost to in-house dedicated resources.
But if you prefer to manage these services yourself, you can subscribe to our security bulletins, or have one prepared specifically for your needs, sent to you regularly or/and as and when needed.
We also provide forensics and incident response, should you be unlucky to need it.
From basic social engineering to obscure bugs, the human factor is unfortunately the weakest link, training is a key part of threat mitigation.
Various levels and length of training for:
- End users security awareness
- End users in critical environments
- Developers and Designers
- Managers and risk assessment
- Tailor made programs