Other Services of Cyber Security

THREAT DETECTION & ANALYSIS

Through its Threat Detection & Analysis procedure, the INSIDE Cyber Security Division can detect and analyse any hostile hardware or software devices (such as viruses) that are potentially capable of damaging or exporting sensitive data in computer systems affected by threats.

ETHICAL HACKING

Ethical Hacking consists in the simulation of an internal or external malicious attack, depending on the type of exposure risk identified in the computer system, and includes human as well as technological aspects, for example, the Social Engineering method.

SOCIAL ENGINEERING

Social Engineering is a series of psychological techniques used by a Social Engineer to deceive the recipient into performing certain actions (such as issuing access codes, or opening malicious attachments or site containing diallers, etc.).

The attack includes an initial phase, known as footprinting, consisting in the collection of information about the victim (e-mail address, phone numbers, etc.) and the subsequent assessment of its reliability. Once the victim has fallen into the trap, through the false sense of confidence induced by the Social Engineer, the computer system can then be accessed and violated.

No particular computer skills are needed to perform this activity, as knowledge of the person’s psychology is sufficient (normal computer intrusion tools may already have been tried, unsuccessfully): the Social Engineer exploits certain impressions of the victim, such as guilt, innocence or ignorance.

Thanks to the support of highly sophisticated equipment, our security experts are able to analyse the user's behaviour, magnify possible misappropriations and, in general, any potential carelessness in the protection of your data.

Our team can "actively" or "passively" reveal the degree of vulnerability a user has, that is, their predisposition towards being fooled by the most or least easily managed ad hoc scams that are designed to mislead consumers: in the former case, our team implement their own activities against attackers, trying to "lure" victims with lies and deception (e.g. via social networks or sending links of any kind) and thereby gathering information that is strictly confidential; in the latter case, they "attend" to the user's conduct by identifying all of these types of behaviour, even if they are only potentially at risk of being subject to cyber attacks.

CODE REVIEW

Through its Code Review service, the INSIDE Cyber Security Division detects vulnerabilities in source code, thus limiting the costs due to production of the program.

The activity consists of an initial analysis of the application, using tools to simulate execution of the code and detect any vulnerabilities that may be present. A second phase searches for vulnerabilities that may not have been identified in the initial analysis.

SECURITY EVALUATION

For its Security Evaluation service, the INSIDE Cyber Security Division uses highly skilled technicians working in a laboratory environment to evaluate the safety levels of hardware and software applications, processes and, platforms by identifying any vulnerabilities that are present and implementing existing security procedures.

IT RISK MANAGEMENT

Through its IT Risk Management process, the INSIDE Cyber Security Division identifies risks (vulnerabilities, threats, etc.) due to corporate IT investments (Risk Assessment) and defines the best strategies for governing them (Risk Treatment), thereby increasing the level of security required by IT infrastructure.

SECURITY AUDIT

The Security Audit service provides a technical assessment of an organisation’s security policy based on a combination of Penetration Testing and Risk Assessment activities. It basically involves accurate identification of vulnerabilities in the computer system through precise optimisation of the execution of technological checks, thereby strengthening its risk assessment capacity.

HIGH LEVEL SECURITY CONSULTING

The specialised staff of the INSDE Cyber Security Division offer consulting services on any computer security issues that may not be covered by the services described above.