IT Security

On the basis of an actual analysis of IT Security in your company, we create security concepts and develop possible solutions for the greatest possible protection of your IT Landscape. We also support you with the introduction of an ISMS based on ISO 27001 or the VdS 10,000 by means of Protection needs analysis, the Aufst creation of contingency plans and the holistic Realization of a BCM (Business Continuity Management) .

You can only find out whether your company is effectively protected against attacks by hackers if you are waiting for a nasty hacker attack or if you commission us to break into your network with our “good” hackers. With a penetration test, which we adapt to your individual requirements, our certified hackers can test whether a break-in is possible with you with a certain amount of effort or not. We perform pentests externally on websites and company firewalls, but also internally in your company’s network. Finally, you will receive a deficiency report and recommended measures to remedy the problem.

The attack points of hackers have shifted from the mostly well-secured external firewall to internal attacks. Inadequately secured systems can be tracked down and attacked through internal attacks (e.g. with the help of malware). We therefore recommend performing a weak point analysis on a regular basis, during which all systems are tested for weak points. The resulting report then contains the measures for eliminating the vulnerabilities. The maximum level of security can only be achieved through regular (eg monthly) weak point analysis and removal of weak points.

Our technicians also carry out forensic analyzes after an incident (e.g. hacker attack, ransomware, etc.) on you. The preservation of evidence has the highest priority. Therefore, the status is saved unchanged before any analysis. Analyzes can then be carried out on the live system (live response analysis) or on copies of the backups by the forensic scientist (post-mortem analysis).

In a phishing campaign, we send very realistic but fake emails to employees of your company in several stages and then evaluate the reactions to the emails. The final report can be used to initiate further measures such as training or information campaigns in the company. Phishing campaigns usually do a lot more to employees than you might think. There are discussions, fears discussed, reporting channels clarified and ultimately processes for dealing with these emails developed. With little effort, an effective awareness-raising measure is created that reaches all employees.

Despite technically sophisticated measures, the greatest weakness in IT Security is the human component. Therefore, awareness training has become an indispensable part of day-to-day business. Employees learn to recognize the attacks and to react accordingly in order to keep damage away from the company. Contents are, for example, secure passwords, encrypted emails and screen locks, as well as dealing with phishing emails and the risk of social engineering.

The disclosure of more or less sensitive information in social networks, the willingness to provide information on the phone or by email and discussions about sensitive topics in public represent an important vector of attack for criminals. The information obtained is used to initiate financial transactions, for example. We offer social engineering campaigns that test how your employees react to such attacks. We test how far we can penetrate your company by phone, email or in person. The results are evaluated and measures for improvement are developed with them.

Server systems offer extensive services, components and communication protocols. However, many of them are not maintained or investigated for safety because they are not in use. To avoid misuse, services and old protocols that are not required should be deactivated. In addition, the security configuration of all services should be raised to a high level. This all happens at the push of a button when hardening Windows servers with our Server Hardening Package (SHP). We also offer a solution for hardening databases (MSSQL and Oracle).

In order to achieve a high level of security for systems and applications, regular, automated patch management is essential for all mobile and stationary systems. The focus is on the procurement, testing and distribution of updates for applications, drivers and operating systems. We help you to conceptualize, introduce and operate an effective patch management.

We support you in the conception and implementation of security-technically effective firewall systems, in which the content of the data packets is analyzed in detail in order to detect and block malware, DoS attacks, cross-site scripting and SQL injections as early as possible. When designing the concept, we take into account all extended functionalities such as deep learning, intrusion prevention system, sandboxing, advanced threat protection, SSL inspection and multiple AV scans.