SMART CYBER SOLUTIONS Bespoke PRIVACY & Security SERVICES
TABLE OF CONTENT ABOUT Us 05 Offensive Security 06 Cyber Security Assessments 08 Open Source Intelligence 13 Privacy Services 16 Physical Penetration Testing 18
+05 ABOUT US
OUR philosophy
Security. Privacy. Integrity. We provide personalised bespoke security & privacy solutions for any size operation or enterprise. Our global team of skilled InfoSec professionals undivided attention will be yours as we tailor our services to the specific needs of your operation, no matter what timezone you hail from. By simplifying the process and delivering comprehensive affordable solutions in language everyone can understand, whereever you are in your cybersecurity journey... We can help.
OFFENSIVE SECURITY
+06
the best defence is a great offense Smart Cyber Solutions offer a full range of traditional offensive security services, breach & attack simulation as well as purpleteam engagements. Contact us for a holistic security solution tailored to your budget and operational requirements.
Internal Penetration Testing. • External Penetration Testing • Application security. Cloud security Container security • Wireless Pentesting • Redteaming • Denial-of-Service Stress Testing Physical Penetration Testing
THREAT INTELLIGENCE Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence or intelligence from the deep and dark web. Using the intelligence gathered about potential threats and threat actors, we create detailed attack scenarios that simulate real world adveraries. An informed defense is the best defense.
24/7 Client support You’ll never face another incident alone. Our 24/7 support will ensure you make the right decision everytime about cyber security, privacy and anonymity issues.
+08
CYBER SECURITY ASSESSMENTS solutions tailored to you Smart Cyber Solutions pen testing services provide an indepth review of the weaknesses in your system networks. We do this by attempting to exploit your businesses security system to find weak points. Once an assessment is complete, Smart Cyber Solutions will provide a detailed report outlining how to improve your business’s security defences. By completing penetrating testing, you are proactively improving your information security. This whole process is known as ethical hacking as the outcome is to improve business security, rather than steal sensitive data. To be effective, this type of testing needs to be performed
on both the applications and the supporting network infrastructure. Testing can be performed in two ways: From the perspective of an external attacker with no knowledge of your business. As an attacker with credentials or access to the internal network. Penetrating tests lay the groundwork for how a business can improve its security systems to prevent any threats to data.
Smart Cyber Solutions’s proven 6 step approach to pen testing is based on industry best practice. This ensures our clients receive consistent and quality results to ensure their systems are protected against threats.
Security Health Check
To achieve this, our team of experts uses commercial, open-source and custom developed penetration testing tools. Our testing is performed using a variety of automated tools and manual techniques tailored to suit your business requirements. We have outlined our 6 step approach below:
•
• • • • • •
Information Gathering – collecting data to prepare a security attack Threat Modelling – designing ways to test the weaknesses Vulnerability Analysis – defining the possible points of entry Exploitation – attempting to gain sensitive data Post Exploitation – evaluating the level of risk to your business known weaknesses Reporting – providing a detailed report of strategies to improve your security
Regulatory Requirements and Governance Penetration tests are a mandatory requirement for meeting several regulations, including PCI DSS, SOX, GLBA and HIPAA.
Our team will perform a security health check to help you manage risks to your data. This process involves:
• •
Evaluating the maturity of current information security capabilities Identifying weak areas Providing recommendations on ranking areas for security remediation
Our security services go beyond a technical focus. We take a holistic view of people, processes and technology while providing an understanding of overall risk posture. If requested, we can also undertake an in-depth code review and test your whole security architecture. Security Assessment Assessments are used to identify, estimate and prioritise risks to operations and assets. Ultimately, these help manage weaknesses to limit the threat to your data. When a business is focused on money transactions, undergoing a security risk management process is even more important. Things to think about: • • •
How your organisation makes money How employees and assets affect the income of the business What risks could result in large monetary losses for the company
Afterwards, it is important to learn how to enhance your IT infrastructure to reduce large financial risks.
There are two ways of detecting weaknesses: •
A Smart Cyber Solutions risk assessment involves only three factors: • • •
The importance of the assets at risk How critical the threat is System vulnerability to that security threat
Using those factors, you can assess the risk—the likelihood of money loss by your organisation. Although risk assessment is about logical constructs, not numbers, it is useful to represent it as a formula: Risk = Asset x Threat x Vulnerability. Remember, anything times zero is zero. If the threat factor is high and the vulnerability level is high but the asset importance is zero (in other words, it is worth no money to you), your risk of losing money will be zero. Vulnerability Assessment & Management IT security systems are a complex network of devices which can often have weaknesses which attackers can exploit. To ensure all assets are protected, it is important to undergo a process of scanning for current weaknesses in the system. Scans will detect and then prioritise any vulnerabilities in your IT security system. This includes computers, servers and other communications equipment either on-premise or in the cloud.
•
Authenticated scans – tests internal security measures to see who has access to different elements of your systems. This can be based on whether it’s staff or those who have gained access through illegal means. Unauthenticated scans – this is essentially an ethical hack. The aim to be a hacker and attempt to find and exploit any weaknesses in your current security system.
Ongoing maintenance of your security systems is important as weakness can emerge when an operating system or software is updated. Vulnerability scanning on a regular basis is recommended as an essential security practice or to meet operational compliance where required. Vulnerability Assessment Here at Smart Cyber Solutions, we provide vulnerability assessment services to ensure your systems are secure and also compliance with current regulations such as ISO27001, CPS234, PCI DSS, etc. We undergo thorough testing and scanning of your current system to detect any weaknesses. Our assessments include a few types of vulnerability scans, such as: •
•
Applications – detecting weaknesses in any internal or external software used by employees including configuration issues Databases – checking data governance and how
• •
information is exchanged between databases Networks – assess the policies and procedures governing how data is transferred and used Servers – testing security standard
Our penetration testing services are some of the best in the business. We pride our self on undergoing rigorous testing on your business now, to protect you from threats later on. These all occur via a combination of automated and manual security solutions – our vulnerability scanning tools.
While assessments have a defined timeline, vulnerability management is ongoing. In a dynamic environment such as cyber security, Smart Cyber Solutions recommends to constantly be checking your system for the appropriate security controls. Weaknesses can appear in your system quickly so it is important you’re continually checking your security systems. For proper vulnerability management, a system needs to be undergoing measures to detect, assess, report and remediate any potential issues.
Assessments are suitable for any business who require a more structured approached to mitigating cyber risks. Whether you’re a small or large scale organisation, Smart Cyber Solutions is here to ensure your assets are secure.
Smart Cyber Solutions can help you maintain a high level of security for your business through ongoing management. In doing so we will continually be performing:
Assessment Report and Remediation
•
Smart Cyber Solutions provides a detailed report as a part of our managed vulnerability assessment services. Our reports include: • An overview of any vulnerabilities identified • A risk rating for each • Remediation advice on how these vulnerabilities can be addressed Vulnerability Management When updating systems or changing IT assets, you could be leaving your data exposed to a major breach. It is important to be aware of your security weaknesses all the time, rather than just a once off assessment.
• •
•
• •
Checks on assets and software to ensure the data we have is up to date. This will include an assessment inventory to ensure everything on premises or in the cloud is on file and secured. Checks on any global security alerts to ensure your system is not impacted Checks on your current security team. We will ensure current employees in the security team have up to date training and response management. Risk assessments to see where your organisation may be vulnerable. This will require internal cooperation to ensure a proactive approach. Assessments of your IT environment Undergoing remediation processes for any issues
+13
OPEN SOURCE INTELLIGENCE Open source intelligence (OSINT) is a form of intelligence collection management that involves identifying, selecting, acquiring and analysing information from publicly available sources with a view to producing actionable intelligence or evidence. Let our team help you with the Who, Where, What, Why and How.
Who Needs Open Source Intelligence Services OSINT has multiple applications for businesses and individuals. Whether you need to clarify some personal matters, study your competition, or need more data to support your business decisions, our investigators will provide complete evidence on the basis of all information available in the cyber space.
OSINT SERVICES solutions tailored to you Open Source Intelligence (OSINT) refers to any data that can be gathered legally by using free public sources such as online media or social networks. Using the Internet as the main tool, our OSINT investigators track, collect and synthesize all digital footprints related to the topics or persons under investigation. They thoroughly compile all the available information to develop case reports. Reports are used in multiple settings and passed onto clients to make an informed decision about individuals, businesses, or events. These reports are sufficiently substantiated to be presented as supporting evidence in the court of law, for insurance claims, corporate personnel inquiries, or any other purposes demanding a high level of legitimacy.
OSINT for Business Owners and Corporate Executives Entering into a contract, partnership, or any other business relation is an involved venture with potentially serious consequences. When firms enter into business deals, they are mainly focused on the financial side of things; thorough research on prospective counterparties might seem to be a demonstration of distrust. Our services will help your business learn whether another party represents reputation or legal risk to you. Our OSINT investigators will answer many questions to give you peace of mind. We will make sure that you enter into business deals with a clear awareness of your counterparties. Human Resources OSINT Services Whether you are in a corporate human resource office or recruitment business, you are entrusted to place the right individuals. Background checks are standard procedures when individuals are considered for hire. In most cases, those are comprised of running the contact reference, financial, and criminal checks. Those checks, however, do not paint the complete picture. Our investigators can help businesses get a better view of the potential hires or existing employees and contractors. Smart Cyber Solutions offers stand-alone reviews or ongoing monitoring services to ensure the safety and security of your business operations and reputation.
OSINT Investigations for Insurance Companies Insurance fraud is very costly, with insurers paying off millions of dollars in fraudulent claims. Modern technology offers multiple outlets and opportunities to conceal wrongdoings; tech-savvy fraudsters get better and better at using them. As a result, the investigation of the claimed legitimacy is becoming more and more tenuous and technically challenging. Smart Cyber Solutions offers services in support of insurance investigation, which can save a great amount of time and money. Out tenured cyber space investigators can help discover data, which is difficult to be uncovered through conventional means. OSINT for Legal Services The availability of accurate and complete data is critical for any type of litigation, civil or criminal. Law firms or any other legal services, whether representing the plaintiff or defense, need to have at their disposal all data, whether it is “good” or “bad.” Availability or lack of this information can make or break the case. No matter what type of business or function you are running, Smart Cyber Solutions can help you gather the information you need.
+16 PRIVACY SERVICES Manage your digital footprint Our Personal Cyber Security service is available
Unfortunately, everyone is susceptible to cyber
for any individual who has an interest in
attacks; if you are a high-profile individual, your
protecting their personal information, reputation,
risks are even greater. You may already be a
brand and privacy. It is aimed at highnet-worth
target of active and persistent attackers right now.
individuals, corporate executives, celebrities, politicians, public figures and anyone who needs total protection against a security compromise.
Could be competitors, ex-partners, fans,
Attacks come in many forms: stealing
stalkers, private investigators, cyber criminals,
personal information, phishing e-mails, identity
hacking groups, nation-states, foreign
theft, phone hacking, malware, viruses, social
governments, hacktivists, journalists, paparazzi,
media hijack. We can help you reduce these risks
law enforcement, opportunists and many
and manage your digital footprint. Unlock the
others.
potential of privacy.ing, accessing your bank detai enim ad minim veniam, quis nostrud exerci tation.
+18 Physical penetration testing What is physical PenTesting? Physical penetration testing is a simulated intrusion attempt that is designed to identify weaknesses in your business’ physical security. This is different from our other types of testing as the target is not a cyber one, instead, it is your physical location. Successful and partially successful attempts to break into your premises will highlight vulnerabilities in your physical security which could be exploited by criminals. This is important information which is key to improving your security.
So why a physical pentest? The key benefit of Physical Penetration Testing is to, through simulation, identify your weaknesses in security and assist in rectifying them so that they don’t cause you issues in the future. It can also be used to determine your level of physical controls and staff security awareness, identifying opportunities for improvement. As part of the assessment, we will provide a report outlining vulnerabilities in your security as well as recommendations to remedy these weaknesses. Using the vulnerabilities outlined and the fixes proposed, you can strengthen your security so that real criminals cannot gain access to your premises the same way our consultants did in our simulated physical penetration test. Once inside your premises, our consultants will also attempt to further surpass your security and gain access to the computer network at the site. This, again, is done to identify exploitable weaknesses so that you can remedy them before real criminals can take advantage of them.
Email : contact@cybersm.art https://cybersm.art