+41 44 667 77 66 info@clue.ch

Security Assessment

Can you say that you are totally aware of exactly what the security situation is in your IT infrastructure right now? Are your systems, especially databases, updated and protected against attacks and viruses? Is the security concept complete and constantly monitored? Is security guaranteed even if employees and guests bring new devices into the company every day? With our Security Assessments tailored to your specific needs, we are able to render these threats as harmless by pro actively discovering all weak points and risks associated with your company and supporting you in eliminating them quickly and effectively before any damage is done.

As is the norm, every company and every IT infrastructure has its own different components, requirements and risks. This is the reason why we pride ourselves on offering you security assessments that are built specifically around your needs and your operational framework. The implementation of sensible countermeasures then becomes significantly more effective because of knowing exactly what needs to be addressed.

Can you say that you already have methods and technologies of security monitoring such as SOC Services, SIEM, Vulnerability Management and regular audits? If not, no problem. We take all this into account and adapt our approach accordingly. Would you like to assess your security level without already using one or more of these services? Again, no problem. Or do you want to test systems, web applications, IoT or incident response teams? We are your partner for this as well. Our assessments range from minor threat detection all the way to comprehensive penetration tests. We also offer specialized APT / Ransomware Assessments, IoT and Machine Assessments and as well as Ethical Hacking probing.

Why CLUE Security Assessment?

  • Data storage in specially secured applications
  • Execution according to standards, e.g. OSSTMM and OWASP
  • Meaningful and detailed reports
  • Ongoing support long after assessment
  • Risk classification
  • IT infrastructure, IoT, machines, web applications, cloud services
  • Reasonable, flexible and company-specific execution of services

Select your Assessment:

Vulnerability Assessment

What does this service offer? It checks your IT infrastructure for weak points, both from a software and a hardware perspective, it uncovers back doors within insecurely configured systems and audits the configuration of cloud services such as Sales force or Amazon Web Services (AWS). For you this is a painless and seamless experience as we support you with the recognition, analysis and evaluation of the results and help you to close weak points efficiently and sustainably.

Are you aware that, in recent years, malware has successfully infested IT infrastructures of all types of companies and caused considerable damage? Many attacks are based on already published advisories and vulnerabilities. It is therefore indispensable for every company to find and get under control any issues that could cause unnecessary exposure.

Who really benefits from a Vulnerability Assessment?

Any company that does not already have some kind of comprehensive way of identifying and dealing with security threats.

Are you currently hosting some of your web services or smartphone app backend servers on AWS EC2 and need full control over existing and new vulnerabilities on these systems? Want to verify the efficiency of your patch management or WSUS environment? Are your employees very mobile and make use of devices which are rarely connected to the corporate network? Does your product offering include the building of machines and would you like to offer these to your customers securely configured and protected? All these questions are relevant and quite easily solved and dealt with through the use of Vulnerability Assessments.

 

Vulnerability Management Service

  • Efficiently scans the entire network for vulnerabilities
  • Identifies easy targets of attack
  • Automates thousands of security checks
  • Ensures once-off or continuous vulnerability management
  • Makes perimeter scans, infrastructure scans or cloud scans possible
  • Encourages passive scanning of sensitive devices such as machines
Security Assessment

Clue Security Assessment is a unique product offering that revolves around the examination of information security as part of an ongoing consulting service. We make it standard practice to test your infrastructure and organizational processes in cooperation with your IT manager- the goal being to be more than one step ahead of any weaknesses and risks.

The components of such a security assessment can consist of internal and external tests, as well as Ransomware protection validation, policy reviews and the audit of security components.

What happens when we find areas of concern? Well, firstly, all identified vulnerabilities or less well-protected systems are subjected to more detailed and in-depth testing. This is all done, of course, in consultation with you. Next, we put together a comprehensive report, with actionable points recommended. The report allows you to see a prioritized list of identified vulnerabilities and suggestions for optimizing your IT infrastructure. This gives you the informed power to decide whether a risk can be ignored for the moment, negated or whether you want to invest in risk reduction and avoidance.

Who really benefits from a Security Assessment?

Due to rapid technical advances, more and more devices find themselves based on very common and ubiquitous software technologies such as embedded Windows and Linux operating systems. This is not always an advantage though, any weaknesses in these systems will have a compounded knock-on effect with a wider reach across platforms.

Do you develop or build products based on these technologies? Do you use security measures such as firewalls, VPN, proxies, strong authentication, network access controls, enterprise corporate Wifi, log management or SIEM in your IT infrastructure and want to put them through their paces? Or would you like to prepare your company for an external audit? If you answered yes to any of these questions, then it is you who can really benefit from a security assessment.

 

Security Assessment Service

  • Coverage of the entire network and applications on an ongoing basis
  • Identification, evaluation and closure of weak points
  • Revision and optimization of security policies
  • Robust protection of the IT infrastructure against attacks
  • Verification of compliance requirements and user guidelines (GDPR Compliance)
  • Handling information security, security rules and user data
Ransomware / APT Assessment

An Advanced Persistent Threat Assessment (APT) is a specialised service that focuses on how well your organization is protected against Ransomware and other blackmail Trojans.

This type of malware has become notorious in being successful in infecting IT infrastructures as it is not circulated only once, like classic viruses, but makes effective use of modern obfuscation mechanisms. Interestingly, it is often generated specifically for a target or company. This is why, unfortunately, classic anti-malware solutions often do not detect them.

To counteract this, we not only test all the various transmission and communication channels that could be used by Ransomware, but also take a closer look at what options are available in terms of damage control such as segmentation and disaster recovery strategies.

Who really benefits from a Ransomware Assessment?

Ransomware does not discriminate between large and small companies. It attacks computer systems, takes data from systems, attempts to recognize other data releases on neighbouring systems and to encrypt them all. This means that neighbouring systems are also partially affected.

The risk of such an attack should not be underestimated by any company, regardless of size or activity: After all, large-scale system failures cause immense damage regardless who is affected.

Are you unaware of your current protection against Ransomware? Have you ever carried out a system test or want to have your new protection mechanisms tested? Then a Ransomware Assessment is exactly the right thing for you.

 

Ransomeware Assessment Service

  • Validation of transmission paths
  • Reverse communication test – C&C servers
  • Recognition and validation at the endpoint
  • Assessment of preventive measures
  • Advice on disaster recovery concepts
Penetration Testing

Clue penetration testing is a vital tool in our arsenal against security threats. It presents the closest thing to a realistic attack on your IT infrastructure. Real conditions are simulated and – without the support of the internal business units – man and machine are thoroughly tested through an essentially real “cyber- attack”.

Vulnerability assessments, while effective in using fully automated tests to uncover weaknesses, don`t necessarily present your system with an actively offensive attacking opponent. It can be compared to the difference between testing a yacht in controlled conditions on the factory floor or throwing it into a stormy sea – this rigorous rattling of your IT cage will reveal whether or not there is a deeper layer of potential exposure or not.

Who really benefits from Penetration Testing?

New service providers, implementation of new requirements or the acquisition of companies means that your IT surroundings are constantly in flow. We recommend that a penetration test should be carried out regularly to allow for the secure optimization and development of your company.

Can you say that you already rely on Computer Security Incident Response Teams (CSIRT) to continuously monitor IT and security events and use extensive technologies to defend yourself against cyber- attacks? Do you develop applications or systems that process critical data or control infrastructures? Are you subject to compliance requirements, which you must meet and prove? Then you can rely on a penetration test provide you with actionable information to comprehensively close the door to any aggressive outside interference and to keep you ahead of compliance regulations.

 

Penetration Testing Service

  • Validates your security strategy and processes
  • Red Team as a Service
  • Identification, evaluation and closure of vulnerabilities
  • Primarily unprivileged tests
  • Internal Business units need not be directly involved
  • Manual verification of results

How does the process work?

Each assessment starts with a kick-off meeting onsite. This meeting is to essentially understand the requirements and goals that you need addressed. Based on this, we use our considerable experience to define the methodology and best practice procedure to meet your expectations.

After all points have been clarified to your satisfaction, we move forward with the official security assessment, consisting of:

 

  • Essential Information Retrieval
  • The looking for and initial analysis of vulnerabilities
  • Verification and assessment of vulnerabilities
  • Formulation of a report of the above
  • Presentation of results
  • Recommendations for further action

Do you need to know what your IT security is like today, right now? Are you missing an updated inventory of all IT components and their communication channels? Or do you urgently need expert knowledge to support a migration project or an upcoming audit? Then we have the right solution for you. Talk to us about security assessments and penetration testing. We will be happy to advise and show you a target-oriented implementation, adapted to your environment.