Security audits

External Audit

Dis­cov­er vul­ner­ab­il­it­ies and weak­nesses with­in your extern­al peri­met­er by sim­u­lat­ing attacks that would be per­formed by extern­al attack­ers against your exposed sys­tems, such as Web and Email serv­ers, along with any remote access ser­vices.

Internal Audit

Eval­u­ate your secur­ity level with respects to a mali­cious insider, a vir­ally com­prom­ised work­sta­tion or even tem­por­ary access to your net­work by your part­ners and con­sult­ants.

Applicative Audit

Per­form an in-depth ana­lys­is of an applic­a­tion by not only assess­ing its res­ist­ance towards unau­thentic­ated attack­ers, but also towards legit­im­ate users by ana­lys­ing wheth­er access con­trol mech­an­isms are prop­erly setup to pre­vent priv­ilege escal­a­tion and unau­thor­ised data access.

Social engineering

Assess your employ­ees' aware­ness towards online social threats such as spear-phish­ing and social engin­eer­ing by sim­u­lat­ing these types of attacks in a con­trolled envir­on­ment. These tests can take the shape of gen­er­ic spam emails or more tar­geted and tailored attacks against your com­pany.

Red Team Audit

By com­bin­ing social and tech­nic­al attacks and redu­cing the gen­er­al lim­its imposed on pen­et­ra­tion test­ers, a red team attack is the closest type of attack to cur­rent real world threats. This type of attack also provides a real­ist­ic way of assess­ing wheth­er your detec­tion cap­ab­il­it­ies are up to par and wheth­er you would be able to detect­ing and respond­ing to a real intru­sion.

Audit Purple Team

Dur­ing a purple team audit, SCRT engin­eers and your company's blue team work hand-in-hand in order to dis­cov­er and exploit weak­nesses with­in your infra­struc­ture, all the while ana­lys­ing wheth­er your detec­tion mech­an­isms are able to spot the vari­ous attempts, wheth­er they are suc­cess­ful or not.

Defence

Support and maintenance

SCRT provides assist­ance ser­vices on the whole range of products for which it is a part­ner.

Dis­cov­er our part­ners

Securing architectures

We help you design and/​or plan your inform­a­tion sys­tem in a secure way while tak­ing into account your spe­cif­ic con­straints.

Vulnerability scan

Reg­u­larly track vul­ner­ab­il­it­ies impact­ing your inform­a­tion sys­tem. Our insights allow you to pri­or­it­ize remedi­ation for crit­ic­al find­ings.

Investigation

IRFA : Incident Response & Forensics Analysis

A secur­ity incid­ent is the source of stress­ful situ­ations in which the teams of the com­pany con­cerned must make quick and pre­cise decisions. With IRFA, SCRT sup­ports you by con­sid­er­ing the risk of an event and set­ting up a mech­an­ism to deal with it. We provide the assist­ance of qual­i­fied and spe­cial­ized engin­eers in known response times on pre-estab­lished con­di­tions.

Mobile devices

Mobile devices ARE ubitu­it­ous in enter­prise envir­on­ments. If there is a sus­pi­cion of hack­ing or com­prom­ise, SCRT can test your devices to assess their integ­rity and uncov­er any traces of mali­cious activ­ity.

Reverse engineering

Thanks to its unique exper­i­ence, SCRT is able to ana­lyze unknown strains of mal­ware to identi­fy their key ele­ments, such as their beha­viour and some­times encryp­tion keys. SCRT can also put their reverse engin­eer­ing skills in use to assess the secur­ity level of com­piled applic­a­tions, wheth­er they be writ­ten for Win­dows, Linux, Android or iOS.

SCRT Security Apps for Splunk

Maintained by SCRT Security experts

Main­tained and upgraded by SCRT secur­ity experts, these secur­ity-cent­ric Splunk applic­a­tions provide a set of rel­ev­ant and effect­ive dash­boards and use cases.

Robust Splunk Applications

Thanks to our efforts and our invest­ment over time, SCRT has developed robust applic­a­tions that include ser­vices such as policy col­lec­tion for Win­dows and Linux, log optim­iz­a­tion and ded­ic­ated dash­boards.

Add SIEM to Splunk

SCRT enhances SIEM Splunk cap­ab­il­it­ies with the devel­op­ment of Secur­ity-Focused Splunk Applic­a­tions

This means

Fol­low-up on-site meet­ings

Alerts

Spe­cif­ic IoCs made avail­able on your SIEM instance

Spe­cif­ic use-case cov­er­age

Tech­nic­al reviews on prin­cip­al mal­ware

ISO 27001 accompaniment

Inform­a­tion is vital today for any organ­iz­a­tion and a lack of adequate pro­tec­tion of its con­fid­en­ti­al­ity, integ­rity and avail­ab­il­ity will have sig­ni­fic­ant impacts. Giv­en the increas­ing com­plex­ity of inform­a­tion sys­tems and the threats that sur­round them, a struc­tured approach to provid­ing know­ledge and man­aging secur­ity is essen­tial.

The imple­ment­a­tion of ISO 27001 requires the estab­lish­ment and oper­a­tion of an Inform­a­tion Secur­ity Man­age­ment Sys­tem (ISMS) provid­ing a pro­cess frame­work for the imple­ment­a­tion of com­pli­ant IT secur­ity. cul­tur­al and oper­a­tion­al aspects of the busi­ness.

Identi­fy com­pli­ance require­ments (leg­al, con­trac­tu­al, reg­u­lat­ory)

Reduces inform­a­tion secur­ity risks

Cost reduc­tion through risk-based secur­ity man­age­ment

Reduces the like­li­hood and impacts of secur­ity incid­ents

Struc­tured and coher­ent approach

Com­pre­hens­ive risk assess­ment

Meas­ur­able and demon­strable safety

Iter­at­ive Pro­cess

Com­pet­it­ive advant­age

Due dili­gence

Inter­na­tion­al Stand­ard

Give vis­ib­il­ity to sup­pli­ers and cus­tom­ers

Plan
Do
Check
Act

Plan

Get man­age­ment sup­port

Identi­fy the object­ives of the com­pany

Define the ISMS peri­met­er

Estab­lish ISMS policies, pro­ced­ures and key per­form­ance indic­at­ors

Estab­lish the risk assess­ment meth­od­o­logy

Do

Man­age risks and cre­ate a treat­ment plan

Imple­ment and use ISMS policies and pro­ced­ures

Alloc­ate resources

Check

Mon­it­or the ISMS imple­ment­a­tion

Mon­it­or KPI

Intern­al Audit

Cre­ation of super­vi­sion reports

Act

Peri­od­ic re-eval­u­ation

Take cor­rect­ive and pre­vent­ive meas­ures