Technical security audits

How we can help you identify and assess cyber risks to your information system?

Your information system is under daily threat from risks of unauthorised access and potential vulnerabilities. Your organisation must manage:

•    Technical challenges
•    Human challenges (lack of human resources or skills)
•    Organisational challenges
•    Regulatory and normative challenges.

Our independent security audits simulate cyberattacks, and sometimes attempt to carry them out, to detect potential vulnerabilities so they can be fixed before cyberattackers take advantage of them. Based on the results of these audits, we recommend the best ways to help our customers strengthen their security.

Our audit activities focus on:

• Penetration tests.
• Configuration reviews.
• DevSecOps.
• Red Teaming.

Our experts will assess your entire system's security and can tailor their assessment to the major risks facing your specific business or sector. 
We can assess a wide array of information systems (LAN, WAN, industrial systems, SOC, etc.) and a variety of technologies (IT, OT, IOT, mobile, cloud). 

All our services include: 

• A comprehensive final report listing the vulnerabilities identified, their level of criticality and how they could be exploited, and clear guidance on recommended protective measures. 
• Easily actionable guidelines for everyone on your team, from management to operational staff, and support in implementing remedial measures.

Our experts cover all the major regions of the world, working closely with your local staff to understand the specific security context in each country.

Penetration testing

Penetration testing is used to identify and assess weaknesses in component hardening, operating systems and applications that could enable cyberattackers to take control of your information systems and your data. 
Our audits consist of four main steps: 

• Reconnaissance
• Mapping
• Operation
• Post-operation.

We develop our own testing tools for each step, using open-source software and scripts designed for each particular technology.

Configuration reviews

Configuration reviews cover system components, operating systems and applications to provide more in-depth analysis and a comprehensive overview of the level of hardening and protection of your systems. The reviews can be based on recognised benchmarks (CIS, ANSSI, etc.) and standards (NIST, etc.), or on your own security rules. 

The control points concern in particular:

• The security of user access (password policies, data access rights, account profiles, etc.).
• The security of the operating systems, applications and services installed and their level of updating.
• The robustness of the means of administration and the level of supervision put in place.

DevSecOps

We help you develop DevSecOps methods to improve applications security and reduce risks while optimising the cost of security management and ensuring compliance with release deadlines. 

With our incremental, quantifiable approach to the transformation of your development methods, security is incorporated into the three dimensions of DevOps – human, processes and technologies – throughout the life cycle of an application, from initial security-by-design to post-release security management.

Red Team assessments

Red Team assessments go beyond penetration testing to evaluate your capacity to protect your information systems and the level of cyber risk awareness of your employees. Red Team assessments can test your level of physical and software protection against attacks on:

• Buildings, offices and technical facilities
• Physical components
• Operating systems and applications
• User software (for phishing attacks).

We use techniques such as social engineering and open-source intelligence to prepare our attacks, which use a combination of different techniques, tactics and procedures developed specifically for your company's sector or type of business.

Our Red Team assessments evaluate: 

• Your SOC team's ability to detect our intrusions
• The robustness of your physical safeguards
• The effectiveness of your employee cyber risk awareness measures.