Auditing and Consulting

We audit the technological infrastructure at all levels and develop projects to improve your productivity and efficiency by adapting to your real needs, focusing on the security and integrity of your information and ensuring the continuity of your business.

Through these services we provide your organization with an accurate view of your cybersecurity status, analyzing the maturity of your information security master plan, and identifying gaps, weaknesses and opportunities for improvement.

External auditing

By simulating an attack from the Internet with malicious objectives we will assess the security of your business’s external network.

Internal auditing

We carry out an analysis to detect vulnerabilities from internal incidents, derived from employees or from external persons with access permits to the company’s systems.

Likewise, we verify the servers, cabins, firewalls and other equipment of your technological platform.

Perimeter auditing

We detect the vulnerabilities of the organization’s computer systems through physical access to the company’s internal network, in areas open to the external public and through wireless communication systems.

Red Team. Attack Strategy

Penetration Testing

Our team will carry out controlled attacks on your company with previously defined objectives, always under a confidentiality contract.

We will design the customized intrusion plan and represent a real threat until we reach the established goal, which is to get to your company’s sensitive information, just as a cybercriminal would.

At the end of the procedure, we will show you the damage that an intruder could infringe on your systems and we will deliver a set of result reports with recommendations to minimize risks, comply with legal regulations and avoid possible financial losses associated with cyber-attacks.

We carry out the following types of pen testing:

Network Services
Web application
Client Side
Remote Access Security
Social Engineering
Physical Security
Stress Testing

We assess the stability of your technological infrastructure and its components by testing them beyond normal operating capacity with the use of special tools.

There are different ways of running these intrusion tests to uncover vulnerabilities and they mainly differ in the amount of information we have on the company before doing the tests:

White Box Testing

The client provides essential documentation and information to the tester regarding the objectives.

Black Box Testing

The attack is prepared with only the client’s information which is publicly accessible.

Gray Box Testing

It is a mix between White Box testing and Black Box Testing where the tester only has partial knowledge of the company’s internal workings.

The Blue Team. Defense Strategy.

Our security team analyzes the effectiveness of security policies and measures deployed in your organization. The execution of these types of projects is included in a long-term plan that comprises defensive and offensive techniques.

Cloud Security

Cloud computing allows organizations to operate at scale, reduce technology costs and use agile systems that give them the competitive edge. However, it is essential that organizations have complete confidence in their cloud computing security and that all data, systems and applications are protected from data theft, leakage, corruption and deletion.

We design, deploy, verify, protect and monitor your cloud environment in real time, with all the tools and functionalities available.

External Security

We implement mechanisms that guarantee the authentication, confidentiality and integrity of the data during the communication that is established between the main data processing center and the remote devices or headquarters, defining security policies and user profiles.

We protect internal accesses which can be accessed from the outside.

Perimeter Security

We implement and establish the security rules of special solutions to control incoming network traffic, scanning it to detect and block possible attacks. We do this through the application of:

  • Hardware and software firewalls which prevent identity theft, malware, online fraud and other cyber-attacks that can come from the internet.
  • Intrusion detection systems (IDS) to quickly warn your system administrators about suspicious activities within your network.
  • Intrusion prevention systems (IPS) to block attacks before they become serious security problems.
  • Data Loss Prevention Systems (DLP) to prevent critical company information from being leaked out of your network due to reckless user behavior.

Internal Security

We design the architecture of your network and its internal environment to provide it with a robust and secure configuration. We also handle the deployment of the project, both physically and logically. We monitor secure networks and environments in real time.

Protection from DDoS attacks

Through distributed denial-of-service (DDos) attacks, attackers send multiple requests from various points in the network to generate an attack and overload the target system. We will protect your network by preventing interruptions due to anomalous flows of malicious traffic, keeping the components of your computing environment in a state of high availability, and quickly analyzing the incidents that may occur in order to adjust security policies in the face of future attacks.

Vulnerability Assessment and Patch Management

A vulnerability assessment (or analysis) is a service through which software weaknesses or strengths are checked in the face of the known threats on the day of the evaluation for both external elements (SAAS Services , Cloud Computing Services, BYOD Services, unauthorized users, sniffers, robots, etc.) and internal elements (users, deployed systems, workstations, mobile devices, operating systems, etc.)

We assess and classify your company’s security vulnerabilities and offer you a thorough and detailed analysis of each finding indicating those that are most likely to be exploited, so that they can be corrected or mitigated before they can give rise to a breach.

Code and Application Security

We carry out code audits following the OWASP Code Review Guide, statically or dynamically, that allow us to detect and mitigate security flaws in the source code and to establish good programming practices in order to help you preserve locally or remotely-stored corporate data.

Network Monitoring

The network is one of the most important elements of organizations, so it is increasingly necessary to have a monitoring system capable of supervising networks and to provide information regarding their status in real time. We will ensure that they remain in good condition, functioning as required 100% of the time.

With an adequate network monitoring system you will get advantages such as:

 

  • Optimization of the installation and its components. Not only can we see at a glance the global picture of your installation, but we can also know when you will need more hardware and when it will be oversized.
  • Detection of bottlenecks in your networks and determination of the cause to solve them.
  • Anticipation of problems and preventing problems from increasing.
  • Detection of intrusive or malicious traffic.
  • Log generation and analysis of the performance of your installation over time, being able to detect problems and associate them with the modifications made in the network.

SIEM (Security Information and Event Management)

Our experts will help you select the SIEM that suits your organization best and they will accompany you in the process of design, deployment and integration of the tool with the different elements and services of its technological environment, as well as in the monitoring and analysis of the results that it produces in real time.

Security Operations Center (SOC)

We have a24/7 SOC through which we increase the capacity for surveillance and threat detection in your organization. We monitor your systems and accesses in real time, verifying internal, external and perimeter security, and we respond in the shortest possible time to technological incidents that may arise, in order to avoid the interruption of your business or possible loss of data.

*You must accept the privacy policy to send the message


Contact us

If you have a project in mind, we’d love to hear about it. Please fill in the following form and we will contact you as soon as possible.

 

Las Palmas de G.C. – España

C/ Juan Rejón, 67, Planta 6, Ofic.1 – 35008 Las Palmas de Gran Canaria
+34 928 234 319

Heidelberg – Alemania

Waldhofer Str. 17,69123 Heidelberg/Wieblingen
+49 209 1772-284

Gelsenkirchen – Alemania

Am Bugapark 60, 45899 Gelsenkirchen
+49 209 1772-0

edataconsulting logo