Blog

Ethical Hacking

 

Ethical Hacking

Gathering intelligence about the organisation, detection of sensitive positions and mapping of external access infrastructure. The gathering can also include active social engineering and in-depth data gathering.

Determination of the attack vector that includes the mail systems; vaults; VPN; web applications; or even users who have the ability to switch between home networks and the organisation’s network. This phase also focuses on technical testing of the vector; sandbox evasion, etc.

Call Us On +442032861927

Call Us On +442032861927

Read more...

Social Engineering

 

 

Social Engineering

Alongside advanced technology and the development of computer and network systems, human resources remain the most important and influential force in the world we live in.

Looking at the business world, it is easy to see that human creativity is an irreplaceable asset in the success of an organisation, but creativity is fraught with many dangers.  In addition to threats from outside the organisation,  there are those who work toward personal gain at the expense of success, stability and survival of the organisation.

There are various ways and methods used by malicious entities for obtaining information and other resources from your organisation. Among these ways can identify two main trends:

  • Exploiting weaknesses in information systems / computer systems / organisational communications.
  • Exploiting the weakness of the human factor in the organisation to reach a desired resource.
  • Identifying the human element as one of the weak links in the organisational chain, and as vulnerable and exposed to more manipulations than any infrastructure or system, increases the need to deal with the issue extensively at all levels of social engineering.

Cyber360 has established an operational training unit on social engineering, which is operated by employees with experience in different units.  We perform social engineering activities, including setting up the methodology, staffing and treatment chain of these events.  The activities include intelligence gathering from various means, building fraud schemes according to the outline given to customers, or prepared according to a  scenario developed by the company (Custom Attack Scenarios).

We set up Phishing fraud attempts, physical impersonation and attempts to infiltrate physical protection controls, identifying a specific target that we have gathered information on through visible means and others, going as far as attempts to insert malicious code to those organisations using the same targets. 

At Cyber360 we emphasise attention to detail, and the construction of reliable simulated attacks both at an advanced technical level and at the level of social engineering itself. These goals are achieved through a deep familiarity with the means of obtaining information and reconnaissance capabilities built over the years.

 

 

Call Us On +442032861927
Request Call back 
Read more...

Phishing Campaign

 

 

Phishing Campaign

Phishing is an attempt of a foreign entity pretending to be a legitimate entity, extracting sensitive information such as passwords, usernames or financial data.

Phishing is usually performed through an impostor sending messages or e-mails under the name of someone familiar, by sending a link with leads to a fake site where the user is required to enter a user name and password and other sensitive data.

Cyber360 provides a Phishing service in order to raise awareness among the organisation employees and to thereby reduce events of sensitive information leakage. Depending on organisation’s needs, the service can be provided once or on a periodic basis, and can be target-focused or widespread.

Cyber360 will provide a presentation that summaries the activities and includes examples, screenshots and more. In addition, the customer can get statistics and a full mapping of workers’ actions to help them to improve in the future and to assess the success of the campaign.

 

 Call on +442032861927 
        Request Call back       
Read more...

In-House Security Center

Security Operations Center

 

 

In-House Security Center

 

At the heart of the SOC is the near real-time monitoring team, analyzing the security events and managing the security posture. Cyber360  SOC consultants are deployed in a number of different ways to meet the client requirements, either as contractors or to supplement Full Time Employees (FTE). The following are a few examples of how clients currently utilize our staff:

  • Manpower substitution to the end client (either unbranded or Cyber360  branded).
  • Manpower substitution to a service delivery client (branded as the service delivery client).
  • 24-7 shift working junior analysts, with the client managing the team and day staff.
  • On-call expert escalation to support client staff when incidents occur.
  • On-call temporary staff to fill-in for vacation etc., of client staff (reducing FTE head-count).
  • Entire SOC team in-sourced to the client site.
  • Architecture only, designing a networks monitoring capability.
  • Management only, using Cyber360 capability to manage and train client FTE’s.
  • Advanced Analysts to support clients’ existing team.

Cyber360’s experienced, professional recruitment staff will be at your disposal to recruit and provide qualified permanent staff for your SOC.

 

 Call on +442032861927 
        Request Call back       
Read more...

Code Review

 

Code Review

 
 
Application code review enables us to review and find the information security deficiencies in a comprehensive and accurate manner. By reviewing the code of functions and objects, Cyber360’s experts can identify information security deficiencies and locate problems that are more difficult to identify when carrying out regular penetration tests. Cyber360’s experts have performed a large number of code reviews in Web environments, mobile device applications, server/client applications, Gateway applications, etc…

 

 

 Call on +442032861927 
        Request Call back       

 

Read more...

Hardening

 

 

Hardening

 

Cyber360 tests the level of hardening of servers and services in accordance with the global standard and the experience gained from the company. The examination involves the hardening of operating systems (Win, Linux, etc.) and several other utilities such as web, terminal, and other system applications. The service also includes validating the organisation’s hardening documentation

 

 

 Call on +442032861927 
        Request Call back       
Read more...

Info Security Consulting

 

 

Info Security Consulting

 

Cyber360 offers a Security consulting service that provides professional support with a deep knowledge of security architecture.  We can advise you of the right solutions for your information security and help you develop information security guidelines and policies for your organisation.  We can propose comprehensive security solutions, and assist you in writing RFPs to meet your organisation’s information security needs.

 

 

 Call on +442032861927 
        Request Call back       
Read more...

Cyber Readiness Inspection

 

 

Cyber Readiness Inspection

 

The growing sophistication of Cyber attackers and the increasing reliance on the Internet as a form of communication and service delivery necessitates that organisations plan ongoing active protection of their environment from Cyber attackers.

Organisations increasingly require insight on how to develop resilience, which requires the combination of a security controls framework and an incident response capability.

Resilience audits and maturity mapping provide a basis for evaluating your current situation and creating a road map for future development toward a higher state of readiness & resilience.

Cyber360 has developed a cyber-security readiness program which aims at ensuring organisations have the appropriate technological and methodologies to mitigate the risk of cyber-attacks and lower the possible impact of such attacks.

Cyber360 tested approach to conducting a Cyber Security Readiness will provide an in-depth analysis of the overall readiness state of the organisation and will involve:

  • Developing a threat map for your organisation, detailing threat agents, motivations and capabilities.
  • Mapping your organisation’s critical assets, channels, services and critical components.
  • Developing threat scenarios modelled on advanced threat vectors relevant specifically to your organisation’s portfolio and providers. The scenarios will be developed from the identified mapped threats and your organisation’s critical components.
  • Using Cyber360 Readiness Control Framework to perform a gap analysis to detect the ability and maturity of your organisational controls to respond to each of the relevant cyber security domains.
  • Providing your organisation with an overview of its Cyber Security readiness posture and initial recommendations and a road map to close the major gaps detected.

 

 

 Call on +442032861927 
        Request Call back       
Read more...

Risk Assessment

 

 

 

Risk Assessment

 

An information security Risk Assessment is a complex examination mechanism that encompasses all the aspects that come into direct or indirect contact with the organisation’s information systems. Within the framework of the assessment, the organisation’s information systems are mapped to an abstract level, at which it is easier to examine their different components and grade the level of risk derived from all the systems.

Numerous risks may affect the organisation’s information assets, such as flawed allocation of authorisations to employees in various departments; information leakage among departments; lack of compartmentalisation; deficient password management; uncoordinated information availability; recovery following a disaster; and erroneous firewall definitions.

The risks are determined in accordance with the level of importance of the organisation’s assets; therefore the performance of the assessment is subject to the cooperation of its various departments. By mapping and assessing the risks, it is possible to arrive at an organised plan according to which penetration tests will be carried out on the systems, based on their importance to the organisation.

 

 

 Call on +442032861927 
        Request Call back       
Read more...

Vulnerability Assessment

 

 

Vulnerability Assessment

 

Cyber360 Vulnerability Assessment Services provide comprehensive network vulnerability assessment for measuring network security risks. Scanning network devices including firewalls, routers, switches, servers, workstations, printers and print servers.

These tests identify and locate vulnerabilities, categorise them by severity and provide detailed reports with standard vulnerability elimination procedures. Our experienced team of security engineers also works to identify false positives.

 

 

 Call on +442032861927 
        Request Call back       
Read more...