EVOLUTIVE AUDIT2017-10-26T10:23:16+00:00

 

EVOLUTIVE AUDIT

WHAT DEFINES EVOLUTIVE AUDIT

EVOLUTIVE AUDIT SERVICES

Evolutive Audit services provide a real and permanent image of an organization’s Security Status.

Evolutive Audit services are drawn from MNEMO’s intelligent SOC. They provide a detailed report on an organization’s level of security and vulnerability.

There are several types and degrees of audit, from an Ethical Hacking-specific audit to the deployment of attack teams (Red Team) with intelligence engines belonging to a process of continuous evolution for security’s development.

COMPLETE AUDITING CYCLE

Evolutive Audit projects contemplate various phases within a recurrent development process.

An initial phase of Infrastructure Analysis moves on to a Corporate Vulnerability Discovery and Verification to establish a development stage before going through a complete audit cycle in the Security Evolution and Security Development phases

ORIGINAL METHODOLOGY: MAVERIC©

Objective: to deliver organizations a meticulous Security Status Reports upon which a process of permanent evolution according to ongoing development

The tests carried out by security teams meet the standards established by MNEMO’s methodology, based on OSSTMM and OWASP.

MAVERIC© is the methodology conceived from the experience we’ve acquired from executing audit projects over the last 10 years.

This methodology allows us to obtain objective assessments of vulnerabilities based on CVSS v3 calculations and run through a rating system independent from manufacturers

MNEMO sets in motion the permanent processes for the evolution of corporate security, by conducting audits, implementing corrective measures and monitoring the level of maturity.

SERVICES OFFERED BY EVOLUTIVE AUDIT

CORPORATE INTELLIGENCE

  • Code: Static, dynamic and in-transit, on multiple platforms and languages.
  • Infrastructures: Networks, Data Centers…
  • Wireless systems: Wi-fi, satellite, telecomms, radio, proprietary protocols.
  • Malware: advanced inverse engineering.
  • Electronic devices: IoT, mobile phones, drones, cars, GPS…
  • Critical Infrastructure: PLCs, RTUs, proprietary protocols…

“Wireless systems: Wifi, satellite, telcomms, radio, propriety protocols.”

EVOLUTIVE MODEL BY PHASES

Our first phase carries out an initial infrastructure monitoring and integrity revision. In phase two we seek and verify active and passive vulnerabilities.

We subsequently execute the exploitation, laterality and amplification of attacks on infrastructure so as to establish a development level for security and milestones to be reached before moving on to the next level during a fourth phase.

Finally, we emit a Report with countermeasures and proposed actions to achieve set milestones, reevaluate the level of development and detect new attack vectors.

“Countermeasures and proposed action Reports.”

MNEMO RED TEAM

Team consisting of two sub-teams: Alpha and Omega, working together in a coordinated, superimposed fashion.

Alpha team identifies every conceivable vulnerability available in order to exploit them and construct test scenarios. Omega team receives information from Alpha team and executes an attack pattern and exploitation of vulnerabilities.

Feedback is returned to Alpha team with any new objectives found during the attack.

“Team consisting of two sub-teams: Alpha and Omega, working together in a coordinated, superimposed fashion.”

EXTERNAL EVOLUTIONARY AUDIT ARKADIA

Arkadia is a service that audits the safety, privacy and confidentiality of websites, web services, and apps and establishes a value for the maturity and evolution of security.

Through a web application, our clients can observe the periodic testing of their infrastructure and obtain a report with all its found vulnerabilities, their criticality and their description.

Clients are equally privy to information on their organization’s current level of maturity, identifying measures needed to move on to the next level.

“Our clients can observe the periodic testing of their infrastructure and obtain a report with all its found vulnerabilities”

EVOLUTIVE AUDIT INTERNAL SENTINEL

Service where the integrity of our clients’ infrastructure’s systems and software are controlled.

Continuous analysis of internal infrastructure by various discovery methods identify any unauthorized passive or active devices and any anomalous activity in those authorized.

The entire infrastructure is validated against an SOC Intelligent Database with every known vulnerability or exploit to create a Degree of Threat Exposure Report.

“Various discovery methods identify any unauthorized passive or active devices and any anomalous activity”

MORE INFO

CONTACT

LET´S TALK

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.plugin cookies

ACEPTAR
Aviso de cookies