prevention services

vulnerability handling

Once the Vulnerability has been discovered is mandatory review periodically the state of it. In this service, we will follow the life of the vulnerability in order to check the mitigation on it and check the correct solution. For this, we have one application where we add the assets and their vulnerabilities and assign a state to each one.

security audits / assessments

Our security audit services are divided in three groups:

pentesting

We provide pentesting audits taking different approaches to better simulate the actions that a real attacker would do, helping organizations to identify weaknesses and areas of improvement:

SDLC security

Providing support throughout the whole software lifecycle to ensure that security measures are adequately defined in all areas. Main covered areas include audits that can also be provided separately:

system / tool hardening

Analysis of existing configurations in different devices with the goal of detecting any vulnerabilities that expose the device and the organization as a whole. Security baselines, bastion host guides and training are recommended. There is no use of sophisticated protection systems to defend our network if we forget to bastion and configure correctly our systems, whether servers, network elements or any other device punched in the network, either internal or external (Internet). At everis, we use both our knowledge and that provided by important international associations that seek security in each of the different elements of network and infrastructure as critical as banking or military corporations.
Configuring a device securely requires, on the one hand, a great knowledge of the technology to be configured, and on the other hand information security skills. It is therefore a delicate task and must be applied within recognized safety bases.

security architecture

The initial development of an application must have the security design and comply with the security requirements established.