Advanced professional services for information security in the civilian field
CYBER INTELLIGENCE & DEFENSE
Information is an asset that adds value to an organization while security solutions represent more and more a new way to enrich the relationship between business process and technology. Decisions and security strategies must not be perceived as an obligation but as an investment, the protection of confidential data from theft or destruction takes an organization to increase its competitiveness and to successfully protect “confidential” data such as those of its customers, innovation of new products, Market strategies and others. Security helps protect company image.
The continuous commitment of STE Cyber Division in identifying new security technologies and methodologies, provides the highest levels of quality to its costumers and the best solutions for information security and ICT infrastructure, through a consultative “holistic” approach: logical, physical, organizational and legal.
STE Cyber Division can rely on research laboratories both in Italy and abroad thanks to strategic partnerships with specialized companies. In order to bring forward its technological excellence, it collaborates with leading Italian universities investing in innovation both directly and through national and EU funding. Researchers at Cyber Division design and develop technology solutions, both hardware and software, in order to meet the market’s growing expectations in terms of reliability and quick access to increasingly innovative services.
Combining innovation capacity with experience, STE guides the security information process through the development of products and solutions that are highly competitive, reliable, efficient and open to integration with the ICT world.
PENETRATION TEST (PT)
In the era of new threats and new cybercrime, the awareness of being equipped with the most advanced security systems is no longer sufficient. There’s the constant need to review the security of ICT architecture, practically verifying its response capacity and its degree of penetrability. For companies and organizations of all sizes the Penetration Test (PT) is crucial. Regardless of compliance regulations and concerns of corporate responsibility or network efficiency, PTs are key for business security since they identify vulnerabilities, validate existing controls and provide a roadmap of suggestions to apply.
The Penetration Test service offered by STE is divided into five categories:
- Infrastructural PT for Information Systems (client, server, mainframe, etc.. )
- Infrastructural PT for Data Networks (wiring, router, firewall, wireless networks, etc.. )
- Applicative PT (application software, DBMS, CRM, ERP, APP, etc.. )
- Procedural PT (organizational processes of information and workflows, for example adequacy of the internal rules on the use of IT business)
- PT for HW Devices (Hardware devices, OEM, Embedded, etc.. )
Each type of Penetration Testing can be carried out in three ways:
- Black Box: activities take place without any knowledge of the infrastructure under analysis, examiners need to determine systems’ architecture and services before starting the analysis, while analysis actions are carried out in complete autonomy.
- White Box: detailed knowledge of the infrastructure to be tested is provided by the customer (for example network diagrams, IP addresses, etc.) and activities are agreed and conducted accordingly to the technical and managerial staff of the customer.
- Grey Box: partial information is provided to examiners and/or only part of the customer’s organization is aware and cooperating with the activities of analysis.
The results of a PT are summarized and commented in Pen-Test Reports manufactured by the Cyber Division at the end of each analysis, with information regarding:
- Internal vulnerabilities of the system and recommendations for countermeasures (Remediation);
- External vulnerabilities of the system and recommendations for countermeasures (Remediation);
- Applicative vulnerabilities and recommendations for countermeasures (Remediation);
- Organizational vulnerability and recommendations for countermeasures (Remediation);
- HW vulnerability and recommendations for countermeasures (Remediation);
The combination of results from Infrastructural, Applicative and Procedural PT offers the customer a detailed and comprehensive picture of the current security level of his ICT system, showing possible directions to be taken in order to mitigate any problem.
VULNERABILITY ASSESSMENT (VA)
As opposed to the PT which goes deep (depth thirst), the Vulnerability Assessment (VA) is carried out according to a “breadth first” logic i.e. in amplitude once it detected one or more vulnerabilities. It aims at investigating any evidence of critical issues uncovered during a PT or already known by the customer and make an extensive analysis, including all the necessary activities for the elimination or reduction of these critical issues. The methodology to perform VA services is made up of two types of interventions:
- Analysis of critical issues: activities to contextualize the real and probable level of risk for “Mission Critical” ASSETS, be they business related or linked to the fulfillment of the mandatory regulations. The final purpose of the activity is to get a “map” of the systems that host critical information and a project and operational plan for the safety of the customer’s ICT system through specific technical activities, redefinition of internal regulations, and/or design of new solutions (migration of obsolescent systems, implementation of new solutions Hw/Sw).
- Technical activities: the execution of all technical/system activities required and necessary for the elimination or reduction of any critical issue. Technical activities include:
- Network Assessment (analysis of network traffic in order to detect anomalies and “bottlenecks ” due to e.g. misconfiguration of equipment, technological obsolescence, etc)
- Systems Hardening (patch update on operating systems and applications, verification of used services, proper configuration of domain and users policy, etc)
- Hw/Sw Installation-Configuration (installation and configuration of new systems and necessary solutions to adjust the level of security required)
When combined with the service of Penetration-Testing, the report resulting from the VA produces an accurate analysis of the level of security (logical, physical, organizational and legal) of the client’s organization. The report contains a detailed picture of the current state of the organization, highlighting critical issues, remedies, containment and any project proposals in order to implement security levels of the client. The document is divided into two parts, the first written and designed for the Governing Body, where the results are described in a non-technical language and with the support of summary figures and where are also analyzed matters concerning the evaluations of risk, probabilities and any ROI remediation. In the second part, reserved for the leaders and ICT technicians, all critical issues are described, as well as methods and tools used to detect them, together with the technical/organizational activities necessary for their removal/containment.
Proper management of the security level of an organization or its achievement through PT and VA activities, while minimizing the risks may sometimes require additional measures aiming, today more than ever, at avoiding and/or slowing down any hostile activity. In the last few years, the perception of threats in cyberspace has considerably changed becoming more acute. Nowadays cyberthreats and cyber-defense are not simply marginal phenomena anymore or even exaggerations, they involve all areas of modern society oriented towards the digital world. The implementation of services and solutions for cyber defense are becoming necessity not only for governments and military structures, as it used to be until a few years ago, but also for companies and individuals.
Over the years STE Cyber Division has developed a great experience in the government/military field on the defense of cyberspace and is now also able to offer corporate and private clients adequate solutions to current and emerging threats. A line of solutions specifically designed and developed for the civilians is BlackHOLE.
BlackHOLE: a solution able to accomplish Honey-pot and Honey-net systems in order to avoid hostile attacks both from the outside or the inside (in case of geographically distributed multinationals). Honey-pots are programs that emulate operating systems and services (computers, servers, network services) that respond similarly to a real system while being devoid of any data and content, on the contrary the more the attacker will try to get into these systems the more information about him will be recorded. A Honey-net is a network of high-interaction Honey-pots simulating a production network, configured to monitor, record, and partly regulate every internal activity. Thanks to this solution, it is possible to emulate web servers, operating systems, network services, applications, etc., customizing them according to each costumer’s personal characteristics, their easy display attracts the attention of attackers who get focused on these systems and “lost” in the meanders of a virtual and completely false world. The service is implemented and customized non-invasively in the user’s ICT system, and the collected data on hostile activities can be saved in reports for subsequent investigative analysis.
Cyber-Intelligence is an analysis of the raw data available on the network processed to provide information and knowledge on possible existing or emerging threats and/or vital information for business, in order to support the decision-making process. Cyber-intelligence is not a single service, but rather a set of long-term activities in order to increase the client’s defenses protecting the business growth. From the experience gained within the government/military field STE has reviewed and selected the best analytical platforms for cyber-intelligence to achieve an optimal application in the civilian field.
HIWIRE is the Cyber Intelligence platform optimized for civilian use, the customer can easily and intuitively perform real-time analysis and set alarms and alerts if certain contents of specific interest are identified by the platform. The areas of application HIWIRE can be of different kinds:
- Onlinesearch of sensitive business information: the costumer is able to search and start reporting about the possibility that confidential information of his/her organization might be found on the Net (i.e., credit cards, confidential documents, etc) both on the Web and on Darknet. HIWIRE not only looks for the aforementioned information, but is also potentially able to trace the sender (i.e., in case of dishonest employees) and to correlate profiles, posts and aliases in all Web’s areas.
- Sentiment analysis tool: The customer is able to carry out market analysis of his products and those of his/her competitors, to verify the “sentiment“: the kind of users’ comments (positive, negative, neutral, etc) through Social Network, forum… analysis (Facebook, Twitter, ASK, etc) and identify the opinion leaders of a certain topic and their level of popularity.
- Information monitoring: The customer is able to select topics for his/her own interests and monitor, correlate and elaborate complex statistics and reports in real time (i.e. newspapers wanting realtime updates on a particular piece of information from all network sources selected) from any selected internet source.
DIGITAL INVESTIGATION & COMPUTER FORENSICS
Digital Investigation Service and Forensic support in information technology. STE Cyber division is able to operate digital investigations privately and in the forensic field both as a technical consultant ( CTP ) as well as in the office of the judicial police activities (CTP). Activities in the field of industrial espionage and finding evidence of any illegal activities performed on the ICT systems of the injured party are carried out with advanced searching tools through a standard well-defined investigative methodology.
In the digital investigation field the following activities are carried out:
- Analysis of the organization’s communications;
- Monitoring and backtracking activities;
- Computers, Smartphones and Mobile devices reclamation from spy-wares;
- Environmental reclamation of bugs;
- Providing protection activities for the security and confidentiality of business communications and information.
In the forensic investigation field the following activities are carried out:
- Obtaining evidence;
- “Bitstream” copy of digital memories;
- Setting up chain of custody;
- Analysis and recovery of digital evidence;
- Analysis of recovered data;
- Drafting of final Report;
- Legal support in CTP activities;
- Data Recovery in case of damaged storage devices.
ADVANCED TRAININGON SECURITY OF ICTINFRASTRUCTURES
The advanced training on security of ICT infrastructures is an intensive course specifically designed to prepare the technical staff to prevent, contain and mitigate new computer threats. The course is thought for those who already possess mid-level technical knowledge (knowledge of the network main protocol, basic knowledge of Windows and Linux operating systems, basics in programming and basic knowledge of major ICT technologies such as VOIP, virtualization, etc). The training will alternate theory to many practical workshops where simulations of attack and defense will be carried out, strategies will be implemented and different security technologies will be used in order to assess capacity and operational limits. The course will be held by trainers with over 20 years of experience in ICT Security, certified ethical hackers who will carry out “hands on” activities together with the participants to pass on their experience learned directly in the field.