Penta Security Solutions covers in different ways the organization´s needs on Information Security, and Information Technology.

PROFESSIONAL SERVICES

  • Definition of process management systems
  • Development, redesign, implementation and process improvement
  • Evaluation / Audit processes (ISO 27.001)
  • Assistance in project management
  • Strategic control boards or processes
  • Applicative security assessment
  • Technological risk analysis
  • Assessment of compliance and legislation
  • Securing platforms
  • Iinternal and external intrusion test (Ethical Hacking)
  • Adaptation to the law on protection of personal data
  • Computer audits
  • Technology management models based on ITIL V2, V3 and COBIT
  • IT strategic planning and business alignment
  • Development and implementation of ITIL processes
  • Systems integration for IT use
  • IT process assessment
  • Implementation of project management methodology
  • IT support area and SI
  • Business continuity planning and disaster recovery
  • Risk analysis
  • Design documentation of internal controls and business IT (COBIT, COSO)
  • Development of management plans for the control environment
  • Design and test execution
  • Active Directory design and implementation
  • Design and implementation of email infrastructure
  • Deploying firewalls and VPN
  • Deploying voice over IP and IP telephony
  • Implementation and administration of database
  • Expert analysis of unauthorized access to private servers
  • Capture and preservation of digital evidence
  • Expert analysis of security breaches
  • Forensic video analysis, digital images and audio
  • Corporate computer security expert
  • Examination of company IT infrastructure
  • Design and implementation of awareness programs
  • Dictation of specialized courses in information security for technical personnel or in general
  • Development of extensive communication tools
  • Social engineering and phishing simulations
  • Development of online courses or trainings

SECURITY CONTINUES

ACC: Adoption to Cloud Computing

Many organizations have made the strategic decision to migrate to the cloud, in order to take advantage of the many benefits of Cloud Computing, however, not always have the time and experience to face the new paradigm in an efficient and successful.

A great challenge facing infrastructure leaders is to identify the most appropriate Cloud Computing offerings according to the needs of the company and the objectives it defines for its services, requiring specialization in the different areas of the new paradigm . Although the concept of cloud is associated with the ease and simplification of the traditional infrastructure problem, this will be true to the extent that in each of the stages decisions are made that benefit the organization, overturning the myth that The cloud are virtual machines on powerful servers.

Adoption Model

Benefits

Main issues

  • Which providers could provide cloud services aligned with business requirements?
  • What limitations are there in migration and how can it be minimized?
  • How to present the migration project against non-technical decisions?
  • What is the best deployment model? Private | Public | Hybrid | Community
  • What service models do you choose? IaaS | PaaS | SaaS
  • What services do you use for processing, storage, database, networking, development, administration, security, analysis, …?
    - Microsoft Azure: Web site | Virtual Machines| Mobile Services | Cloud Services | Storage | Multimedia Services | ...
    - Amazon: AWS EC2| EC2 Container Service | Elastice Beanstalk | Lambda | ...
    - Office 365
    - G Suite
  • What is your optimal architecture?
  • How to minimize the likelihood of hidden costs (not initially considered)?
  • How to adapt the operational processes of administration and operation to the new paradigm?
  • What type of training does the internal staff require according to their new role?

Frameworks

ISO/IEC 17788 (Information technology -- Cloud computing -- Overview and vocabulary)


ISO/IEC 17789 (Information technology -- Cloud computing -- Reference architecture)


ISO/IEC 19086-1 (Information technology -- Cloud computing -- Service level agreement (SLA) framework -- Part 1: Overview and concepts)


ISO/IEC 27017 (Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services)


ISO/IEC 27018 (Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors)

INIST Cloud Computing Program

Security Guidance for Critical Areas of Focus in Cloud Computing

Cloud Computing Adoption Framework–a security framework for business clouds


Cloud Computing Adoption Model

AWARENESS PROGRAM

The human factor remains the main cause of security incidents that occur in organizations today, and this is especially true when security risks are not understood by their personnel or are not prepared for the different threats of the environment.

The Awareness Program of Penta Security Solutions is a comprehensive solution that includes the dissemination and awareness of information security through the use of different channels such as courses, posters, banners, newsletters, wallpapers, videos and even tools Of evaluation (quiz).

The program is entertaining and easy to implement, which effectively transfers best practices with respect to information security, emphasizing the protection of strategic and confidential.

Characteristics

  • Easy to implement
  • Generates positive behavioral changes in staff
  • Understandable and audience-focused content
  • Adaptable to the communication formats of the organization

Benefits

  • Provision of only relevant information to the user
  • Change in the behavior of the personnel achieving greater protection of the own information and of the company
  • Reduction of information security incidents
  • Increased engagement of incident reporting
  • Greater involvement of staff in information security
  • Compliance with regulations, standards and standards

Working Methodology

Communication tools

Compliance with regulations PCI DSS, SOX, HIPPA, ISO 27.001, Privacy Policy, BCRA.

SOURCE CODE SECURITY AUDIT

Software development areas tend to prioritize the creation of applications that meet functional expectations. This situation causes the late arrival of security measures favoring the emergence of vulnerabilities. It is widely proved that early detection of vulnerabilities significantly reduces costs and losses from security breaches.

This service consists in the use of different, properly parameterized automated tools, along with a manual analysis that requires the cooperative work of professionals from different areas (development, architecture, and security) for processing the results, eliminating false positives, defining the criticality of each finding, and proposing the best alternative solutions. This service allows the identification of risks, and unsafe source code practices in the different stages of development or maintenance.

Continuous auditing

Main areas of analysis

  • Authentication / Authorization
  • Session management
  • Cryptography
  • Input validation
  • Secure transmission
  • Error handling
  • Resource usage
  • Logging

Features

  • Successive analysis allow modifications to be planned so they have minimal impact in development timelines
  • Works integrated with agile development methodologies
  • It is a continuous process, monthly analysis, over 12 months
  • Complements the QA phase
  • The resolution of detected vulnerabilities. and the emergence of new ones is checked at each iteration
  • The development team effectively incorporates security concepts
  • Improves the safety of all the software generated by the same team

Supported programming languages

All trademarks and logotypes are property of their respective owners

Typical findings

  • Application flow alteration (redirection, access to areas not available)
  • Possible client/server code injections
  • Information leakage and improper error handling
  • Abuse of functionality
  • Sensitive information in unencrypted files

ISA: INDUSTRIAL SECURITY ASSESSMENT

The emergence of the Internet and its adoption by the organizations have generated great benefits for both operational and strategic levels, but at the same time have affected the way information flow behaves in the organization. Additionally, in companies with industrial activities the level of complexity increases affecting the way in which security is managed.

This service helps to prevent security breaches derived from the integration of industrial systems and their exposure on the Internet. It consists of the implementation of different assessment tools, whose results are investigated by our certified in cybersecurity professionals, allowing an exhaustive and in-depth analysis of the critical infrastructure and industrial network, presenting the findings in a report with recommended actions. The scope covers zones 0, 1, 2 and 3 with their ducts.

Scope of the assessment

  • SCADA, PLC, RTU, DCS, IEDs, CNC
  • Servers
  • Operating Systems
  • HMI consoles
  • Operators and engineers workstations
  • Databases
  • Communication protocols
  • Field devices, telecommunications
  • Control network infrastructure

Modality

  • Essentials: 1 work week in plant
  • Deep: 3 work week in plant

Frameworks

All trademarks and logotypes are property of their respective owners

Benefits

  • Improves industrial security environment through an independent control
  • Reduces the costs of security incidents
  • Contributes to compliance of regulatory and standard requirements

Excellent level of analysis and detection of:

  • Individual activity for each node / equipment
  • Statistics and reports
  • Sent / received bytes
  • Frames
  • DNS actions
  • Consumption
  • Nodes off or down
  • Broadcast
  • IP Addresses / Macadress
  • Netbios
  • Load
  • Errors
  • Conflicts
  • Losses
  • Latencies
  • Network diagram

CONTINUOUS VULNERABILITY MANAGEMENT
PUBLIC SITES AND SERVICES MONITORING

This service fight this problem, and consists in the implementation of different vulnerability analysis tools. The results of these tools are analyzed by our professionals - experts in ethical hacking techniques - integrating, debugging and giving context to the findings in monthly reports with recommended actions. Adding the advantage of a customized vulnerability management portal, with alerts, and action plans that ensures the remediation of the findings.

Features

  • Oriented to corporate services and web sites published on the Internet
  • Only need a public IP address and corporate URL
  • Uses different vulnerability scanning tools
  • Complemented with scripts developed by our professionals
  • Completely safe analysis
  • Results documented in technical reports and executive summaries
  • Monthly reports
  • Action plan management: indicators with the evolution of findings and corrections

Modality

  • 12 months service
  • Monthly fixed value per pack of 10 IP addresses
  • Special bonuses for more than 50 IPs

Frameworks

All trademarks and logotypes are property of their respective owners

Complementary services

  • Social engineering
  • Monitoring to identify new services or corporate web sites published without authorization
  • Pen-Test / Ethical Hacking
  • Standards and regulations compliance audit for websites (W3C, WCAG A, AA and AAA)

Benefits

  • Preventive control over published corporate web sites and services
  • Improvement in the security environment through an independent control
  • Excellent tool for planning and investment justification in security
  • Reduces the costs of security incidents
  • Contributes to the fulfillment of regulations and standards requirements
  • Facilitates the progress analysis of perimeter security
  • Technical and executive monthly reports

DIGITAL SURVEILLANCE. OPEN SOURCE MONITORING

The high impact generated by social networks and the power of individual expression on the Internet has produced negative effects on corporations. In many cases these situations were not identified in a timely manner causing further contingencies in improving the reputation and corporate image.

This service enables the prevention and early detection of negative situations, which involves monitoring open sources published such as navigable Internet and the Deep Web, for early identification of possible negative actions or information leakage, which could affect the corporate world (companies and brands of the group), facilitating the decision-making process against adverse scenarios that occur in cyberspace.

Features

  • Covers both navigable Internet and the Deep Web
  • Only requires knowledge of companies and brands belonging to the corporate group
  • Different tools used in Internet searches, incorporating artificial intelligence
  • Analyses are oriented mainly in Spanish, English, Portuguese, French and Italian languages
  • The service has no impact on the services provided by the company and develops in a silently manner
  • The results are documented in monthly reports with suggestions of preventive actions to perform

Findings

  • Corporate credentials that are published as a result of theft or user error
  • Phishing attempts of corporate brands
  • Similar domains records (oriented for phishing and other deception techniques)
  • Negative feelings against group companies
  • Organization / call to carry out attacks, sabotage or other malicious activities

Benefits

  • Facilitates the anticipation of possible attacks or fraudulent activities
  • An excellent tool for planning and justification of security investment
  • Reduces the costs of security incidents
  • Optimizes legal processes of derived from identified illegal acts
  • Improves the design of awareness campaigns on information security
  • Contributes to the fulfillment of regulations and standards requirements

Service products

  • Summary of findings, criticalities and levels of impact
  • Legal oriented information to facilitate the start of allegations and treatment identified contingencies
  • Control panel with indicators that summarize the observed scenes and levels of criticality

Modality

  • 12 months service
  • Monthly fixed value per brand
  • Special bonuses for more than 5 brands
Top