800 800 070
Available H24
Via S. Pietro All’Orto 9, Milano
Via dei Gracchi 32, Roma
Via dei Gracchi 32, Roma
Email info@argocyber.it
Cyber Risk Assessment
0
Total Cyber Attacks In 2020
+
0
%
Cyber Attacks Compared to 2014
+
%
Phishing / Social Engineering Campaigns Compared to 2018
0
Monthly Cyber Attack Average
Argo cyber security
Why choose us
Argo Cyber is a project with a high technological and specialized component unique of its kind.
Using advanced IT technologies, it identifies innovative and customized solutions for its customers.
Cyber Risk Assessment
Progressive digitalization, the increasingly stringent regulatory framework and the evolution of cyber threats bring out the need to implement or implement forecasting and treatment strategies that are adequate and proportionate to cyber-risks.
The Cyber Risk Assessment process is an integral part of any effective Cyber Security strategy, as it allows you to identify, monitor, assess and manage the risks and vulnerabilities of an IT system.
The identification of potential threats and vulnerabilities allows to prevent the occurrence of future security incidents and reduces exposure to possible cyber attacks that would undermine the confidentiality, reputation and production continuity of the organization with consequent economic losses.
The dynamic process requires constant monitoring of the estimate of the risk level in order to ensure the timely implementation of defense countermeasures and operational intervention plans suitable for their sector and organizational context.
Argo Cyber professionals, referring to the main international best practices, carry out Cyber Risk Assessment activities aimed at an in-depth and precise analysis of the level of IT security capable of highlighting the real level of exposure to risk and defining targeted technical and operational responses.
Our
Certifications
Argo Cyber constantly invests in certifications to improve the level of services offered thus guaranteeing the utmost professionalism and safety to its customers.
Cyber Risk Assessment
Stages of The Activity
01 - Information Gathering
This phase focuses on the detection and classification of all information relating to the infrastructure, the services offered, the application technology and the related entry points of the target in scope. Both a “passive discovery” which does not require any solicitation of the target and is therefore not detectable and an “active discovery” which aims to identify the network services available on the infrastructure in question – via port scanning – and to identify – using fingerprinting techniques – remote platform technologies, associated services and applications, and fuzzing non-indexed directories and files.
02 - Vulnerability Assessment
The Vulnerability Assessment phase concerns the detection of existing vulnerabilities based on the results obtained during the Information Gathering phase. The data obtained through the first phase are analyzed on the basis of information disseminated on vulnerabilities. Diffusion guaranteed by accredited organizations such as Common Vulnerabilities and Exposures (CVE) and Open Source Vulnerability Data Base (OSVDB).
The analysis allows you to have an overview of the security level of the technological infrastructure, including standard applications and / or services, aimed at highlighting potential vulnerabilities. This phase mostly uses both open source and commercial automatic tools, such as IBM Rational AppScan, Acunetix, BurpSuite and scanners and scripts created ad hoc. An analysis of the results will then be conducted in order to identify and eliminate any false positives.
03 - Penetration Testing & Exploiting
The aforementioned phase concerns the attempt to exploit any vulnerabilities detected in the previous phases. It is a typically manual activity conducted by highly specialized resources, and often performed with ad hoc developed software. The goal is to verify that there is no real possibility of exploiting the identified vulnerabilities and / or understanding the real impact of a potential system and data intrusion.
The following activity, thanks to the use of highly specialized resources, also leads to the discovery of new vulnerabilities, often more sophisticated and with greater criticality than those identified during the Vulnerability Assessment phase (it is estimated that 70% of new vulnerabilities found in this phase). Hence the great importance of the Penetration Testing activity carried out by highly specialized resources in order to give a more truthful view of the attack surface of a web application and thus avoid false senses of security due only to the use of software automatic scanning.
04 - Reporting
At the end of the WAPT a detailed report is drawn up containing the identified vulnerabilities (with relative details of the software / service concerned, screenshot, type of vulnerability, level of criticality, and possible remediation actions).
