Cyber Security

Maintaining data security throughout the enterprise is of the utmost importance; Security threats can result in stolen data, network degradation, or unscheduled downtime – and they’re Cybersecurity threats aren’t going anywhere any time soon and are likely to evolve to meet any vulnerabilities that might be present in your network no matter how modern it might be.
At POINTEC we adopt End-to-End Security solutions addressing every layer and device across the network to keep our customers digital assets protected anywhere anytime.

Security Products & Services:

End point protection

Firewall

Email Security

Cloud native security

MDR Managed Detection & Response

XDR Detection & Response

Compromise Assessment

Penetration Testing

Compliance & Consulting

HOLISTIC APPROACH FOR INCREASED INFORMATION SECURITY

Cybersecurity attacks focus on vulnerabilities of IT systems, internal and external networks, and employees’ level of readiness and awareness to recognise such attacks.
With the increasing complexities of IT systems, digital transformation, and huge demand for accessibility by employees, we take a holistic approach to cybersecurity measures including data, applications, systems, networks, and human factors.
Initially, we conduct a comprehensive investigation and review of all systems with potential vulnerabilities with appropriate counter-measures and assess employee awareness through cybersecurity training and phishing simulation.
All IT systems externally accessible are tested for any vulnerabilities, including internal networks and their connections, should an attacker gain access to internal IT systems and provide measures for both, stopping such attacks and preventing them from spreading across internal networks.
Subsequent steps create an optimal basis for securing the entire IT landscape. In addition, further measures can be defined and implemented on a risk-based basis.

1. The human factor

Phishing Simulation

  • Evaluation of your employees’ roaction to different scenarios
  • Human risk factor becomes measurable. Awareness Training

2. External Perimeter

Vulnerability Assessment & Penetration Testing

  • Roview of all IT systems accessible externally (from the Internet)
  • Overview of risks and vulnerabilities of externality systems

3. Internal IT Systems

Vulnerability Assessment
& Penetration Testing

  • Comprehensive review of IT systems and applications
  • Demonstration of vulnerabilities & configuration deficiencies in IT systems and applications

4. Advanced Measures

Implementation of Measures IT security Assesments

  • Customized support based on
    assessment results.

HUMAN KPI – MAKE SECURITY AWARENESS MEASURABLE

PHISHING SIMULATION

Technological safeguards alone are not enough to protect your business from cybersecurity attacks. Nowadays, humans are increasingly being targeted by attackers. One of the most common attacks is aimed at deceiving employees into obtaining confidential information. Such phishing attacks are becoming increasingly sophisticated.
We offer you the opportunity to carry out tailor-made phishing campaigns to evaluate the reaction of your employees to different attack scenarios. Through continuous training and awareness-raising measures, your company achieves a significantly higher level of information security.

DANGERS OF PHISHING ATTACKS

Phishing attacks are a serious threat to your entire business. Fraudsters are often very targeted. It is therefore often difficult for employees to distinguish legitimate emails from phishing emails. Successful phishing attacks usually result in the execution of ransomware and significant damage to the company!

TARGET GROUPS

Depending on the type of phishing emails, the target groups also differ. It therefore makes sense to develop different scenarios for individual target groups to gain as realistic an impression as possible with regard to the awareness of your employees.

AWARENESS TRAINING

INFORMATION SECURITY STARTS WITH THE HUMAN FACTOR

For years, the lack of sensitivity of IT users about information security has been complained about. A technically secure IT infrastructure is not enough to ensure the security of your company.
Therefore, support your employees in dealing with possible attacks with know-how and thus ensure that they are detected and fended off. With the help of our security awareness training, your employees learn how to identify potential dangers and avoid risky behaviour in everyday work. In this way, they prevent, among other things, financial damage, reputational losses, and possible legal consequences due to the GDPR.

MODULAR DESIGN

The interests and problems of a company are usually of different nature. Therefore, in addition to comprehensive basic training, we also offer independent, in-depth modules so that you benefit from the greatest possible added value. We take over the creation of the Course content as well as the design of the Training and coordination according to you our customers’ requirements.

WHY POINTEC?

  • Years of expertise: Our security awareness Coaches have years of expirience in conducting IT security training. They Impart profound Technical knowledge and provide a wide range of information about the latest threats.
  • Practical relevance: Your employees are involved in the training in the best possible way in face-to-fae training in order to acheive the greatest possible learning success trough learning-by-doing and to better understand complex relationships.
  • Live hacking demonstration: To help your Employees better understand possible attacs, we provide live information on ho to deal with criminal attacs.

VULNERABILITY ASSESSMENT & PENETRATION TEST

ATTACKS START WITH INTELLIGENCE GATHERING

Attackers scout systems and first look for easy-to-exploit vulnerabilities – so-called low-hanging fruits. A vulnerability scan identifies and classifies such vulnerabilities in your IT systems, which checks the effectiveness of existing countermeasures and allows you to react to new vulnerabilities.
A penetration test also focuses on the detailed manual inspection of individual systems. For example, serious security gaps in access controls of web applications can be uncovered. This enables you to identify possible attack vectors and secure your system or application in the best possible way.

VULNERABILITY ASSESSMENT

Vulnerability assessments provide an overview of possible vulnerabilities in IT systems. With the help of (partially) automated scans, as many potential vulnerabilities as possible are uncovered.

Vulnerability assessments can be carried out for IT systems and services accessible from the Internet as well as for your internal networks. In order to identify many attack vectors, we examine a large number of systems. In this way, as many low-hanging fruits as possible are shown within your IT systems and services. All identified IT systems and their weak points as well as the necessary measures to remedy them are shown in a report for you.

PENETRATION TEST

As part of a penetration test, we carry out a comprehensive examination of your IT systems or applications (e.g. webshop, customer portal) including corresponding application logic.

It traces the path that a potential attacker would take in order to detect any remaining weaknesses in your IT systems and networks. Identified vulnerabilities are deliberately combined or exploited, e.g. to obtain higher user rights or confidential information.

Our task is to check your IT systems and application design with regard to possible attack scenarios and to document findings in a detailed report for you.

REMOTE ACCESS

The corona pandemic has accelerated and driven companies’ digitization projects. Ways to access resources outside the company’s own network were set up within a few days. However, remote access in particular carries a very high risk for companies.

For example, we check whether access has been secured in the best possible way and whether access to company secrets is correctly restricted.

WEB APPLICATIONS

Thorough manual review of individual web applications or APIs. The aim is to identify security-relevant configuration errors and vulnerabilities in the program logic, or the software used, with the help of which damage could be caused.

INTERNAL NETWORKS

From zero to hero. We simulate an attacker who already has access to the internal network and try to gain the highest possible privileges. Ideally (for us) the penetration test ends with domain admin permissions.