We combine the tradecraft intelligence of the best offensive and defensive cyber operators in the world with a team of world-class researchers and data scientists to engineer analytic capabilities to help protect our client’s digital assets.
We provide expert consultancy and professional services including cyber security advisory services, analytics, threat intelligence, penetration testing, incident response and incident readiness services based on industry driven best practices.
At iTechWorks, we seamlessly deliver cyber resilience by enabling organizations to build high-performing and effective security, risk and compliance management programs. We ensure security controls enable the increasingly connected world and digital economy to overcome constantly changing security challenges.
Security can be overwhelming, with a growing numbers of threats and increased threat complexity. Added to this, organizations are facing a global skills shortage of security experts.
At iTechWorks, we focus 100% on Holistic Security – it’s all we do. Our people bring with them real-life experience at all business levels – from professional security officers to specific compliance and technology specialists, dedicated to developing and building world-class security services for our customers.
Our team includes certified engineers and threat and incident analysts, incident response teams who can quickly contain, manage and remediate security incidents, and world-class researchers and developers, focused on using technology to build platforms, systems, applications and customer portals.
Our tailored approach helps you achieve the level of cyber security maturity your organization needs.
iTechWorks provides security assessments and penetration testing services that help you understand which threats and vulnerabilities pose the most risks to your organization due to infrastructure gaps, people, environmental issues or third-party exposure. We offer assessment and testing services for organizations of all sizes and across all industries.
Penetration testing is part of a recognized approach to identify and quantify risk. Through testing we actively attempt to exploit vulnerabilities in your infrastructure, applications and business processes. We provide context around identified vulnerabilities, their impacts and the likelihood of a breach of an asset.
Our team is trained to think and act as if they were real-world malicious attackers. This approach helps your organization fully understand how it would hold up during an actual attack. The results of our engagements proactively identify and quantify vulnerabilities so you can measure and determine the acceptable level of risk your organization is willing to take on.
Our Security Assessment and Penetration Testing services provide insight into all aspects of an organization’s environment, but not limited to and include:
An external infrastructure assessment provides a snap shot of the current security posture and state of Internet facing systems. By choosing this type of assessment you would be implementing a proven test which replicates what an attacker would initially implement prior to an external attack. This enables you to establish the attack surface of your external internet facing infrastructure.
This type of assessment will allow you to understand the potential impact of an attacker with a foothold within your network or a malicious or disgruntled employee. With the exception of cloud services, almost all sensitive information is held within the perimeter of a typical infrastructure. By understanding which areas are vulnerable to attack (such as internal email, databases or financial information), you can begin to protect those assets.
With the data centre being slowly moved from within the company network to being hosted by third parties, a new challenge arises in how to secure access to these critical assets. With extensive experience in performing cloud infrastructure, segregation testing and access control, iTechWorks can work with third parties to ensure confidentiality, integrity and availability of your critical infrastructure and data.
From the starting point of a standard user, iTechWorks will determine the actions that could be taken to affect the confidentiality, integrity and availability of your critical assets. Can the user escalate privileges to that of Domain Admin? Are sensitive files available without any access restrictions? Can a malicious actor attack impersonate other users? Breakouts can be performed from on-site desktop, remote access solutions such as Citrix, and from within VPNs.
iTechWorks works on different methodologies to ensure consistent coverage and depth of testing. Our team has a wide range of experience of external and internal applications covering financial, telecommunications, retail, national infrastructure and government sectors.
While some architecture can be similar between mobile and web applications, the deployment of a mobile application introduces a greater attack surface. Does the application correctly store data on the device? Can the application detect use on a ‘rooted’ or ‘jailbroken’ device? iTechWorks has experience with Android, iOS and wearable devices.
Internal applications can suffer from multiple vulnerabilities around network traffic, memory usage and operating system vulnerabilities. We will perform an in depth assessment, hooking into the application to understand how it interacts with network resources, authenticates users and secures data while in use on the desktop.
Web applications are increasingly required to communicate with other web applications to provide and retrieve sensitive information. Testing is performed in a similar manner to user interactive web applications, searching for incorrect configurations, injection attacks and other vulnerabilities.
iTechWorks will review the configurations of firewalls, switches, routers and proxies to ensure that their configuration is performing the intended function and adheres to industry standard best practices. Gaps in filtering rules could allow an attacker to traverse a network, exfiltrate data and hamper investigations should logs not be captured correctly or securely. The majority of network devices are covered and reviews can be performed on-site for secure environments.
Virtual Private Networks can fall short of best practices when configured as default, by ensuring that encryption, password policies, two factor authentication and user/access management are correctly configured you can help protect network traffic when traversing the internet.
Theft or loss of a laptop can be devastating. Organizations often find themselves asking: What information was available? Can a malicious actor gain access to our network? Do the policies to ensure data encryption work as required? We answer those questions and can give remediation advice to prevent your critical assets from falling into the wrong hands.
A build review provides a detailed review of the installation and configuration of a company’s base operating system. By choosing this type of assessment you would be implementing a proven test which ensure that systems have been built, configured and deployed with respect to industry standards or corporate policy.
Our Red Team services are intelligence-led by security professionals and threat researchers who have real-world experience with nation-state-level cyber operations. Our experts go above and beyond a penetration test, using complete knowledge of your network and customized stealth techniques to emulate advanced persistent threats. These types of engagements are designed to help a client’s internal teams become more effective in the identification and prevention of such attacks in the future.
A database review provides a review of the deployment and configuration of an organization’s database servers. With the importance of database systems in today’s business environment it is important to review their configuration before deployment and at regular intervals.
Physical penetration testing attempts to infiltrate an organization’s facilities through various means which may include access via secured doors; the evasion of motion sensors, security cameras and checkpoints and even obtaining passwords written on post-it notes. The aim of the engagement is to identify weaknesses in the physical security controls and areas where staff and/or polices can be strengthened to identify intruders.
Social engineering relates to coercing individuals within an organization to inadvertently grant access to information to someone who does not have proper authorization. Examples of social engineering may include phishing, phone campaigns, and impersonation. Social penetration testing may be a component of a physical penetration test.
iTechWorks offers additional assessment and testing services around other key components of an organization’s IT infrastructure and specialized systems. iTechWorks can assess supervisory control and data acquisition (SCADA), industrial control systems (ICS), internet of things systems (IOT) and radio frequency transmissions such as Bluetooth, Zigbee, etc. among many others.
Many security vulnerabilities can be found in how IT systems such as networks, servers, gateways and applications are configured or coded. iTechWorks’s team of infrastructure experts review and assess these systems to help ensure they are properly configured to inhibit an individual or group from easily accessing the inner workings of your IT environment. We are able to provide configuration review services for all of the areas listed below.