Focused Security Analysis For Your Organisation’s IT Systems

Uploaded on 2021-03-22 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Health & Welfare

In association with CENSUS 
 
Cyber espionage is on the rise, with intruders targeting all forms of intellectual property and data with the aim to steal from you or shut down aspects of your organisation. A cyber attack is deliberate criminal engagement with your computer systems, technology-dependent enterprises and networks. Cyber attacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cyber crimes, such as information and identity theft. 
 
CENSUS is a highly recommended IT security service provider for the cyber analysis and IT system audit required. The company has completed similar projects for governments, corporations and many different types of organisations with excellent results.
 
CENSUS is an independent, privately funded and internationally acclaimed Cyber Security services provider. They deliver high quality InfoSec services built upon their leading research supporting the needs of multiple industries. It provides IT and OT security services to public and private organizations worldwide since 2008, including international financial institutions and Fortune 500 companies. 
 
The CENSUS team consists of 60 experienced security experts including industry recognized security engineers and published authors that have been acknowledged by the media and the cyber security community. They regularly present their research at major IT security conferences such as Black Hat, DEFCON, and ZeroNights. 
 
Furthermore, CENSUS has compliance expertise and industry certified personnel, as well as its own CREST-accredited penetration testers with a fully checked background and certifications of completion like Black Hat Pentesting industrial control systems. 
 
CENSUS is an ISO 27001, ISO 9001 and CREST-certified company, while its engineering team holds Offensive Security, CREST, GCIH, CEH, ISACA Cobit5 and ISO 27001 and 9001 auditor certifications. CENSUS stands out for technical excellence in its work and high-quality deliverables, best supporting the complex needs of those that define the Digital Now.
 
The company is committed to the highest standards of service delivery and operations supporting the needs of multiple industries, including Software & Internet services, Banking & Finance, Insurance, Payments, Government, Defence, Maritime, Healthcare, Energy & Utilities, Consumer Electronics and Telecommunications.
 
Regarding the Healthcare industry in particular, since November 2017, the prestigious Mayo Clinic includes CENSUS on the list of recommended External Assessors for conducting vulnerability assessments to medical devices prior to purchase and installation in the Clinic's environment. Mayo Clinic provides device vendors the option of either having a device assessed by the internal Clinical Information Security team or through an External Assessor following a specific process.
 
CENSUS has performed IT Security Assessments on a wide range of medical technologies, including pacemakers, defibrillators, cardiac arrest monitors, infusion pumps, MRI & CT scan equipment and medical device gateways. It has also analysed cloud platforms for the exchange of medical information, PACS systems, patient record management software, patient monitoring technologies, physical access controls for clinics and smart medicine cabinets. 
 
CENSUS' assessment services covered all aspects of these medical technologies, from their hardware, software and firmware to their communications and default configuration.
 
Acknowledging the constant evolution of information security threats and with its specialisation and experience in the field,
CENSUS enables the team to go beyond the publicly known attack vectors, giving clients the opportunity to be protected from possible future threats to their infrastructure and products.
 
In order to systematically test the security of an organization, CENSUS offers the Security Testing process. Testing is performed with the same means that malicious users use, under a methodology that makes the results of the tests beneficial to the under-assessment organisation. The scope of the tests is not limited to hardware and software resources, but includes all aspects of the organisational structure, such as processes and human resources. 

CENSUS uses the latest attack techniques along with the results of its in-house vulnerability research to identify common and acknowledged vulnerabilities and distinguish the possibilities of zero-day attacks. 

CENSUS engineers do not focus only on the discovery of vulnerabilities, but go one step further, to the design and realization of attack scenarios on the client's infrastructure, combining knowledge acquired from the client's interaction with the Internet, from identified vulnerabilities, as well as from misconfigured or absent information security controls.  Thus, the maximum risk paths are discovered. CENSUS methodology helps its engineers quickly discover threats in the software and the firmware, as well as to identify of zero-day vulnerabilities. 
 
While CENSUS maintains its own security research centre, it does not base its methodology solely on security scanner tools and automated solutions. Instead, a great deal of manual assessment is performed. In addition, CENSUS has the ability to efficiently connect the “vulnerability aspect” to the “business aspect”, using the most suitable senior engineers to identify the
necessary actions and put the right priorities.
 
CENSUS security testing services can be offered in various ways depending on the required depth of testing and the nature of the organisation’s requirements. The following options are available:
 
  • Tiger Team: The ultimate security test; covers all aspects of an organisation's infrastructure. Holistic testing of an organisation’s security in a less controlled manner. Payment on this service is required only in the case where the Team has successfully seized one or more of the designated targets.
  • Red Teaming: Full-scope, intelligence-led, multi-layered attack simulation designed to measure how well a company’s people and networks, applications and physical security controls can withstand an attack from a real-life adversary. Often performed over an extended time Red Teaming combines multi-faceted testing approaches that are designed to not only seek to penetrate an organization, but also to verify the response, monitoring and incident response investigation process and actions.
  •  Penetration Testing: Customer-controlled security testing attacks. Conducted by CREST-accredited ethical hackers & SCADA-certified personnel, industry recognized consultants and published authors that have been recognized by the media and the cyber security community.
  • Web Application Testing: In-depth security testing for custom and off-the-shelf web applications. It examines all functions of a Web Application, all layers of the Web Application stack and all tiers of the Web Application architecture.
  • Mobile Application Testing: Services for applications of all major platforms (i0S, Android, Windows Phone, Blackberry OS and HTML5). The methodology utilises multiple analysis techniques: App Static Analysis, App Dynamic Analysis, API Testing, Third-Party Code Assessments and App Bundle Inspection. 
  • Device Testing: Tests the security of both hardware & software on a device (e.g. CPE equipment).
  • Network Infrastructure Testing: Checks the security parameters of network components, such as switches, routers, IPS, IDS, firewalls etc.
  • Wireless Infrastructure Testing: Tests in depth the configuration of wireless networks.
  • Social Engineering: Tests the information security awareness of personnel. 
  • Physical Security Testing: Tests the reliability and integrity of physical security controls, such as access authorisation mechanisms for restricted zones.  The resulting information from the security testing sessions is provided in strong classification with regards to the threats and the risks associated with the identified and exploited vulnerabilities.
CENSUS also offers vulnerability research services to ensure that a software product, a system implementation, or a new technology that an organisation is planning to invest in meets strict security requirements and does not suffer from vulnerabilities.  

CENSUS adopts a top-down approach which allows the identification of the most exposed applications and systems in a client's IT environment, followed by a thorough investigation for unknown vulnerabilities in these elements. 

With extensive experience and specialised knowledge in the field of vulnerability research, CENSUS employs focused techniques, such as fuzzing, reverse engineering, source code auditing (in cases where source code is available), static and dynamic analysis in order to identify vulnerabilities and clearly demonstrate their impact on a system's security model.
 
In addition, CENSUS provides specialised software security services to help businesses build and maintain a Secure Software Development Lifecycle (SDLC). These services range from consulting and training on Secure SDLC procedures, to security audits on the deliverables of each SDLC phase.  Secure SDLC methodologies allow for the early mitigation of security risks, by identifying and fixing security vulnerabilities during the early stages of software development. They also introduce best-of-breed proactive defenses in the design and implementation of the software, thus minimizing the released product's exposure to future threats.
 
CENSUS has extensive experience in auditing source code both for insufficient input validation vulnerabilities (like buffer overflows, XSS, SQL injections) and logic flaws (such as race conditions, concurrency violations).  Unlike traditional code auditing approaches, CENSUS does not rely on automated mechanisms to identify vulnerabilities. Instead, the preferred top-down approach offers an understanding of the investigated system and provides a detailed source code vulnerability report to the client. 
 
The company also provides software security testing services to companies that require an independent entity to assess the security of custom software they purchase from third parties. Furthermore, CENSUS offers Security Training courses to improve the security awareness of personnel and allow developers / management to identify and mitigate security issues early on in the software development lifecycle:
 
  • Security Awareness Training
  • Introduction to Software Security
  • Web Application Vulnerabilities
  • Mobile App Vulnerabilities (covering Android and iOS apps)
  • Implementing a Secure Software Development Lifecycle
  • Secure Development in Java
  • Secure Development in C
  • Secure Development in JavaScript
Finally, CENSUS provides Security Consulting services to companies and organisations worldwide.  Past projects include:
 
  • design-phase reviews of new protocols
  • software architecture reviews
  • network architecture security reviews
  • the assessment of binary protection solutions for desktop and mobile applications
  • the assessment of MDM solutions
  • the assessment of DRM technologies
  • the development of security policies
  • incident handling

CENSUS is a research-driven, high-end information security services firm with a proven history of better securing their customers through real-world scenarios created by our security experts. 

The company helps clients with the cybersecurity maturity journey by providing end-to-end, state-of-the-art assessment of costumers’ security posture to improve the cyber resilience and leverage the benefits of digital transformation. Additionally, CENSUS performs security assessments as an independent body and can provide attestation for these services, which can be used as a certificate for the customer and its products/services. It is important for the company to provide its services in an effective manner following a high-quality standard.
 
Census Labs - Healthcare:         Census Labs: - Mayo Clinic
 
You Might Also Read:
 
Check Your Organisation’s Security With A Cyber Audit:
 
 
« Facebook Pays Rupert Murdoch For News
Is Blockchain The Future Of SSL Certificates? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

InAuth

InAuth

InAuth Security Platform delivers advanced device identification, risk detection, and analysis capabilities to help organizations limit risk and reduce fraud.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

Telecommunications Industry Association (TIA)

Telecommunications Industry Association (TIA)

TIA works to secure trust in networks by advocating public policy positions on the security of ICT equipment and services related to critical infrastructure, supply chain and information sharing.

SureVine

SureVine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

InGuardians

InGuardians

InGuardians is an independent information security consulting firm specializing in penetration testing, threat hunting, and hardware hacking.

Navixia

Navixia

As a leading Swiss IT security specialist, Navixia offers a global and pragmatic approach to information security.

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL) is the largest integrated Information Communication Technology (ICT) company of Pakistan.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

Mobilicom

Mobilicom

Mobilicom is an end-to-end provider of cybersecurity and smart solutions for drones, robotics & autonomous platforms.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

ASPIA InfoTech

ASPIA InfoTech

ASPIA Infotech is a leading Information and cybersecurity organization focused on innovative approaches to avert targeted attacks.