We combine the tradecraft intelligence of the best offensive and defensive cyber operators in the world with a team of world-class researchers and data scientists to engineer analytic capabilities to help protect our client’s digital assets.
We provide expert consultancy and professional services including cyber security advisory services, analytics, threat intelligence, penetration testing, incident response and incident readiness services based on industry driven best practices.
At iTechWorks, we seamlessly deliver cyber resilience by enabling organizations to build high-performing and effective security, risk and compliance management programs. We ensure security controls enable the increasingly connected world and digital economy to overcome constantly changing security challenges.
Security can be overwhelming, with a growing numbers of threats and increased threat complexity. Added to this, organizations are facing a global skills shortage of security experts.
At iTechWorks, we focus 100% on Holistic Security – it’s all we do. Our people bring with them real-life experience at all business levels – from professional security officers to specific compliance and technology specialists, dedicated to developing and building world-class security services for our customers.
Our team includes certified engineers and threat and incident analysts, incident response teams who can quickly contain, manage and remediate security incidents, and world-class researchers and developers, focused on using technology to build platforms, systems, applications and customer portals.
iTechWorks works on different methodologies to ensure consistent coverage and depth of testing. Our team has a wide range of experience of external and internal applications covering financial, telecommunications, retail, national infrastructure and government sectors.
While some architecture can be similar between mobile and web applications, the deployment of a mobile application introduces a greater attack surface. Does the application correctly store data on the device? Can the application detect use on a ‘rooted’ or ‘jailbroken’ device? iTechWorks has experience with Android, iOS and wearable devices.
Internal applications can suffer from multiple vulnerabilities around network traffic, memory usage and operating system vulnerabilities. We will perform an in depth assessment, hooking into the application to understand how it interacts with network resources, authenticates users and secures data while in use on the desktop.
Web applications are increasingly required to communicate with other web applications to provide and retrieve sensitive information. Testing is performed in a similar manner to user interactive web applications, searching for incorrect configurations, injection attacks and other vulnerabilities.
iTechWorks will review the configurations of firewalls, switches, routers and proxies to ensure that their configuration is performing the intended function and adheres to industry standard best practices. Gaps in filtering rules could allow an attacker to traverse a network, exfiltrate data and hamper investigations should logs not be captured correctly or securely. The majority of network devices are covered and reviews can be performed on-site for secure environments.
Virtual Private Networks can fall short of best practices when configured as default, by ensuring that encryption, password policies, two factor authentication and user/access management are correctly configured you can help protect network traffic when traversing the internet.
Theft or loss of a laptop can be devastating. Organizations often find themselves asking: What information was available? Can a malicious actor gain access to our network? Do the policies to ensure data encryption work as required? We answer those questions and can give remediation advice to prevent your critical assets from falling into the wrong hands.
A build review provides a detailed review of the installation and configuration of a company’s base operating system. By choosing this type of assessment you would be implementing a proven test which ensure that systems have been built, configured and deployed with respect to industry standards or corporate policy.
Our Red Team services are intelligence-led by security professionals and threat researchers who have real-world experience with nation-state-level cyber operations. Our experts go above and beyond a penetration test, using complete knowledge of your network and customized stealth techniques to emulate advanced persistent threats. These types of engagements are designed to help a client’s internal teams become more effective in the identification and prevention of such attacks in the future.
A database review provides a review of the deployment and configuration of an organization’s database servers. With the importance of database systems in today’s business environment it is important to review their configuration before deployment and at regular intervals.
Physical penetration testing attempts to infiltrate an organization’s facilities through various means which may include access via secured doors; the evasion of motion sensors, security cameras and checkpoints and even obtaining passwords written on post-it notes. The aim of the engagement is to identify weaknesses in the physical security controls and areas where staff and/or polices can be strengthened to identify intruders.
Social engineering relates to coercing individuals within an organization to inadvertently grant access to information to someone who does not have proper authorization. Examples of social engineering may include phishing, phone campaigns, and impersonation. Social penetration testing may be a component of a physical penetration test.
iTechWorks offers additional assessment and testing services around other key components of an organization’s IT infrastructure and specialized systems. iTechWorks can assess supervisory control and data acquisition (SCADA), industrial control systems (ICS), internet of things systems (IOT) and radio frequency transmissions such as Bluetooth, Zigbee, etc. among many others.
Many security vulnerabilities can be found in how IT systems such as networks, servers, gateways and applications are configured or coded. iTechWorks’s team of infrastructure experts review and assess these systems to help ensure they are properly configured to inhibit an individual or group from easily accessing the inner workings of your IT environment. We are able to provide configuration review services for all of the areas listed below.