Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
In collaboration with CISCO
Cyber Security Competence Services
The First Cyber Security Testing Platform
Cloud or On PremisePlatform
SWASCAN THE FIRST CLOUDCYBERSECURITY PLATFORM
swascan.com
BrochureSwascan
Swascan is an innovative CyberSecurity Company, born from anidea of Pierguido Iezzi and RaoulChiesa.
In October 2020, Swascan srlbecame an integral part of TinextaS.P.A. Group.
With this operation, Swascan hasbecome an active player in the firstnational cyber security hub: notjust a company, but an all Italiangroup, part of a new national hubspecialising in digital identity anddigital security services.
CyberSecurity Expert
Cyber Tech GeekSerial Entrepreneur
Ethical Hacker
Pierguido Iezzi
Riccardo PagliaSara Colnago
Raoul Chiesa
Who are we?
It's the first Italian Cyber Securitycompany to own a Cyber Securitytesting platform and a CyberSecurity Research excellence centre.
Awarded by Cisco as Cyber Securityplatform, Has been granted the titleof "Cyber security company incollaboration with Cisco".
Recognized as a European CyberExcellence by ECSO (EuropeanCyber Security Organization)
And among the world's top 20solutions for technology risk analysisby Markets & Markets
What is Swascan?
The first cloud based suite that allows you to: 1ANALYZE SOLVEIDENTIFY
The platform allows to Identify, analyze and solve Cyber Security vulnerabilities and critical issues discovered on business assets like:
Website Web Application Mobile App Network
Cyber Security Team: 2The Swascan Cyber Research Team has uncovered thevulnerabilities of Adobe Sandbox di Microsoft, Lenovo,Huawei, Nokia, Sap, GoToMeeting, Apple, Xfinity, Cert-EU e European Defence Agency.
Find out more Find out more Find out more
Find out more Find out more
Find out more Find out more Find out more
Find out more
Find out more
ECSO has chosen Swascan The only Italian Cyber Security Firm in the Cyber Security Market Radar 2019
The ECSO Cybersecurity Market Radar 2019 serves as a comprehensivevisualisation tool, marking a significant step forward in ensuring the transparency ofthe European cybersecurity market and boosting the visibility of its deployment-ready cybersecurity solutions and capabilities..
IDENTIFYMiglior provider per soluzioni di:
• Risk Management;• Governance, risk & Compliance
PROTECTMiglior provider per soluzioni di:
• Vulnerability Management;• Penetration Testing/Red Teaming;• IoT Security;• Awerness Trainings;• Static Application Security Testing
(SAST)
DETECTMiglior provider per soluzioni di:
• Security Operations Center (SOC)
RESPONDMiglior provider per soluzioni di:
• Incident Management
20202019
RECOVERMiglior provider per soluzioni di:
• Business Continuity / Recovery Planning
VulnerabilityAssessment
NetworkScan
CodeReview
GDPRAssessment
It runs the scan of web sites and web applications to spot and analyze in a proactive way security vulnerabilities.
The Network Scanner spots and identifiesnetwork vulnerabilitiesand helps you fixing them.
It runs the source code analysis to highlight and solve weak spots and security vulnerabilities.
The online tool that makes you evaluatethe Compliance levelof your company in terms of GDPR.
Domain threatIntelligenceFind out whatinformation is availableat OSINT and CLOSINT level for a given target domain, subdomains and compromised emails
ICT SecurityAssessmentThe ICT Security Assessment allows you to analyse yourCyber risk level and assessthe effectiveness of the security measures taken.
Cyber ThreatIntelligenceCollection and analysis of all information (from Data Breaches to Brand namementions) at OSINT and CLOSINT level regardingCyber Threats targeting yourcompany.
Technology Risk Human Risk
Phishing Attack SimulationCreate a unique learningopportunity for youremployees and avoid the more and more frequentphishing attacks.
Risk AnalysisThreat Intelligence
The functionalityof SWASCAN
Smishing Attack SimulationTraining and awernessactivities for youremployees through realsmishing attack simulations
Swascan Cyber Security Team
Cyber Incident Response
A dedicated Cyber emergency responseteam to handle Cyber Incidents, DDOS attacks, Data Breach and RansomwareAttacks.
SOC As a Service
Swascan’s dedicated Monitoring & EarlyWarning service for the propermanagement of proactive security and preventive security.
Penetration test
Penetration testing activities are carriedout by certified Penetration Testers in line with international standardsOWASP, PTES and OSSTMM.
Security Management
Security Advisory services at advisory and operational levels to supportclients in remediation plans, Cyber Security Management, Compliance Management and Risk Management.
Security Academy
Dedicated Cyber security training courses in the classroom or via Webinars. Awareness activities for technical staff, employees and top managers.
Incident Response e Data Recovery SOC as a Service Penetration test
Security Management Scopri di più
NETWORK SCAN
Network Scan is the automated Network Vulnerability Scan service
1. The platformThe First Cyber Security Testing Platform
CLOUD ON PREMISE
SwascanServicesAll-in-One SaaS & Pay for Use
1. Vulnerability Assessment2. Network Scan3. Code Review4. GDPR Assessment5. ON PREMISE6. Domain Threat Intelligence7. ICT Security Assessment8. Cyber Threat Intelligence
0
1
2
3
4
5VULNERABILITY ASSESSMENT
Identifies the vulnerabilities of websites and web applications
Static analysis of the source code
CODE REVIEW
DOMAIN THREATINTELLIGENCE
15
Collection and analysis of information
ON PREMISESet Up on a localserver
GDPR ASSESSMENT
Online Tool that allows companies to verify and measure their GDPR
ICT SECURITYASSESSMENTTo verify and measuretheir cyber risk level
CYBER THREATINTELLIGENCECollection and analysis of all information
Vulnerability Assessment
The Web App Scan is theautomated service that scans forWeb Vulnerabilities, this serviceidentifies security vulnerabilitiesand criticalities of websites andweb applications. A Vulnerabilityanalysis is necessary to quantifyrisk levels and to provide thecorrective actions needed for theremediation activity.
Web Application ScanIdentifies the vulnerabilities of websitesand web applications including SQLInjection, Cross-Site Scripting and more.
OwaspAssures Compliance to OWASP model andcurrent regulations. Provides a risk levelanalysis together with indications to solvevulnerabilities.
Security TestingSecurity Scan for Web applications toidentify vulnerabilities.
ReportingAutomatic generation of PDF and CSVreports.
1/9
TechnologyRisk
Security testing and security scan of web applications to identify vulnerabilities
Analysis of third parties applications to discover vulnerabilities that could generate loss of data or undesired access to these database
Compliance to OWASP model and to current laws
ReportingAutomatic generation of PDF and CSV reports.
Network Scan
Network Scan is the automatedNetwork Vulnerability Scanservice. This tool scans theinfrastructure and the devices onit to identify securityvulnerabilities and criticalities.The Vulnerability analysis isnecessary to quantify risk levelsand to provide the correctiveactions needed for theremediation activity.
Network ScanIt runs the Vulnerability Scan fornetwork and device vulnerabilitiesand helps to fix them.
Security TestingSecurity Scan of IT infrastructures.
ComplianceCompliance test with GDPR.Moreover, provides a risk levelanalysis together with indications tosolve vulnerabilities.
ReportingAutomatic generation of PDF andCSV reports.
TechnologyRisk
This tool scans networks and devices, identifies vulnerabilities and helps fixing them
Network Security testing scan
It constantly verifies the compliance to current laws
It monitors internal procedures and company’s policies
2/9
Code Review
Code Review is the automatedtool for the static analysis of thesource code. The Source Codeanalysis is a process that –trough the source code analysisof applications – verifies thepresence and effectiveness ofminimum security standards.Code verification is useful to besure that the target applicationhas been developed in order to“auto-defend” itself in its ownenvironment.
Security Code ReviewIt provides a detailed analysis of the source code in order to identifysecurity vulnerabilities and criticalities.
Static Code AnalysisThe Static Analysis Source Code Tool that supports more than 16 languages.
ComplianceCompliance test with GDPR. Moreover, provides a risk levelanalysis together with indications to solve vulnerabilities.
ReportingAutomatic generation of PDF and CSV reports.
TechnologyRisk
Code review provides an accurate analysis of the source code in order to identify vulnerabilities
It tests the source code for vulnerabilities
Identification of inefficiency and deficiencies
Identification of critical areas
3/9
Phishing Attack Simulation
Hum
an Risk
A dedicated Phisihing attacksimulation service that identifiesthe Human Factor risk and raisesemployee awarenessconsequently. The service allowsyou to identify your exposure tocorporate phishing attacks andto educate your employees torecognize and identify maliciousemails.
Swascan's Phishing Attack simulation service allows you to protect your company. The benefits:
• Reduces the risk of suffering a Phishing attack
• Reduces staff training costs in security matters
• Allows employees to identify phishing threats
• Ensures GDPR Compliance.
SaaS or Full UsageA platform that provides use in SaaS or on an unlimited basis for one year
Drag and DropOver 10 Email Templates and 2 Landing pages ready to use. Easy to use and customization of the Templates thanks to the "drag and drop“ technology.
ReportingAutomatic Report Generation
4/9
Smishing Attack Simulation
Hum
an Risk
A Smishing Attack Simulationservice that identifies the levelof risk associated with theHuman Factor and raisesemployee awareness in the faceof threat posed by a SmishingAttack. The service allows you toidentify your company'sexposure to Smishing risk and toeducate your employees torecognize and identify maliciousSMS
Swascan's Smishingattack simulation service allows you to protect your business. The benefits:
• Reduces the risk of being the victim of a Smishing attack
• Reduces staff training costs
• Allows employees to identify Smishing threats
• Guarantees GDPR compliance
SaaS or Full UsageA platform that can be used in SaaS or on an unlimited basis for one year
ReportingAutomatic Report Generation
5/9
GDPR Assessment
GDPR Assessment is the OnlineTool that allows companies toverify and measure their GDPR(General Data ProtectionRegulation – EU 2016/679)Compliance level. Swascan’sGDPR assessment tool providesguidelines and suggestcorrective actions to implementin terms of Organization, Policy,Staff, Technology and ControlSystems.
GDPR Self AssessmentIt runs a Privacy Assessment in termsof Organization, Technology and Policy/Procedure
GDPR Gap AnalysisIt highlights system weaknesses in terms of privacy and defines the intervention priorities in order to be compliant.
ComplianceIt defines the compliance levelproviding a Privacy Compliance Indicator.
ReportingAutomatic generation of a PDF report.
RiskAnalysis
GDPR Self AssessmentIt runs the analysis and provides the level of GDPR Compliance
GDPR Gap AnalysisIdentifies criticalities and intervention priorities
Action planDefines repositioning activities
ReportingAutomatic generation of PDF and CSV reports.
6/9
ICT Security Assessment
The ICT Security Assessmentallows companies to verify andmeasure their cyber risk leveland to evaluate the effectivenessof security measures adopted byidentifying two macro indicatorsat Functional and Operationallevel. The service providesindications and correctiveactions to be taken at theOrganization, Policy, Personnel,Technology and Control Systemslevel.
Functional Cyber RiskThey determine the security levels at the level of:
• Technology Risk • Governance Risk • Human Risk • Data Risk
Operational Cyber RiskThey determine the security levels at the level of:
• Preventive Security Gap Risk• Proactive Security Gap Risk • Data Breach Exposure• Ransomware Recovery
Exposure
RiskAnalysis
The ICT Security Assessment allows companies to verify and measure their cyber risk level and to evaluate the effectiveness of the security measures adopted.
Functional Cyber Risk:They determine the security levels at the level of:
• Technology Risk • Governance Risk • Human Risk • Data Risk
Operational Cyber Risk:They determine the security levels at the level of:
• Preventive Security Gap Risk• Proactive Security Gap Risk • Data Breach Exposure• Ransomware Recovery Exposure
7/9
Domain Threat Intelligence
The Domain ThreatIntelligence has the purposeand objective of identifying anypublic information available atOSINT and CLOSINT levelrelating to a given target. Theactivity of Threat Intelligencegathering is carried out througha process of research,identification and selection ofpublicly available informationrelating to the domain ofinterest.
Threat IntelligenceThreat Intelligence activity is carried out on targets and digital identifiers related to compromised assets and emails. The activity is conducted through the search, identification and selection of publicly available information relating to domain, subdomain and compromised email.
Osint & ClosintThe service does not perform any security tests on the target, it operates only on information collected at the OSINT and CLOSINT level and available on the Dark Web.
OSINT: An acronym for Open Source Intelligence, it refers to the process of gathering information through the consultation of public domain sources also called "open sources" impacts. CLOSINT: Close Source Intelligence, a process of gathering information through consultation of "closed sources", not accessible to the public or "reserved" areas.
ReportingDetailed activity reports in PDF format.
ThreatIntelligence
The Domain Threat Intelligence provides an accurate analysis of possible threats to your business.
ReportingAutomatic generation of a pdf report.
The Domain Threat Intelligence identifies public information available at the OSINT and CLOSINTlevels for a given target group.
Provides “actionable intelligence”: contextualized, accurate and predictive information to determine target exposure
8/9
Cyber Threat Intelligence
The Cyber Threat Intelligence(CTI) focuses primarily on theanalysis of "raw" data collectedat events - past and present - tomonitor, detect and preventthreats to an organization,shifting the focus from reactivedefense to preventive and"smart" security measures.Ideally, the CTI should becomethe basis on which a companybuilds its secure, alert andresilient defense perimeter.
Data Breach Data Breach detected (direct and/or third party) and compromised emails.
Network Hygiene Identifies the presence of malicious or suspicious activity within the Client's digital perimeter.
Dark WebAnalysis of instances on the so-called Dark Web, such as threat actors (cyber criminals, typically) on cyber crime forums who have spoken about the Client (understood as brands, domains, IP addresses, brands or names of Executives) to spread confidential or personal data, to discuss scams and fraud to be perpetrated against the Client, etc..
Botnet ActivityIdentification of the presence of any Botnets directly or indirectly related to the Company's assets
Rischi VariThis category of digital risk includes several subcategories: Ip Reputation, DNS Passive, etc…
ThreatIntelligence
The CTI is responsible for the Collection and analysis of all information (from Data Breaches to Brand name mentions) at OSINT and CLOSINT level regarding Cyber Threats targeting your company.
The Threat Intelligence activity is carried out through a process of search, identification and selection of publicly available information with OSINT/CLOSINT at the OSINT/CLOSINT level:
• Target • Digital Assets• IP• Email and employee information
of a company
The activity includes the collection and analysis of information related to a series of critical macro areas such as:
• Data Breach• Dark Web• Network Hygiene• Botnet Activity• Rischi «vari»
9/9
On Premise
Swascan On premise is the CyberSecurity Testing Platform which allows to identify, analyzeand solve all the vulnerabilitiesrelated to Corporate IT Assets in terms of websites, web applications, network and source code. It is an All-in-One platformthat includes Web Application Vulnerability Assessment, Network Vulnerability Scan and Source Code Analysis services.
On Premise
Set Up of the Swascan Platform on a local server or private infrastructure.
Cyber Security Testing
Carry out the Security Testing of the Corporate IT Assets in terms of applications, software and devices.
Analisi del Rischio Tecnologico
It ensures the Technologic Risk Assessment (Art. 32 GDPR) and the Security Governance Management.
Compliance
Compliance with current laws. It provides an analysis of the risk level together with the corrective mesures to implement in order to fix the vulnerabilities.
Compliance Risk Management Information SecurityICT Security
Be in line with current security, personal data
and privacy laws
Manage and monitor activities to guarantee
systems and IT infrastructures security
ISMS system development in
accordance with ISO 27001 International
certification
System analysis in order to define the best security strategy
Why would you need us?
WhySwascan?
All in one platform
Pricing advantage
Ready and easy to use
Pay per use
No technical skills required
SaaS
Swascan product Positioning
+
-+
-
Pricing
Features
StrengthsTeam Strenght
Raoul Chiesa: Major expert, known worldwide for hisknowledge in cybersecurity, hacking and cyber-crime.He is a member of several European and Internationalgovernmental and non-governmental organizations.
Business Competence: Software&Consultant companyknown worldwide for its achievements and awards suchas New York Webby Award, Internet Oscar, GMIC Siliconvalley finalist,...
Key Capital: Venture Capital
Noovle: Is an ICT and Cloud strategic consultingcompany and Google first partner in Italy
Tinexta: Successor of the Tecnoinvestimenti Group,Tinexta is a dynamic and rapidly growing Group, listedon the STAR segment of the Italian stock exchange.Through its subsidiaries, Tinexta operates in threebusiness segments: Digital Trust, Credit Information &Management, Innovation & Marketing Services
Pricing: A 40% advantage compared tocompetitors. A dynamic infrastructure thatallows cost reduction.
Ready to use/Pay for Use/ SaaS: An alreadyconfigured, fully in Cloud platform. Ready touse, a service model completely in SaaS andPay for Use. High quality and flexibility forusers.
Servizio Tailor Made: Chance to createcustomized projects depending on usersneeds: WhiteLabel, platform hosting,...
Awards
Among the 20 solutions
in the world
As a Cloud CyberSecurity Platform
Digital InnovationFor Mobility
Acceleration programme 2019
Top 20 Cyber Security firms in Europe
Ecosystem success story
Cyber security excellence
…
In collaboration with CISCO
Cyber Security Competence Services
The First Cyber Security Testing Platform
Cloud or On PremisePlatform
SWASCAN THE FIRST CLOUDCYBERSECURITY PLATFORM
swascan.com
BrochureSwascan