IT security as a service
Cyber, DevSecOps and pentesting. Quite often there is confusion when it comes to IT security – especially when it comes to testing and analytics. That’s why we always align delivery expectations. This helps ensure a good experience and a usable result.
Below we describe the different types of security tests we offer. If in doubt, get in touch with us and explain the task. We’ll assess whether it’s something we can help you with.
ReScan
Vulnerability Scanning & Analysis
Assume Breach
Compromised Employee
Web Pentest
Web application testing
Security Champion
Secure coding / DevSecOps
Red Team
Red Team exercises
CIS18 ReView
GAP analysis and ReView
Benefits of ReScan X
- Take control of the vulnerabilities that are extra exposed.
- Follow your progress over time
- Compare with a benchmark score from other organizations
- Verify that the vulnerability is fixed with one click
ReScan X – Remote Vulnerability Scanning & Analysis
A vulnerability scan is an automatic detection of vulnerabilities on your devices. The scan helps highlight security challenges before they are exploited by a hacker.
In connection with hacker attacks targeting corporate systems, information is often gathered about the company itself and the systems that are publicly accessible. Vulnerabilities that are exposed to the outside world are therefore extra critical.
Benefits of ReScan Internal
- Prioritize vulnerabilities on your internal network
- Make it difficult to escalate an attack on your network
- Easily distribute the work to fix vulnerabilities via categories
ReScan Internal – Internal vulnerability scanning & analysis
An internal vulnerability scan is an automated detection of vulnerabilities on your internal network.
The scan helps highlight security challenges on the inside of your firewall, making it difficult for a hacker to escalate and spread their attack.
Benefits of Web Pentest
- Get control over the security of a business-critical application.
- A complete security test with technical tools, manual testing and ReTest’s experience can determine if applications can withstand common threats.
- Reveal vulnerabilities and configuration errors as well as inappropriate design in the web application logic.
Web Pentest – Testing critical web applications
An OWASP-based pentest is a complete security test of a web application that exposes vulnerabilities and configuration errors that can be exploited by an attacker.
This is also known as a web test and is often performed on websites that are important for an organization’s operations and image, or sites that are a major sales channel or process important data.
The investigation is in-depth. It involves a high degree of manual testing and attacks by an experienced security consultant (white hat hacker).
Benefits of Security Champion
- Build a culture where IT security is part of everyday life and the design process
- Save time and money by incorporating security continuously and avoid costly post-launch changes
- Get local security experts on every development team, who incorporate security habits into a busy workday
- Become compliant with security frameworks like #16 in CIS18.
Security Champions – DevSecOps Focused Kickoff, Mentoring and Upskilling
Our Security Champions program is a tailor-made package aimed at implementing Security Champions in your organization and creating a more security-oriented development process.
Your Security Champions will raise security awareness in the development department, address concerns during development and prevent vulnerabilities or security-related issues from reaching production.
After our kick-off, you can continue the program yourself or keep us in the loop as you see fit.
Benefits of Assumed breach
- If users are your weakest link, we can uncover what a cybercriminal can do with a compromised user account.
- Highlight vulnerabilities that can give a user too many rights.
- Detect network and Active Directory errors that a hacker will exploit to move between your devices
- Whether your monitoring captures the use cases you expect
Assumed breach
An Assumed breach test is a realistic security test that assumes that one of your employees’ machines has been compromised with malware.
The test uncovers vulnerabilities and setup errors that can be exploited to gain rights on the company network and the provided machine.
Ongoing Assume Breach
This type of testing can also be delivered as a service to continuously improve and optimize your cyber defense and security controls. This is especially relevant for organizations that have invested in SOC (SIEM) and MDR.
Benefits of ReTest Red
- Document how a realistic attack can be carried out and how far attackers can digitally penetrate your business.
- Learn what information an attacker can find out about you that can be exploited in an attack.
ReTest Red – Red Team exercises
A Red Team exercise is a security test that attempts to exploit vulnerabilities in your systems.
These tests are not limited to a single system, but to all available systems.
Benefits of ReAzure
- Understand where attack angles are hidden in your Azure Resources
- Go beyond the Microsoft Security Score and understand the context of your Entra ID and M365 from a hacker’s perspective
- Get to the bottom of security in your Azure environment
ReAzure – Entra ID and M365
Microsoft is a central part of almost all Danish companies’ infrastructure. Many have, more or less consciously, made configurations and setups in Azure in the form of Entra ID and M365 services.
The Microsoft Security Score provides a good starting point. But for most people, it’s necessary to dig a little deeper.
ReAzure – Azure Resources
How well do you manage security after moving your servers to Azure? Find out with this in-depth analysis of security controls, configurations and setups in Azure Resources. We perform a full review and combine it with pentest elements that simulate real attacks in your Azure resources.
Benefits of CIS18 ReView
- Make the biggest positive impact in the shortest possible time with CIS18 IG1
- CIS18 is a good stepping stone for further work with ISO27xxx and NIS2.
- You’ll get a concrete plan for what you should initiate within cyber security.
CIS18 ReView
Based on CIS18, a cybersecurity framework tool similar to the well-known ISO27xxx and NIST frameworks, we perform an all-round assessment of both your organizational (who does what?) and technical (how do we do it?) security defenses, with the aim of uncovering strengths and weaknesses. This product includes both interviews and technical tests focusing on where you can increase your resilience.
Benefits of Review
- Avoid repeating the same setup errors on multiple devices, making it harder to escalate an attack
- Harden servers and clients before launching them into production
Review – Hardening servers and clients
ReView is a configuration review of your servers or clients. It is typically based on a fresh installation to assess whether it is secure enough or if there are any configurations that need to be changed.
Benefits of ReKon & ReFlex
- Get security tasks solved ad-hoc
- Check off IT security tasks that you don’t get to do yourself in a busy day
- Get security advice in your development process (DevSecOps), cloud security and more.
- Competitive hourly rate for skilled IT security consultants
ReKon & ReFlex – Consulting services and vouchers
ReTest provides consultancy for projects that we have the skills to help you with. This could be security assessment of client software or system architecture, for example. It can also be cloud security consulting, encryption and backup processes or security in AD.
We are also associated with many for application development (DevSecOps).
ReFlex is our clip card scheme, where we provide a technician for smaller tasks at a favorable hourly rate. This service is targeted at companies that prefer high flexibility.
Want a call back?
Use the contact form and we will call you back within 48 hours.
