CYBERSECURITY SOLUTIONS

Do you care about your business? Lately companies all over the world are facing issues with hacker attacks. Malicious hackers could gain access to private information and assets, large amount of money, confidential financial documents, contracts and client's database. Hackers could also gain full control over the networks and systems of a company. What that means is that they can break into all systems, steal and replace documents and block the activity of the targeted company.

Do you care about your customers? Unfortunately, many of the attacks are followed by leakage of private and sensitive information on the world wide web. That causes risk as well as for the users and the companies, which are responsible for keeping their client's data secure.

A good example are the cyber attacks against: What if you are already a victim of a cybercrime? A good example are the cyber attacks against: Russian central bank - 31 million dollars losses Тesco Bank - 2,5 million dollars losses Bangladesh Bank - 81 million dollars losses As well as Vodafone, Sega, Ubisoft, Scottrade and more.

WE HELP CLIENTS STAY AHEAD OF ATTACKERS AND MITIGATE FUTURE RISKS. Our team of experts is certified by the top security organizations and vendors: TAD GROUP also holds two of the most important ISO certifications:

THEY ALREADY TRUSTED US:

WEB APPLICATION PENETRATION TESTS Our services WEB APPLICATION PENETRATION TESTS NETWORK PENETRATION TESTS VULNERABILITY ASSESSMENT DDOS ATTACKS PROTECTION INFORMATION SYSTEMS SECURITY AUDIT SECURITY AWARENESS TRAINING 2 варианта. SOCIAL ENGINEERING СОЦИАЛНО ИНЖЕНЕРСТВО MITIGATION OF VULNERABILITIES

Network penetration tests EXTERNAL NETWORK PENETRATION TESTS INTERNAL NETWORK PENETRATION TESTS External penetration tests identify possible hazards related to intrusion attempts, relying on vulnerabilities in your information systems. A feature of external tests is that they are carried out remotely and on publicly accessible information systems. This is how we simulate the actions of a hacker who is outside the company's network and has no access to internal systems. The specific with the internal test is that it simulates a hacker attack by an attacker on the company's internal network. That gives real insight into the actual damage that can be caused by cybercriminals who are able to get local access.

Web application penetration tests Nowadays, web applications are among the favorite targets of hackers who can use relatively simple vulnerabilities for getting access to confidential information. However, most often it is containing a valuable personal information, possession of which could lead to further damages. Statistically, over 80% of all compromises are due to exploited weaknesses in web applications. In many cases, vulnerabilities that result in a potential compromise are completely ignored by conventional and automated testing methods. In other cases, vulnerabilities are identified but incorrectly considered inviolable because of the presence of protective technologies.

Vulnerability assessment Vulnerability assessment is the process of identifying publicly known weaknesses in information systems using mainly automated tools. Vulnerability scanning can include, but is not limited to scanning for open network ports, software and operation system flaws, unapplied patches, common weaknesses in applications, gaps in network equipment (firewalls, routers, etc.) and more. Unlike penetration tests, vulnerability assessment does not exploit those weaknesses to show their impact and what damage they could cause. It is also important to note that the vulnerability assessment is not enough to meet the requirements for PCI DSS and other certificates.

DDOS attacks protection Among recent hacker attacks threatening the cybersecurity of the business are the "denial of service" (DoS). This type of attacks target to crash the proposed customer service and exhaust system resources in its infrastructure. They are conducted by sending a huge amount of network traffic, which is overloading the network channel. Another way is causing endless processes to run on the victim machine, using all of the CPU and Memory resources and others. TAD GROUP can help you with advanced security protection against a DDoS attack which has the ability to reduce such threats of all shapes, sizes, and scale, including those aimed at mainstream network protocols, DNS amplification, and others.

Information systems security audit This service ensures whether your network equipment is properly configured including firewalls, routers, IPS/IDS devices, servers, and more. The security audit also examines security policies and systems access rights. Unlike penetration testing, which is often done without access, for doing the security auditing the client must provide the experts with the same access level to the systems that his administrators have.

Security awareness training Staff training aims to inform employees about the policies and procedures they have to follow for the company's good information security. Such training is particularly suited to high-turnover organizations and those whose employees constantly exchange large amount of sensitive information. In this way, employees are trained to protect themselves from hacker fraud through social engineering methods that aim to steal theirs and your confidential information, passwords, documents, and more. During the lecture course, employees gain practical knowledge of how to react if they are attacked by hackers trying to deceive them.

PHYSICAL SOCIAL ENGINEERING Social Engineering is a technique that relies on exploiting weaknesses in human nature, rather than hardware, software, or network vulnerabilities. TAD GROUP offers four core Social Engineering areas to test human susceptibility to persuasion, suggestion, and manipulation: EMAIL PHISHING PHONE/SMS FAX PHYSICAL SOCIAL ENGINEERING ИМЕЙЛ ФИШИНГ

Mitigation of vulnerabilities Once our experts perform the necessary tests to check your cybersecurity, they can eliminate the vulnerabilities found in your systems in case you do not have the specialists needed for that activity. This can be done after a detailed study of your system's configuration and the preparation of the relevant security solutions.

MAY 2018* Required for: Penalties in case of breach: PENETRATION TESTING WILL BE REQUIRED BY AN EUROPEAN GDPR DIRECTIVE STARTING MAY 2018* Required for: Penalties in case of breach: All companies collecting personal data in EU and / or doing business inside EU. For companies which have neglected cybersecurity measures – 4% of the company’s revenue or up to 20M Euro. *Source : https://www.itgovernance.co.uk/data-protection-dpa-and-eu-data-protection-regulation

WHY US? TEAM OF EXPERTS WE ARE ETHICAL COMPANY EXPERTISE Focused and certified cybersecurity professionals We strongly value your privacy and security Proven track record in protecting various business systems

Mitigate the vulnerabilities* OUR PROCESS Sign 2 contracts Execute the tests Receive a report Mitigate the vulnerabilities* Agreement for Penetration Testing and Non-Disclosure Agreement Using the same methods as a cybercriminal would use Contains individual finding reports for all of the vulnerabilities identified As per customer request* *Mitigation of the found vulnerabilities is separate service that every customer of TAD GROUP can ask for.

CYBERCRIME IS A WORLDWIDE EPIDEMIC PROTECT YOURSELF AND YOUR BUSINESS

Contact us: Contact us: +359 2 494 12 34 info@tad.bg www.tad.bg +359 2 494 12 34 info@tad.bg www.tad.bg