Acarté believes that a proactive security approach is far better than to wait for an incident and then reactively fix the problem. This is why we started with end-user Security Awareness Training, as it results in an immediate and dramatic decrease in malware infections, which in a high percentage of cases are the entry point of a network penetration.
Many of the most damaging security penetrations are, and will continue to be, due to Social Engineering, not electronic hacking or cracking. . . Social Engineering is the single greatest security risk in the decade ahead.” — The Gartner Group, 2010
Our second service called Email Exposure Check does a deep search on the Internet which exposes email addresses that are out there and can be used for a (spear-) phishing attack. We are able to provide our customers with the URLs where these addresses were found, so that action can be taken.
Acarté customers asked us if we could provide other security services, so we’d be a one-stop shop for proactive security measures. Our answer is to present Security Consulting Services, but with a special proactive angle, focused on making your organization a hard target for phishers. Each service is described briefly below, for more details feel free to contact us.
Penetration Testing, also known as Ethical Hacking and abbreviated to pentesting, uses the same techniques as black hat hackers to find weaknesses in your network or systems. It highlights the vulnerabilities that are exploitable by remote attackers. Acarté's pentests show the low-hanging fruit that black hats will go after, and what needs to be done to remediate these weaknesses that might result in a compromised website or corporate network. Acarté's pentests are done remotely, and will result in a clear report with what was found and what to do about it.
Social Engineering Audit
Security breaches caused by social engineering are the number one security risk. Network penetrations in recent years have very often been the result of low-tech methods like pretexting, dumpster diving, and phishing. At Acarté, we believe that proactively finding the weaknesses that make your organization vulnerable often is neglected. We can audit your organization for these types of attacks:
“An ounce of prevention is worth a pound of cure” – Benjamin Franklin.
• phishing and fraudulent websites
• dumpster diving
• phone system exploitation
• misuse of publicly accessible information
• policy, procedure, and security awareness violations
• phone calls pretexting
• physical security failures
Acarté social engineering audits take a ’360-look’, and we touch any area in your organization that could lead a to a security breach. During the audit we will ascertain the state of your security policies and procedures, and report back with both strengths and weaknesses with clear recommendations for improvements. Repeated social engineering audits, combined with our proactive Security Awareness Training and Email Exposure Checks, will harden your organization into a target that hackers will think twice about attacking. Done on-premise by one or two consultants, with only senior management aware of this audit and the rest of the organization kept unaware of the exercise.
Anti-Phishing Service Including Take-down
In case your organization gets attacked despite all the preventive measures you have taken, Acarté is able to provide you with a comprehensive solution to mitigate and eliminate phishing incidents quickly. The solution includes proactive monitoring and detection of phishing incidents, including rapid site take-down response and resolution of the incident.
Always-on phishing monitoring & detection engines receive inputs from honeypots, spam feeds, client abuse email and other data sources. This removes duplicates and provides an early warning system for phishing URL’s targeting a specific organization. DNS and domain registration monitoring alerting to similar domain registrations to those of our clients, provides the ability to do everything possible to block a phishing attack before it begins,
Acarté has partnered with a 24×7 Security Operations Center, fully staffed with Security Analysts who specialize in phishing analysis and incident take down. Relationships have been built with ISP’s and Web Hosts around the world to facilitate in timely site take downs. Our analysts work a number of contact channels simultaneously, (including ISP’s, Web Hosts and Website owners/administrators) to ensure each phishing incident is taken down in the fastest possible time. The features of this solution are:
• 24×7 Proactive monitoring & detection
• Domain Monitoring
• Abuse Email Forwarding
• Evaluation and verification of potential phishing threats
• Rapid incident response web site take-down
• Continuous monitoring of phishing URL’s
• Reporting and Forensics portal access
• URL inclusion in Global Blocklists.
For more details feel free to contact us.