lets@secureit.is
Most popular questions
01. What differentiates SecureIT from most auditing and compliance companies?
SecureIT has a lot of practical experience and understands that it’s as important when pointing out gaps to also discuss how those can be resolved. And we also make sure to always inform our customers what they should do based on compliance or other requirements but also provided what is recommended in addition to what is required. SecureIT works both on the offensive and the defensive side and does technical verifications to make sure your security posture meets the criteria.
02. What is the difference between vulnerability scans and pentesting?
Vulnerability scans are used to identify known problems within your environment but pentests are used to actually see if those those vulnerabilities can be exploited, how and to what extent. Therefore, SecureIT always discusses with it’s clients what is most important to them, discusses values and so on, to then see if those systems can be breached or that data can be leaked, stolen or even be made unavailable to the company itself. What matters most to the customer is what we go for! And we provide you with a storyline of what happened.
03. What is the difference between our home-made setup of ELK and SecureIT’s SIEM service?
SecureIT actually provides its customers with centralized log management tools like ELK but that is not the most important thing in our minds. Most customers do not have enough resources to actually continuously analyse, monitor, correlate and alerts appropriately based on all security events within their environments, let alone 24x7x365. Knowing what is happening within your environment at all times and responding to threats immediately is critical.
04. Why are there so many false positives when trying to find sensitive and regulatory data within our environments?
Our product, Riskhunter was created by people working in operations and dealing with the results of scanning and DLP products where false positives almost made the products unusable in addition to systems frequently crashing because of perfomance issues within those tools. Therefore, it was decided to create a low impact product on the operating system where all results can be imported into any major business intelligence solution and worked on there as well as providing multiple additional smart ways of sorting through those false positives, e.g. using issuing bank information, connecting with applicable associated data such as national IDs, data adjacent to false positives etc. By joining this experience with practical PCIPs and QSAs and extensive domain experience it was possible to create a product that not only meets compliance requirements but also really works in production environments and provides usable results.
05. We are a small company where everyone is close to one another, why do we need social engineering attacks tested on us?
Cybercriminals are constantly improving their methods to become experts. Anyone can become a target where financial or other gain is sufficient and then potentially prey. Practice makes perfect. People may assume that the next person obviously wouldn’t fall for something but the statistics speak otherwise. SecureIT has shown companies on numerous occasions through real attack simulations how common it is that people are tricked. And falling far that trick, may be the downfall of your company when the cybercriminal attacks. Therefore, we attack and train our customer employees on a regular basis.
Need help?
We enjoy adapting our security and compliance strategies, services and solutions to our customer needs. This also helps us stay at the forefront in the information security industry. And we want results because your success is our success