INFORMATION SECURITY

Imagem do WhatsApp de 2024-11-26 à(s) 16.29.32_31df45be.png

List of services

SECURITY COMPLIANCE ANALYSIS BY SIMULATING PHISHING ATTACKS

SURFACE MATURITY ANALYSIS

FIREWALL CONFIGURATION

IPS/IDS CONFIGURATION

WEB APPLICATION FIREWALL CONFIGURATION

SECURE SOFTWARE DEVELOPMENT CONSULTANCY

INFORMATION SECURITY AND CYBERSECURITY CONSULTING

CREATION OF COMPLIANCE DOCUMENTATION

PERFORMING VULNERABILITY ANALYSIS

IMPLEMENTATION OF PASSWORD VAULT SYSTEMS

IMPLEMENTATION OF INVENTORY SYSTEMS

NETWORK MONITORING

PENTEST (INFRASTRUCTURE, APPLICATIONS, LOT, WI-FI)

COMPUTER FORENSICS IN ACCORDANCE WITH CIVIL, CRIMINAL, LABOR AND LGPD CODES)

SERVER LOAD BALANCING PROJECTS AND INTERNET LINKS (INBOUND AND OUTBOUND)

FORTIFICATION IN SERVIDIRES (HARDENING)

IMPLEMENTATION OF LOG CENTRALIZATION

IAM IMPLEMENTATION

SIEM IMPLEMENTATION

GRC PROJECTS - GOVERNANCE, RISK AND COMPLIANCE

DATA PROTECTION (CRYPTOGRAPHY, DIGITAL CERTIFICATION, DATA LOSS PREVENTION)

INCIDENT RESPONSE

RESPOSTA E APOIO A COMPLIANCES DE SEGURANÇA E LGPD

SECURITY IN ROUTER AND SWITCH INFRASTRUCTURE

INTELLIGENCE AND THREAT SERVICE

RED TEAM, BLUE TEAM AND LGPD AWARENESS TRAINING

CLOUD SECURITY

IMPLEMENTATION OF ANTIMALWARE SYSTEMS

HIGH AVAILABILITY PROJECTS ON SERVERS AND SERVICES

VULNERABILITY ANALYSIS

Imagine that you hire a home security expert to assess the weak points in your home security. Those points that make life easier for intruders, such as a window that is easy to break, or a rusty padlock, for example.

A Vulnerability Analysis is exactly that in your computing environment. A security exercise through which our digital security experts search for vulnerabilities in clients' computer systems.

The goal of a purposefully simulated attack at the request of a company, also known as ethical hacking, is to identify any points of weakness in a system's defense infrastructure.

Our professionals are developers and ICT specialists with extensive knowledge in networks and security systems, with recognized intrusion testing certifications.

Some possible targets:

Networks and Systems;
WEB applications;
Wireless Networks;
Cellular Applications;
Hybrid Cloud (External or Proprietary);
IoT.

INVASION TESTING (PENTESTS)

Imagine that you believe that your home is secure and impenetrable, and you hire a home invasion specialist to test that security. If he manages to break in, which is very likely, you hire him to fix the problems he detected.

Penetration testing (or simply pentests ) is a controlled simulation of a real attack on a network, system or application, aiming to evaluate its security. During the process, an active analysis of vulnerabilities, weaknesses and technical deficiencies of the current physical and logical infrastructure that hosts the objects in question is carried out.

The service performed by BI4.0 follows international Penetration Testing standards, including NIST 800-115, OWASP, OSSTMM and ISSAF/PTF, in addition to using proprietary and open source tools, always with the aim of ensuring the highest possible quality and reliability for the service, with optimization being carried out with total transparency with the Client.

The service consists of performing a Penetration Test audit on the client's infrastructure, either remotely or in person, with the aim of providing information on vulnerabilities and breaches that could be exploited by malicious users. The tests may originate internally or externally and the auditors may or may not have access to information about the structure (defining whether the test will be of the "black box", "gray box" or "white box" type). Denial of Service Tests may also be performed, as long as they are within the scope of the service contracted by the client.

It should be noted that the client may hire BI4.0 to perform the PENTEST with or without error correction.

When the client has a reliable DEV team, they can decide to correct the errors found with their own team. BI4.0 will then perform so-called RETESTS to check whether the problems have actually been corrected. This becomes a cyclical process.

If the client does not have such a team, or does not trust their own team to that extent, they can hire the BI4.0 DEV team, which will be responsible for solving the problems found. RETESTS cycles will be necessary in the same way.

CONTRACTING MODELS

PHISHING PREVENTION

You know that email or message you receive thinking it's okay because it's from someone you know? Often, this content is a trap for hackers to install viruses on your computer.

Spear phishing targets a specific person or group. They lure victims with information that appears to come from a trusted or familiar source, with as much information as possible to make the approach seem legitimate.

We are specialists in Awareness Programs and Campaigns with Educational Phishing Simulation for Companies. We teach Information Security to your Company's greatest asset: your Employees.

Our service includes everything you need for phishing, analysis, and training, resulting in a comprehensive, long-lasting solution. Test awareness and vigilance among your users through simulated real-world phishing attacks, reinforcing proper practices at the point of click.

Select the type of threat;
Select target users;
Schedule the simulated attack.

Our service includes all reports to support decision-making on reported risks.

Analyze results and visualize program trends, identifying at-risk users and areas for improvement.

Use the results to adapt future training, further strengthening surveillance across your organization;
Analyze user testing results;
Address issues with users and report to leadership.

COMPUTER FORENSICS

The Computer Forensics service aims to investigate an incident following state-of-the-art methods of data acquisition, preservation, recovery and analysis, investigating its causes and those responsible, indicating where security should be reinforced by the client and providing evidence for training, awareness and penalization of offenders.

Technical Report Deliverables:

Detailed description of how the incident occurred;
Description of all steps taken to collect volatile and non-volatile data;
Detailed description of all investigation and analysis activities;
Description of all protocols and tools used in all stages of the investigation;
Guidance on actions that should be taken to prevent the incident from occurring again.

STRENGTHENING SYSTEMS

The Server Hardening service: Operating Systems and Components aims to increase server security, helping to manage risks by treating the main known flaws and vulnerabilities in servers, operating systems and components, and by adopting security controls and environment maintenance.

OPERATING SYSTEMS

Operating Systems: This stage consists of applying controls, corrections, and updates, removing unnecessary services, and running security tests.

SERVERS

This involves checking the server installation and its components and their suitability for the intended service, such as: suitability of access control, adoption of controls to prevent attacks and suitability of secure authentication and encryption mechanisms.

MAINTAINING SECURITY

This stage includes activities to maintain server security since new vulnerabilities will always emerge. In addition to security testing activities, applying patches and updates, we have activities to analyze event logs, backups and create an incident response plan, which are also extremely important for system security compliance.