Cyber Security Competence Services

The First Cyber Security Testing Platform

Cloud or On Premise Platform

SWASCAN

Swascan’s services for resellers And distributors

Swascan is In collaboration with Cisco

VULNERABLITYASSESSMENT

Web Vulnerability assessment

Web App Scan is the automated service of WebVulnerability Scan. The Vulnerability AssessmentScanner Tool allows you to identifyvulnerabilities and security concerns of websitesand web applications. The vulnerability analysisaims to quantify the levels of risk and indicatescorrective and repositioning actions required forrecovery

Network Vulnerability Assessment

Network Scan is the automated service ofNetwork Vulnerability Scan. The online NetworkScan service allows you to scan infrastructuresand devices to identify vulnerabilities andsecurity issues. The Vulnerability Analysis aimsto quantify the levels of risk and to indicate thecorrective actions and repositioning necessaryfor recovery.

Phishing Simulation Attack

A dedicated, cloud-based Phisihing simulationattack platform that identifies the Human Factorrisk and raises employee awarenessconsequently. The service allows you to identifyyour exposure to corporate phishing attacksand to educate your employees to recognizeand identify malicious emails.

IoT Vulnerability assessment

The IoT Vulnerability Assessment is theautomated Vulnerability Scan service for IoTsystems and devices that can be identified withan IP. The tool allows you to identifyvulnerabilities and security concerns of Internetof Things systems. The vulnerability analysisaims to quantify the levels of risk and indicatethe corrective actions and repositioningrequired for recovery.

Mobile App Security Assessment

The Mobile App Security Assessment performsthe analysis and testing of the APK and IPA ofmobile APPs. It allows to identify, analyze andsolve security problems and vulnerabilities ofANDROID’s Os and provides an analysis of risklevels together with indications for theresolution of vulnerabilities.

Assisted mode

With the assisted mode, the execution ofservices is carried out directly by Swascanpersonnel for the execution of individualservices. In addition, the activity includes:

• Additional manual activities related to theselected service

• Manual verification of false positives ofindividual reports

• Discussion of the Report remotely• Indication of remediation plans

Domain Threat Intelligence

It is the online Intelligence service developed inthe field of Cyber Security. It includes thecollection and analysis of information related tothe domain and subdomains in order tocharacterize possible cyber threats andpotential vulnerabilities. It has the purpose andthe objective of identifying the publicinformation available at OSINT and CLOSINTlevel related to a given target.

PENETRATIONTEST

Penetration Test

Penetration Test is the service that aims tohighlight any vulnerabilities and security issuespresent and to indicate technological,organizational and proceduralcountermeasures, able to eliminatevulnerabilities and problems, mitigate theeffects and raise the overall security status ofthe entire technological infrastructure.

Pentest

Carries out the activity of Penetration test in both Black Box and White Box mode.

Vulnerability

Classifies vulnerabilities in terms of potential damage and impacts.

Reporting

Detailed documents regarding the activities carried out

Pen Test Target

• Web sites

• Web applications

• Network

• Wifi

• IoT

• Mobile applications

• ATM

• Hardware

• ….

CODEREVIEW

Code Review Standard

Secure Code Review is the automated StaticCode Analysis service. The service allows toidentify, analyze and solve security problemsand vulnerabilities of the source code. Itprovides an action plan and a remediation plan.

Standard language:

• Android

• Csharp

• Groovy

• Java

• Javascript

• Php

• Python

• Web

Premium language:

• ABAP

• C/C++

• C#

• COBOL

• iOS

• Objective-C

• PL/SQL

• RPG

• VB.NET

• Visual Basic 6

Manual Code Review

The Manual Code Review service is provided bySwascan’s Code Review experts. The activityinvolves the analysis of the evidence ofvulnerability or criticality identified during theautomated analysis phase (Code Review Baseand/or Code Review Premium) in order toidentify and eliminate any false positives.

CONSULTING AND TRAINING

Cyber Security Consultancy

Cyber Security Consultancy is the SwascanMSSP service provided by experienced CyberSecurity Professionals through a dailyconsulting activity. It plays an advisory andoperations role to support the customer inorder to: define the security policies of theinformation systems, assess risks, control andsupervise the entire technological infrastructureof the company. Specifically, the service allowsyou to enstablish a:

Digital Forensic Analysit

It's the consulting service to support businesses.Forensic computing is a branch of digitalforensic science linked to the evidence acquiredby computers and other digital storage devices.Its purpose is to examine digital devicesfollowing forensic analysis processes in order toidentify, preserve, retrieve, analyze and presentfacts or opinions regarding the informationcollected. It is a necessary support in case ofData Breach, computer fraud or abusive accessto the computer system.

Training

Cyber Security Training are tailor-made trainingand awareness courses related to the world ofCyber Security. The courses are managed andrecognized professionals in the field. Thecourses are delivered according to thecustomer's needs, according to the needs withthe aim of being in line with the technologicalcontext of the company. Below is the list ofcourses:

Cyber Security Course:

• Ict Security Awareness

• Governance, Risk and Compliance

• Incident & Crisis Management

• Ethical Hacking

• Secure Coding

• Strumenti e Tecnologie

• …..

GDPR, ISO & COMPLIANCE

GDPR Assessment

GDPR Assessment is the online tool that allowscompanies to verify and measure their level ofcompliance according to the legislativeprovision on privacy, the General DataProtection Regulation - EU Regulation2016/679. The Swascan GDPR service providesguidance and corrective actions to be taken atthe level of Organization, Policy, Personnel,Technology and Control Systems.

ISO 27001 Assessment

ISO 27001 Assessment is the online tool thatallows companies to verify and measure theirlevel of compliance with the internationalstandard ISO. It provides the indications andcorrective actions to be taken to set up andmanage the information security managementsystem (SGSI or ISMS), in terms of logical,physical and organizational security.

GDPR & ISO Consultancy

GDPR and ISO Consultancy is Swascan's MSSPservice provided by experienced professionalsfrom the fields of GDPR, ISO and Compliancethrough a daily consulting activity. It plays anadvisory and operational role in supporting theclient in order to identify technological andprocess solutions for regulatory and legislativecompliance.

Assisted Mode

Assisted Mode allows companies to besupported by Swascan’s staff in the execution ofindividual services. The activity includes:

• Additional manual activities related to theselected service

• Execution of the selected service

• Manual verification of false positives ofindividual reports

• Discussion of the Report remotely

• Indication of remediation plans

SWASCAN ON PREMISE

Swascan On Premise

Cyber Security Training are tailor-made trainingand awareness courses related to the world ofCyber Security. The courses are managed andrecognized professionals in the field. Thecourses are delivered according to thecustomer's needs, according to the needs withthe aim of being in line with the technologicalcontext of the company. Below is the list ofcourses

On Premise

Installing the Swascan platform on a local serveror private infrastructure.

Cyber Security Testing

Carries out security testing of the company'stechnological assets at the level of applications,software and devices.

Technologic Risk Assessment

It guarantees the Analysis of Technological Risk(GDPR art.32) and the management of SecurityGovernance.

Compliance

Verification of conformity with the regulationsin force. It provides an analysis of risk levelstogether with indications for the resolution ofvulnerabilities.

WHITE LABEL

Swascan White label

The Swascan White label Service allows therebranding of the Swascan platform; specifically:

• Logo

• Colours

• Contact email

• Logo PDF documents

• Subscription email text

• Dedicated URL

Swascan professionals will install the platformand provide the necessary consulting support toinstall it.

White label Services

Below are details of the services offered onSwascan's White Label platform:

• Web Application Vulnerability Scan

• Network Vulnerability Scan

• GDPR Assessment

Comsumer Services

Consumer services

At the end of each month Swascan will producea summary report of the tests carried out by theCustomer. Swascan will invoice the amountdisbursed on the basis of the monthlystatement.

Packaged services

It is possible to pre-purchase service packages.Swascan will report monthly on the servicesactivated.

DATA BREACH Incident & Response Pack

DATA BREACHIncident & Response Pack

It's the support module for companies dealingwith a Data Breach.

The service can be activated within 24 hours.

The module consists of:

1. Cyber Securty Investigation

2. Forensic Analysis

3. Contingency Plan

• Malware chekup

• Vulnerability Management

The activities and results produced arenecessary for the legislative requirementsrelated to the notification to the Data ProtectionAuthority

Cyber Security Investigation

It aims to identify the attack vectors and todetermine the target of the attack victim andthe techniques used and pointed out bycriminal hackers.

Forensic Investigation

This phase aims to crystallize with forensicmethods the evidences of the data breach.

Contingecy Plan

Malware Checkup

Its objective is to verify and certify whetherother malicious elements installed by theattackers are still inside the infrastructure.

Vulnerability Management

The vulnerability analysis aims to identify anddetermine the possible vulnerabilities that couldbe exploited for a possible attack at the level ofexposed infrastructure on the Internet andinternal infrastructure.The activity will be carried out through activitiesof :

• External Infrastructure Penetration Test

• Vulnerability Assessment and Network Scan

of the internal infrastructure

CYBER SECURITY FRAMEWORK CHECKUP

Cyber security framework Checkup

The Cyber Security Framework Checkup activityis divided in 5 separate steps:

• Mapping

• Assess Threats

• Security KPI

• Gap Analysis

• Security Road Map

Mapping:

Identifies the perimeter and the security devices

Assess Threats:

Assesses the technological risk and its impacts

Security KPI:

Analyzes existing Security KPIs

Gap analysis:

Between AS, IS, standards and best practices

Road Map :

Detailed repositioning Road Map

SWASCAN SHIELD PACK

Swascan Shield Pack

Swascan Shield is the Cyber Security Frameworkdevised by Swascan's Security Research Team toensure the security of your computer thanks to:

Cyber Security

• Security Governance

• Security Early Warning

• Incident & Crisis Management

Compliance

• GDPR Compliance

• ISO27001 Compliance

• Nist Cyber Security Framework

• PCI/DSS

• AGID

Monitoring

24/7 infrastructure monitoring service, reportingsystem anomalies from a security point of viewby e-mail, text message and telephone call.

Security Prevention

• Vulnerability Assessment

• Network Scan

Security Proactive

• Asset Inventory

• Network Management

• Endpoint Protection

Security Consultancy

Support the company in the Management ofbusiness risk by adopting and implementingremediation plans and securitysolutions/measures identified in the RiskManagement phase. Define tools, actions andplans for the management of Incident and CrisisManagement

Cyber Security Competence Services

The First Cyber Security Testing Platform

Cloud or On Premise Platform

SWASCAN

Swascan’s services for resellers And distributors

Swascan is In collaboration with Cisco