資安中心 - Version 2

V2 Security Center

V2 Security Service provide solutions to allow customers to fully understand the current weakness in their system. Our [...]

V2 Security Service provide solutions to allow customers to fully understand the current weakness in their system. Our professional security consultants will advise patching propositions based on the customer’s unit structure in view of their system vulnerabilities. Our service will improve the company’s security posture, strengthening protection and reduce the overall cybersecurity risks.

Web Vulnerability Scanning

Most companies or organizations have their own web pages that are served as the first gate to the outside world, how can we insight into the security situation of a web page? The website vulnerability failed to be detected by the information management department of a company may lead to the risk of serious information leakage. The web page vulnerability scanner is a specialized vulnerability scanning tool that can enhance web page security for customers by detecting and fixing the webpage vulnerability.

Service benefits

It can detect and fix the web page vulnerability so as to prevent hacker attack.
The expert’s reports and opinion analysis provided by the software can be taken as the basis of formulation of security policy by customers.

Test item details

Detection Function

Web application security scanning, such as vulnerabilities in SQL injection, cross site scripting, etc. CGI program access permission check (GET, PUT, DELETE, etc.); web page code detection and analysis for PHP, JSP, ASP, etc. Please refer to the international standard OSSTMM 3.0 (Open- Source Security Testing Methodology Manual).

Testing Method

Conduct remote scanning and test, including web page replacement, jump server (host), theft of confidential information, personal information leakage, brute force attack, trojan horse attack, XSS attack, check the architecture of the target websites and URLs with potential security risks, and conduct comprehensive check of web pages and path records.

Vulnerability Scanning

When a hacker plans to invade an information system, usually the first step is to find the weakness of the information system. If the company’s important information system has weaknesses, it faces a high degree of risk. Vulnerability scanning is a complete and thorough health check service to the company’s system, allowing you to fully understand the current weaknesses of the system.

Service benefits

Detect and fix system vulnerability at an early stage so as to reduce the level of risk, improve the security architecture and protection level.
Diagnose vulnerabilities and risks of the information system.

Test item details

Scanning Policies

Configure different scanning policies for different operating systems (such as Windows Server, UNIX) and network devices (such as router, firewall), and conduct security assessment including backdoor, password and DoS vulnerability.

Testing Method

Experts will provide advice on remote or on-site scanning detection and relevant tools according to customers’ requirement and environment.

Penetration Testing

Web security specialists (white hat hackers) think like black hat hackers, use the most advanced penetration technology and attack methods to attack the target for testing security strength and discovering blind spots and system weakness, which is the best method for testing network security degree.

Service benefits

Assess all possible attack opportunities and methods by simulating real-world attacks.
White hat hackers who perform penetration tests have professional certificates such as CREST, GCIH, GWAPT, GPEN, GXPN, CEH, OSCP, CISM, CISA, CISSP, CCIE, ISO27001, etc.
Follow the international test operation standards OSSTMM (Open Source Security Test Method Manual) and OWASP (Open Web Application Security Project).

Test item details

Intrusion Detection

Confirm the target environment, learn the network environment, search engine, data, etc.

Operating System and Vulnerabilities

Windows Services, Linux Services, File Sharing (P2P) scanning, backdoor scanning, remote file access.

System Service Test

Web service, SMTP service, FTP service, DB service, DNS service and other services.

Website Application Detection

SQL Injection vulnerability detection, XSS vulnerability detection, CGI vulnerability detection, OWASP, SANS/ FBI TOP 20 LIST vulnerability detection, Buffer Overflow, Command Injection.

Access Control

Network and local file access.

Password Strength Detection

Perform password strength testing on operating systems, systems, websites, applications, documents, etc.

Security Health Check

We provide companies or organizations with integrated cyber security testing services covering different levels such as network architecture, end users, servers, wire connection, we also provide suggestions for Improvement, and our services will help customers to learn their overall network status and to establish key solution for improvement earlier.

Service benefits

Check the overall network architecture and conduct security assessment from different levels (network, systems, terminals, log files) and for different devices (terminal computers, servers, network security devices).
To detect vulnerability in time and fix it by taking professional advice.

Test item details

Network Architecture Check

Check the overall network architecture and conduct security assessment from different levels (network, systems, terminals, log files) and for different devices (terminal computers, servers, network security devices).

Check of Malicious Cyber Activities

Analysis of network device log files: check the log files of network and information safety devices such as firewall, prevention software; in case of suspicious behavior, check the connectivity and the status of devices involved.
Sniffers and analysis: Check the connectivity or DNS (domain name service) for malicious act, for example, check the communication with relay station (Command and Control, C&C) and the like.

Check Computers and Server Hosts of End Users

Check personal computers and server hosts for malwares or files; check the update of operating systems, office applications, antivirus software, Adobe and other applications.

Check the Security Settings

Directory server: check the password setting policy and the account lockout policy in the group policy of the directory server (such as MS AD).
Firewall: check the setup of firewall according to relevant security principles, and the connection between the source IP port and the destination IP port.

Threat Intelligence Service

Get in-depth, up-to-date global knowledge about specific threats and attack sources, which can be difficult to obtain if you only have access to information within your own networks. Enable your organization to: Block targeted attacks, Protect against phishing, Stop botnet attacks and Detect advanced persistent threats.

Service benefits

Real-time data feed – Threat Intelligence data feeds utilize widely supported STIX and TAXII formats, which makes it easy to integrate with existing SIEM tools. Integration helps to deliver the latest information on the threat landscape to predict and prevent threats before they strike.
Robust API – Threat Intelligence features a full API that is available for automation of reports, YARA rules and other functionalities to allow for integration with other systems used within organizations.
YARA rules – These allow organizations to set up custom rules to obtain company-specific information that security engineers are interested in. Organizations receive valuable details such as the number of times specific threats have been seen worldwide, URLs containing malicious code, malware behavior on the system, where it was detected, and more.

Problem and Solutoin

Businesses want to prevent infiltrations from being able to communicate in or out of their network.

Threat Intelligence proactively notifies security teams of the most recent targeted attacks and command and control (C&C) servers that have occurred elsewhere.
Threat intelligence provides TAXII feeds which can be connected to UTM devices to stop connectivity to or from malicious actors, thus preventing data leaks or damages.
Businesses input rules and mitigations to prevent the intrusion of malware into their organizations.

Test item details

Targeted malware report

Keeps the user informed about a potential attack that is under preparation or an ongoing attack aimed specifically against their organization. This report includes YARA rule strings, reputation information, similar binaries, file details, sandbox output and more.

Botnet activity report

Delivers regular and quantitative data about identified malware families and variants of botnet malware. The report provides actionable data that includes Command and Control (C&C) servers involved in botnet management, samples of botnets, global weekly statistics and a list of targets of this malware.

Forged SSL certificate report

Generated when detects a newly released SSL certificate by a certificate authority which has a very similar asset as the one provided by the customer during initial setup. This may include details such as upcoming phishing campaigns that are attempting to leverage this certificate. The report provides key attributes of the certificate, YARA matches and certificate data.

Targeted phishing report

Shows data about all phishing email activities targeted for the selected organization. The report provides phishing campaign information including campaign size, number of clients, URL screenshots, preview of phishing email, location of servers and much more.

Automated sample analysis report

Creates a custom report based on the submitted file or hash, which provides valuable information for fact-based decisions and incident investigations.

Domain feed

Features domains which are considered malicious including domain name, IP address, detection of file downloaded from URL and detection of file which was trying to access the URL.

Malicious file feed

Features executables which are considered malicious and recognizes and shares information such as SHA1, MD5, SHA256, detection, size and file format.

Botnet feed

Features three types of feeds that check more than 1,000+ targets per day including information on the botnet itself, servers involved and their targets. Data provided include items such as detection, hash, last alive, files downloaded, IP addresses, protocols and targets.

Managed Detection Response Service

Our Managed Detection Response Service provides integrated, fast & accurate responses. We move beyond perimeter and rule based detection by performing in depth and consistent monitoring and analyst driven analytics across endpoints, network, file access activities to quickly identify risk from internal and external threats.

Service benefits

Integrated, Fast & Accurate Responses – We take a multi-layered approach by integrating our continuous threat monitoring, pro-active hunting, threat intelligence and rapid response services to reduce the time to investigate, contain and disrupt attacks.
Global Threat Intelligence – We use our tactical and strategic intelligence derived through research conducted by our in house experts, and informed by our incident response services to contextualize log data with your threat profile, adversaries and victim intelligence to hunt for evidence of compromise.
Direct Engagement with Experts – We work as an extension to your team with a direct line of communication so you can easily raise questions or request investigative support and receive answers quickly. We work with you to deal with the threats together.

Managed Detection/ Response (MDR) Model

Test item details

Adopting a defence in depth architecture that focuses on prevention, detection, response and hunting will reduce the risk of a breach at each stage whilst hardening defences and improving response actions.

Prevention

Automated, real-time prevention of high-confidence threat activity.
Global Threat Intelligence Mapping.
Malware protection.
Protect unpatched systems against exploits/zero-day attacks.
Ransomware protection.
Static and Dynamic analysis of all executable code running on client’s estate.

Response

Containment and remediation actions of identified threats pushed within minutes with minimal business impact.
We act as an extension of client security teams, giving direct access to our analysts to collaboratively manage incidents.
Custom, automated collection of evidence data or removal of threats.

Detection

Near real-time detection of both commodity and sophisticated targeted attacks.
Recorded activity data is retained for 30 days to enable historical analysis and retro-hunt in seconds.
Customised detection rules.
Ingestion and correlation of SIEM alerts and other security tools.

Hunting

Dedicated per-client threat hunting hours.
Proactive, ongoing threat hunting, not just ‘alert validation’.
Full retro-hunt capability to automatically apply newly discovered threat intelligence back in time!
Monthly feedback and RCA sessions.
Recommendations based on hunt-operations – help the client improve over time.

Web Vulnerability Scanning

Vulnerability Scanning

Penetration Testing

Security Health Check

Threat Intelligence Service

Managed Detection Response

產品查詢

電話：(852) 2893 8860
E-mail:sales@version-2.com.hk