Consulting and training

"bugsweep" offers clients consulting and training services against technical surveillance attacks.

The services rendered in this area are the product of extensive hands-on experience with such investigations and the provision of operational solutions against different types of hackers. Experience indicates that the potential hacker will try and exploit weaknesses in the target of the attack. A smart hacker invests resources in locating vulnerabilities in the target of the attack, and will wait as long as necessary for an opportune moment to carry out the malicious scheme. The more professional the hacker, the more efficient his efforts and the more effective his actions, and the higher the quality of the information that he will succeed in laying his hands on, over a longer period. In some cases, due to constraints, the hacker will decide to act without meticulous preparation, even at the expense of the risk that he takes upon himself. In such cases, the hacker will generally select the easiest and most accessible vulnerability as the target for attack.

The guiding principles of preventive action, in our view, are:

  1. In-depth acquaintance with the vulnerability of all the system components, individually.
  2. Examination of the system's vulnerability and weaknesses as a whole.
  3. Preparation of an action plan.
  4. Binding implementation.
  5. Operation of auditing and control tools on a current basis capable of monitoring failures in real time.
  6. Response and suitable intervention in the event of failures.
  7. Evaluations of the situation

Methodology

The risk analysis and risk management approach at "bugsweep" is based on ERM (Enterprise Risk Management) i.e. "an integrated and comprehensive approach to risk management". We have found this approach best suited to this area, for three main reasons:

  1. A commitment on the part of senior management to assume responsibility for processes and results.
  2. Organization-wide processes that enable synchronization within the system.
  3. Continuous use of control and auditing tools enabling immediate monitoring of failures.

As part of our services, we offer clients a package comprising the following components:

  1. Learning and becoming acquainted with the object.
  2. Preparation of a risk and vulnerability analysis, and issuing of recommendations.
  3. Formulation of a plan.
  4. Deployment, implementation and training.