In the age of ever-growing cyber threats and security incidents, where your data are quickly becoming your most precious commodity, IT security has become essential. Not just for tech companies and critical infrastructures, but for all companies that use the tools of information technology for any aspect of their business. But in the age, where your adversaries vary from the 14-year-old, defacing your site out of pure boredom to the highly trained and well-funded, with the aim of continuous access to any valuable information from a business perspective, what is the way to keep your data your own? We at White Hat believe that every customer, every system and every device need a different approach, but along the same fundamental guidelines. Assess your valuables. Know your system. Monitor your network, equipment and even your users for vulnerabilities. Build up your defence. Train your people. And let us help you – every step of the way if need be, from research & development, security consulting and expert as a service, to actual incident response and handling as well as training.
Though our company is young – we are a Hungarian IT security start-up founded in 2018 with a 300K EUR starting investment – our core team consists of senior security experts of 15+ years of experience on the field. Over our professional careers we have gained a wide perspective on different areas of the IT security industry – from the governmental sector to corporate, from offensive skills to defence. Due to our broad horizon and different approach to every problem, we are able to find possible threats, probable vulnerabilities and definite adversaries more effectively. We love to do – we are agile and dynamic; and of the strong opinion that although thorough preparations and excellent communications with the customer along the way are as essential as the proper documentation – these are still just the support processes of improving your security. Because at the end of the day the fact that you know what to expect and how to react is infinitely better than having a stamp of approval.
Blue teaming includes the assessment of our customers’ defensive capabilities and advising on their enhancement. This means blue team development and establishment on the premises, with a strong focus on the Corporate Defence Strategy that encompasses Blue team strategy as well as any additional process management needs (emergency incident response, SOC establishment, virtual CISO). We help identify the key roles needed for your team, but also gain the practical knowledge you need to have, such as how to detect an attack, how to filter and prioritize threats based on time-sensitivity and criticality, collect forensic data, perform data analysis and ultimately make your company able to predict and avert future attacks, and mitigate threats.
In order to assess a corporate network’s security status, the outsider view is often the most effective. We offer a wide range of challenges to your operations, from full-scope adversary simulation to insider data breach detection and exercises designed to test the vulnerability of only certain elements of the infrastructure. Our team has in-depth tactical offensive knowledge and a thorough understanding of the building blocks of security: the physical, the people and the technology. We offer one-time as well as recurrent red teaming, and also as a subsidiary service of blue teaming, at the end of which we assess our findings and help you with our suggestions for improvement.
While your organisational security can best be tested by red teaming and best defended by a blue team, the individual elements of your product line, or cornerstones of your service may be IoTs, applications or software that need a different approach. Our team of experts will help you identify the weaknesses and possible exploitable areas and aspects of your product or service, and consequently help you improve your technology for your and your customers’ benefit. This allows you to pinpoint and eliminate security flaws, thus avoiding system compromise, data loss, data corruption, theft of intellectual property, theft of sensitive data, loss of service, or a myriad of other adverse consequences. We offer penetration testing and in-depth vulnerability research in industrial equipment, critical infrastructure elements, embedded devices, IoTs, financial or other specialized or corporate applications.
Whether you maintain a critical infrastructure, keep highly sensitive data, or just operate on a competitive field where business secrets are a valuable commodity, you need to be aware that some adversaries cause no physical damage – they just silently infiltrate your network with the goal of long-term data collection. Due to our unique mindset, our team is more than capable of analysing any indicators and suspicious elements, discovering a possible breach on your system, assessing the extent to which the network is compromised, and the quality and quantity of information possibly gathered by the adversaries. Our deep knowledge of malicious threat actors and their behaviour patterns allows us to effectively identify and permanently remove those, who have come to stay.
Our goal is to help the future generation with a high-quality defensive training integrated into the postgraduate degree level education programme. We have devised the training to include all key elements of any defensive role our students wish to proceed with, so if they finish successfully they will have knowledge and skills of real-life value. The training is in cooperation with one of the most prestigious universities offering IT higher education. It is a four-semester course that ends with a high-level, competence-based examination process. Those who have passed receive an international certification. The training starts in the second (spring) semester of this academic year, February 2019. For more information email us or check back later.
White Hat IT Security
+36 20 387 3161
1021 Budapest, Ötvös János u. 3.