Services - Assessments

Check your IT security setup and get a clear view of your organisation’s cyber resilience along with advice on how to improve it.

At Arco IT we understand the digital challenges that you can encounter in your day to day activities, the often confusing variety of information that you receive about real or alleged cyber attacks, and the dangers your company faces when you are subjected to security threats.

We understand your company needs to be prepared for cyber attacks, to have the right systems and procedures in place, and to have an internal awareness of the potential consequences.

We can assess your IT security resilience and provide you with a clear view of the readiness of your security controls ability to respond to potential threats.

Arco IT has developed a set of procedures and actions to assess your IT security setup: Express Security Check, Security Check, Vulnerability Scan, Penetrating Test, and Threat Intelligence.


Express Security Check

Why? You’ve heard about the current security threats and would like a quick check to verify that the basics are covered in your company. You’re looking for a verification of proper setup of the key components of your security defense: multifactor-authentication, email security, web browsing security, endpoint malware management.

How? We come on-site, sit down with your IT specialists and review the current setup. On the basis of best practices and current threats, we make sure that the right measures are in place. If we find gaps in your defenses, we will show you how to resolve them or advise on temporary measures you can take until a permanent solution can be implemented.

Result: You get an understanding of what you already have in terms of a security minimum and what steps you might still have to take to ensure better protection for your resources. You gain knowledge of the viability of your current set-up. This ensures that the first steps of security have been taken.

Security Check

Why? You want to assure that your IT security setup is well aligned to your specific organizational needs, the current security threat landscape, as well as legal and compliance requirements. You want to understand the strengths and weaknesses of your current setup, in order to plan any necessary changes. You know that your stakeholders need a simple picture of the risks and threats you face. And you want recommendations for short-term, mid- and long-term actions that will help you keep things safe.

How? We first work with you to clarify the organizational context and strategic requirements. We then evaluate your IT security setup using industry standards (NIST CSF / CIS CSC). A detailed on-site security-check will take stock of your development in approximately 150 aspects of security grouped into 20 main categories, providing you with a holistic view. We evaluate your maturity in the areas of inventory management, endpoint (fixed & mobile), server security, networks, software development, data protection and many others. After that we show you how to address any remaining gaps that require attention and conclude with recommendations for implementation in both the short and long term.

Result: This extensive security check spotlights the gaps in your security setup and allows us to devise a comprehensive list of improvements to be made to your system. They provide guidance on the current state of IT management, and solid reasoning for your management and executives.

Vulnerability Scan

Why? Researches and hacker discover new vulnerabilities every day. Even if you’ve set up your systems initially in a secure way, new risks make them increasingly vulnerable. You want to make sure that your systems cannot be exploited by known attack methods. You want to feel comfortable that your security standards and your patch management leave no options for easy attacks by new malware.

How? Our continuous security scans check your servers and devices against daily updated lists of potential vulnerabilities. We test your internal systems as well as those systems exposed to the internet. After every scan you receive reports with details for every asset we scanned and every vulnerability we discovered, along with criticality ratings. Using these, you can plan and deploy configuration changes, patches or workarounds to protect your systems.

Result: You’re sure that your assets are in good shape and well protected from current exploits. You also know where your systems still have weaknesses so that you can keep these under closer supervision and take action more quickly if needed.

Penetration Testing

Why? Beyond the scan for known vulnerabilities, you want to test specific systems to prove that they cannot easily be hacked by an attacker. You’re ready to use an expert’s know-how and tailored work to put your system to a deep test of its defenses.

How? Just like hackers, our security specialists will try to break into your system using a combination of well-known attack methods as well as custom engineering. This will often include trying to get information through your employees. This is a manual and made-to-order process – just as in real life. Rather than only scanning your logical components for vulnerabilities, penetration testing is designed to seek then exploit the weak spots in your organizational, architectural, and environmental setups. Additionally, we can include a review of your system architecture and code base.

Result: The report of a penetration testing campaign shows how your company would fare in case of a serious and targeted attack on your system. You will know which technical and organizational aspects can lead to a security breach. You can plan actions to close the gaps.

Threat Intelligence

Why? Every day new avenues of exploit are becoming available to the attackers. Fortunately, security specialists are usually just as quick in detecting and preventing them and publishing these methods. We make sure we are continuously up to date with these methods so we can give your systems state-of-the-art protection. Our cutting edge expertise can also discover recent infections that were previously undetected.

How? We continuously monitor numerous channels to learn about new attack methods, trending malware campaigns and security recommendations. We coordinate with other players in the industry to exchange indicators of compromise and best practices for your protection. We use this to look for new kinds of threats to your systems and to check for current attacks or even successful infiltrations. Ultimately we advise on the best way to protect you from the new risks.

Result: Your organisation can be safer because you can identify attackers even if they are using previously published methods, giving you a better chance to avoid major damage from attacks.