Security
in a digital world

ISEC is a Polish company providing highly specialised
services and solutions to cybersecurity and
data protection problems

We perform professional vulnerability assessments
of IT systems and applications, and provide
dedicated solutions for information security

Application
Security

Regular security assessments of IT systems
and applications are essential for effective
protection of information processed within them

Penetration Tests

We support our Clients in pursuing the highest IT security standards

We evaluate security level of IT systems and applications. We also test their compliance with client's security requirements. Besides identifying vulnerabilities we verify business logic implementation (e.g. workflows) and security mechanisms (e.g. access control). We have wide experience in testing of solutions in the following areas: web and mobile applications (iOS, Android, Windows Phone), network devices and services, operating systems (Unix/Linux, BSD, Microsoft Windows, OS X), thick-client software, and embedded systems.

Source Code Audits

We provide low-level software vulnerability analyses

Our vast experience in security research lets us carry out in-depth audits of the source code. During such low-level assessments (based on a so-called white-box methods) we can report bugs which are invisible with a high-level approach (i.e. black-box). We are fluent in the following programming languages: C, C++, Objective-C, PHP, Java, Python, and Perl. Our researchers also demonstrate a remarkable level of expertise in discovering backdoors (i.e. hidden methods of gaining unauthorised access to a system).

Post-incident Analysis

We provide professional assistance in investigations of complex cases, e.g system compromise or data theft

Deep knowledge about threat actors and their modi operandi enables us to reconstruct attackers' activities and investigate IT systems against possible traces of malicious actions. We collect digital evidence following the chain of custody, and perform analysis aimed at determining the time, vector, methods and scope of unauthorised access. We share our knowledge and experience with customers in Poland and abroad, and law enforcement representatives.

Research & Development

We strive to find tailor-made solutions to our Clients' security challenges

Upon our Clients' non-standard requests, we provide innovative solutions based on our creativity and ability to discover. Thanks to our vast experience in various fields (e.g. programming, security research, computer forensics, system and network administration, information security management and auditing), we are well prepared to support our Clients in tackling security challenges, not easily handled with standard procedures or COTS.

Project Support

We share our knowledge and experience to ensure project security

We support our Clients during their projects by providing assistance in defining security requirements (including regulatory ones), designing secure architecture, implementation of security controls, and verification of systems' compliance with security objectives. We have had many opportunities to work together with software analysts and designers, developers and administrators, regulatory and business units.

Business
Security

Organisation's success depends more and more
on the ability to effectively manage its security

Compliance Audits

We assess compliance of processes and IT systems with security requirements

We help our Clients improve their processes and IT systems by identifying lack of their compliance with internal and external regulations, and by recommending corrective steps. We help manage associated risks, draw and follow the roadmap to compliance. We support our Clients in building and improving audit function within their organisations.

Consulting

We evaluate maturity and security level of processes

We provide services aimed at the assessment of maturity of information security-related processes (e.g. access control, 3rd-party supervision), along with the evaluation of efficiency of security controls within the business processes (e.g. sales, customer care) and operations (e.g. HR, purchasing, communications). We advise our Clients on how to organise IT and information security management in a cost-effective manner.

Social-Engineering

We identify weak points in security awareness among the staff

Our assessments utilising social-engineering methods aim at exploitation of human nature vulnerabilities and low security awareness together with inefficient technical security controls. We simulate real-life attacks that show our Clients, how their security mechanisms can be bypassed in order to sneak into their organisation's infrastructure and gain unauthorised access to their valuable information.

Threat Intelligence

We collect and analyse hard-to-reach information necessary to solve our Clients' complex security problems

We help our Clients in solving their unusual and complicated problems that require non-standard approach and unique skills. Our support aims to fill in the knowledge gaps in wider investigations of cybercrime, data breaches, ransomware infections, dark PR, and other types of crime, unfair competition or just some bad luck.