Talsion insider. A look into the company

Tuesday, February 11th, 2014

Datacenter 27001

datacenter

On February 1, 2014, we invested in one of Interxion’s data processing centres. This new platform, hosted in a data processing centre consistent with Standard 27001 and PCI – DSS certification constraints, allows us to guarantee a high level of protection of our customers’ computer data during the audit mission.

mars-small

In fact, within a period of two months following the end of the mission, all reports and other supports are systematically destroyed in order to reduce information leaks that may endanger the brand image or the security of our customers.

This new platform allows us to obtain significant outputs, facilitating the creation of advanced scenarios requiring more significant network resources or CPU than what is used for security missions usually requested by our customers. It also allows us to put forward new organisations and technologies centred on securing computer bays within outsourced data processing centres.

datacenter-interxion

This new architecture made up of over 80 physical and virtual servers provides us with the resources necessary to capture live applicative attacks or to model new attacks in the heart of our virtualized lab.

We are thus able to capture attacks targeting HTTP and HTTPS protocols directed at target servers located in several data processing centres around the planet.

Wednesday, January 8th, 2014

New missions

Upgrade

On June 2013, we launched a new dynamic to review in depth and improve our computer security missions. In fact, in some countries current events and massive computer espionage have greatly upset the typical vision of auditors concerning information systems protection and security.

Thus, we decided to create a new computer security mission: incursion test , based on the intervention of two auditors. Its goal is to study different axes at the heart of our clients’ information system, through a differential analysis of faults currently absent in penetration tests that are usually administered during computer security audit missions.

The incursion test is designed to meet the needs of nearly 98% of our customers who don’t really need an advanced penetration test. This very specific engagement will remain the subject of sensitive missions which may be performed following “Tiger Team” concepts.

test-incursion

The incursion test made up of the following blocks‬ :

– A penetration test,
– A vulnerability test,
– An architectural review,
– Interviews.

This new approach increases the length of our missions by about 40%, but it offers a unique view of the actual security level of a data perimeter within a controlled budget.

This innovative approach is accompanied by new tools that aid analysis through our penetration framework Nemesis and a new exchange platform covered by several patents in the process of being filed.

In December 2014, we hope to achieve a new version of the tests d’incursion based on feedback from our customers and reports that we will have been able to create in practice.