Consultancy

Contego Solutions provides consultancy services for Vulnerability Assessment & Penetration Testing, Website Monitoring & Defacement, Source Code Review, Road map & Compliance (ISO/PCI), Incident Response and Digital Forensic. Contego Solutions is the leading provider of high technology solutions and consultancy services focused into Digital Forensics, Incident response, IT security technologies. The company offers consulting technology services and solutions to Governments, Law-enforcement and private sectors.

Several key strengths distinguish Contego in the Digital Forensic and IT security marketplace. The key strengths are: extensive Communications and IT industry expertise; superior track record in delivering consulting services; domain-based consulting methodologies; and a history of business and technology innovation.

Contego Solutions is well spread out in the consulting and contracting space. Through our Consultancy Services department we provide full-life cycle services including

  • Incident response advisory
  • Digital Forensic LAB design and advisory
  • Vulnerability Assessment and Penetration Testing services

Contego Solutions approach is based on global security best practices including NIST, SANS PIC DSS and ISO 270001/2. Our Security Consultants will assess Technology, People and Processes for security vulnerabilities.

Read More

Our goal is to identify weaknesses in the network from external and internal point of view, as well as provide suggestions on how to mitigate potential problem. Our security vulnerability testing service can answer the following questions:

  • Could a hacker access your network or your corporate critical information?
  • Is your corporate network vulnerable to an attack or compromise?
  • Are your internet facing systems protected from attacks?
  • Could your wireless network provide a backdoor to your systems?
  • Could an attacker steal financial and critical information from your servers?
  • Are all your applications secured from inside and outside access?
  • Are your security staff aware?

The Methodology for the VA/PT testing is based on established standards and can be summarized as below:

External black-box vulnerability assessment

Exercise in which the vendor tries to circumvent the application and the supporting components technical security controls with minimum initial knowledge (only the targeted IP or URLs to be provided as a starting point). The attacks are expected to involve both automated scans and manual testing. The exercise is defined as external which means that the vendor shell perform the test from workstations not directly connected to the customer corporate network.

Internal gray-box vulnerability assessment

Exercise in which the vendor tries to circumvent the application and the supporting components security controls with credentials providing authenticated access to the tested system. The attacks are expected to involve both automated scans and manual testing. The exercise is defined as internal which means that the vendor shell perform the tests from workstations connected to the customer corporate network.

Please contact us to evaluate your requirements and offerings…

  • Website Monitoring and Defacement services

Websites today are increasingly getting more complex and rely on many critical parts that can be vulnerable to multiple hacking vectors. When such an incident happens; it not only destroys your online viewership but also exposes your clients and site visitors to malware, phishing and inappropriate content.

Read More

Consider the fact that more than 6,600 websites are getting hacked every single day. These legitimate websites are turned into distributors of malware by malicious hackers.

Based in Dubai, UAE, active 24x7x365 and staffed with qualified Engineers with the latest innovative tools to do its job.

Operating 24 hours a day, 7 days a week, the NOC is designed to monitor, identify and solve any kind of system or user issues. The NOC is fully equipped with sophisticated network management, monitoring and analysis and Cybersecurity tools. It is available to all Managed clients and its trained staff answers all their calls, questions and inquiries.

All problems are tracked in an online Trouble Ticketing System. The customer will be assigned a Trouble Ticket Number to ensure proper follow-up. The NOC monitors all servers, backbones and network devices. It looks at error, security and operations logs to get alerted to any impending issues. The NOC’s continuous monitoring services enable its engineers to identify potential issues so that they can address them before there is a problem.

The NOC ensures the continuous and efficient operation of servers and services while providing high quality support for our clients. The NOC staff troubleshoot all network and systems related problems and any user related issues. They are available 24x7x365 to address any issue that may arise.

Please contact us to assess you website now…

  • Source code Review services.

We have a subscription-based Static Application Security Testing (SAST) solution, directly inspecting source code for vulnerabilities.

Read More

We directly assesses source code and gives developers accurate vulnerability data, enabling them to assess and fix code continuously throughout the software development lifecycle (SDLC) includes verification of all vulnerabilities by our Research Center.

We have a designed solution from the ground up to address the unique characteristics of SAST. Source code assessment permits the discovery of vulnerabilities that are harder to detect in production, and by doing assessments in the development phase, vulnerabilities may be remediated earlier.

Advantages:

Preservation of Intellectual Property: No need for source code, the foundation of any business, to leave the premises.

As a SaaS based service, it enables continuous update of attack vectors via Rule Packs that identify and verify vulnerabilities – this ensures that developers stay up-to-date on the latest attacks.

Easy to set up and use: No need for in-house training or security expertise.

Vulnerabilities Assessed by our experts

Delivered through a SaaS model, Contego identifies and custom tests each Web application to identify the most common vulnerabilities such as those in the OWASP Top 10 and WASC Threat Classification, including SQL injection and cross-site scripting (XSS).

Contact us for more details…

  • Roadmap and Compliance (ISO/PCI) services

ISO 27001 / ISO 27002 & PCI DSS SECURITY CONSULTING SERVICES
Contego Solutions Consultants are specialized in different Security Compliance frameworks including PCI DSS, ISO 27001/27002. Our Consultants can assist organizations with compliance, implementation and training. The following is Contego Solutions approach and methodology in assisting clients towards attaining compliance:

Read More

Phase 1: Scoping &Gap Analysis
Scoping a compliance project is very critical and a key fundamental part of any compliance project. Contego Solutions will work with clients to identify all relevant business processes which would be part of the compliance strategy. After the scoping, our specialized consultants will conduct a full assessment of existing security processes and an IT network architecture review. A Risk Assessment will also be conducted to evaluate the security risk of existing business processes.

Phase 2: Risk Assessment Key Findings &Roadmap Report
A roadmap highlighting key findings discovered in phase 1 including assigned risk level (High, Medium, Low) and remediation plan of action to attain compliance with PCI DSS & ISO 27001/27002 which will be presented in a detailed report to the client.

Phase 3: Implementation and Remediation Phase
Project Management of remediation activities based on the PCI DSS, ISO 27001/27002 and other security compliance programs. Contego Solutions will assist the client in project managing the implementation roadmap and will make any technical recommendations to close any gaps mentioned in the report and to recommend solutions to ensure that proper security controls are put in place in compliance with the PCI DSS Compliance and the ISO 27001/27002 standard.

Please contact us for more details.

For all our services we utilize Contego Methodologies developed and delivered to our customers via carefully understanding and applying the most innovative, value-driven solutions and best-practices in the industry.

Please feel free to contact us to schedule meeting with you and evaluate your requirements.