«security is not a technology challenge. if it were
TRANSCRIPT
«Security is not a technology challenge.
If it were, technology would have fixed the problems a long time ago. Security is a people challenge, a social and organizational challenge.
It’s a Cultural challenge.»
Offensive Security Certified Professional
Offensive Security Wireless Professional
ISACA Certified in Risk and Information Systems Control
European Security Academy OSINT & Darkweb Investigations
EC-Council Certified IncidentHandler
eLearnSecurity Web application Penetration Tester
eLearnSecurity Web application Penetration Tester eXtreme
eLearnSecurity Certified Professional Penetration Tester
Pentester Academy Certified Red Teaming Expert
EC-Council Certified Ethical Hacker
PRINCE2® Projects in ControlledEnvironments
We are living in an era of technological evolution that, while creating newopportunities for companies, also exposes them to new dangers.
Having a clear awareness of the risks inherent in technological evolution is justas important as understanding the benefits.
IMQ Intuity proposes a different approach to cybersecurity, challenging thestatus-quo of technology as the solution to a problem that is more and morelinked to human actions and the social context in which they take place.
This objective can be achieved through the realization that IT security must beapproached from a cultural point of view, putting people at the center of thecorporate security process, also known as People Centric Security.
Focusing only on technology is always a losing strategy because a technologycentric approach to cybersecurity will inevitably be bypassed by uncontrolledhuman behavior.
AB
OU
TU
S
PERSONAL & COMPANY CERTIFICATIONS
D.R.E.A.M.S.
«A winner is a dreamer who never gives up»
Nelson Mandela
IMQ Intuity is a company that places people at the center of its mission andservices because companies are made first and foremost of people.
From this awareness originates the culture of IMQ Intuity, represented by thefollowing principles:
DIVERSITY: We want to be different and make our uniqueness a value.
RESPECT: We respect the rules, we respect our customer and partners, and we
respect IMQ Intuity and our colleagues.
ETHICS: We help our customers and we do nothing to harm them in any way.
AUTHORITATIVENESS: We are competent and always will be.
MOTIVATION: We do the things we believe in and that we believe are useful.
SUPPORT: We help each other and together we help our customers.
We are aware of how much our activity requires a professional attitude thatgoes beyond mere technical expertise. As such, each member of the IMQIntuity team must sign a strict code of ethics that clearly defines obligationsand commitments:
https://www.intuity.it/en/code-of-ethics/
IMQ
INTU
ITY
CU
LTU
RE
AP
PR
OA
CH LOOKING AT THE CUSTOMER’S SECURITY THROUGH
THE EYES OF A HACKER
Looking at businesses through the eyes of a hacker means considering them asan interdependent set of People, Culture, and Technology.
Each of these elements has its own vulnerabilities and the attacker knowsthem, periodically trying the most effective way to exploit them, traditionallyfocusing on technological weaknesses but increasingly exploiting human ones.
Putting people at the center of the security challenge is what we call PeopleCentric Security. This is the only approach that can build a viable defense thatconsiders all vulnerabilities, both human and technological.
Security Culture
People
Technology
CYBERSECURITY
SECURITY CULTURE
Sharing the same security culture means having a common way of seeingthings, of behaving, and of acting towards IT security, across all corporate roles.
Information security is a problem that companies have to face in order to growtheir competitiveness in a world where computing is ubiquitous and cross-sectoral.
Cybersecurity must rise to the same level, a task that involves all layers of thecompany where everyone plays their part.
5 FUNDAMENT CONCEPTS OF«HIGH RELIABILITY SECURITY CULTURE»
PE
OP
LEC
EN
TRIC
SE
CU
RIT
Y
REWARD PROBLEM REPORTINGEnhancing user proactivity increases the “sensors" in your company.
SHARE INFORMATION ABOUT FAILURESCommunication between colleagues can bring out situations of risk and suggest solutions.
ANTICIPATE FAILURESIs priority detecting a problem before it causes damage to the Company.
LEARN FROM MISTAKESEstablishing moments of confrontation after any security incident avoids repeating the same errors and preventing similar ones.
SEEK OUT PROBLEMSKnow the threats, the weaknesses and how these can impact the business.
THE TEAM
We believe in the value of collaboration.
We work with sector-leading companies to offer unique market offerings,where each partner brings their own expertise and value.
We have customers in all sectors, each with their own specific needs.
IMQ
INTU
ITY
EC
OS
YS
TEM
Security Advisor | Ethical Hacker
Security Specialist | Security Trainer
Technology Specialist
System Integrator
Software Developer
Web Developer
Business Coaching
Legal
Privacy
GDPR | 231
Anthropologist
Psychologist
BUSINESS PARTNER
VALUE ENHANCER PARTNER
TECHNOLOGY SOLUTIONS
PUBLIC SECTOR/GOVERNMENT
MANUFACTURING SPORT
BROADCASTING/ ENTERTAINMENT
FINANCE/BANKINGARMY
MARITIMETRANSPORT
AUTOMOTIVE
CHEMICAL/ PHARMA
HEALTH SECTOR
EDUCATION
DIGITAL SERVICESRETAIL
AIRLINE
TRANSPORT SERVICE
FOOD
INSURANCE
eIDAS (SPID)
“Make your life a dream, and a dream a reality.”Antoine de Saint-Exupéry
RE
D T
EA
M VS
BLU
E T
EA
M
IMQ Intuity’s method of attack vs defense aims to activate a virtuous circle thatexploits information derived from the RED TEAM service’s attack simulationactivities to raise the level of corporate security. This leads to a deeperunderstanding of the problems and to the implementation of preventive andmitigation measures with help from the BLUE TEAM.
This continuous process of attack vs. defense is for IMQ Intuity the best modelto follow in order to implement an effective defense system that, by combininginfrastructure and people, can effectively protect the business from any type ofattack, present and future.
«If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every
victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will
succumb in every battle.»
Sun Tzu – Art of war
ATTACK
INFRASTRUCTURE
Attack the IT infrastructure
PEOPLE
Attackingpeople
PHYSICAL
Attack the physicalinfrastructure
DEFENSE
HACKING INFRASTRUCTURE
Services focused on IT infrastructure
HACKING PEOPLE
People-focusedservices
HACKING DEFENSE
Services focused on improving the level of
protection
HACKING CULTURE: D.R.E.A.M.
Hacking for us represents a process of transformation. A hacker, in its original meaning, is one whodestroys to recreate, who studies to improve, who adapts the context to their needs.
Hacking Infrastructure, Hacking People, Hacking Defense, and Hacking Culture embody thispositive and creative spirit, the opposite of the mainstream "bad hacker", represented instead by theRed Team service.
IMQ
INTU
ITY
D.R
.E.A
.M.
DIAGNOSISHighlight gaps in your company's IT security culture with the goal of encouragingchange.
REVELATIONShare results to motivate staff to play an active role in protecting the company fromcybersecurity threats.
EDUCATIONImprove knowledge and awareness of cybersecurity by involving each member of thecompany.
ACTIONIncrease the company's level of protection by introducing supporting tools andprocesses.
MONITORVerify improvements introduced in the previous steps to increase detection andreaction capabilities to trigger a continuous improvement process.
A TRANSFORMATION PROCESS FOR A«HIGH RELIABILITY SECURITY CULTURE»
We believe that security culture is the best tool to counter cybersecurity risk.That’s why we’ve developed D.R.E.A.M., a cultural transformation path forcompanies.
We believe in a person's ability to understand their own role in this dailychallenge that increasingly transcends the professional sphere and enters therealm of private life.
We believe that talking about the problem of cybersecurity and itsconsequences, involving everyone, sharing information, and learning frommistakes is the best way to approach it.
D.R.E.A.M.
is not a service, but rather a vision rooted in our beliefs and crafted by what we do.
THE CULTURAL TRANSFORMATION PATH
The cultural transformation path of D.R.E.A.M. is represented below in an example of a one-yearproject. The timeline represents one possible flow of activities, but it is always possible to customizethe timeline according to specific business needs.
RE
D T
EA
M
OF
FE
NS
IVE
SE
CU
RIT
YIMQ Intuity's RED TEAM service helps customers determine if their securitystrategy can effectively counter a cutting-edge cyber attack by looking at thecustomer’s security through the eyes of a hacker.
Adopting the techniques and mental processes of real attackers, IMQ Intuiy'sRed Team service explores all aspects of the corporate security setup:
• Network Infrastructure.• Application Security.• Human Behavior.• Physical Security.• Business processes.
For the client it represents an opportunity to broaden their awareness of thetechniques and procedures used by attackers, with the ultimate goal ofincreasing their security and refining their detection and reaction skills.
We give you the chance to take a look into the future, to understand what might happen
SERVICES FOR YOUR BUSINESS
EFFICACY Evaluate the effectiveness of existingtechnological solutions and organizationalmeasures.
REACTION Measure reactions to intrusion attemptsand other security incidents.
AWARENESS Obtain a broader and more detailedunderstanding of your organization’s security level.
IMPROVEMENT Improve your security with acorrective plan based on objective evidence.
The HACK IN A DAY service carries out a
simulated computer attack lasting one day, using core RED TEAM
operating methods
ATTACK METHODOLOGIES
PHYSICAL ATTACKUnauthorized access to the premises can expose the company to significant risks. The Red Team service uses various techniques including Social Engineering techniques such as impersonation to test the effectiveness of the company’s physical security.
HUMAN ATTACK
Looking at a company through the eyes of a hacker also means trying toexploit the human factor, which is why Red Team service includes SocialEngineering activities such as Phishing Campaigns, Impersonation andBaiting.
OSINT
IMQ Intuity, thanks to particular techniques such as Open SourceINTelligence (OSINT), performs in-depth research on the company and itsemployees to understand the target, to prepare an attack and to determinewhether the company exposes information that presents a business risk.
INFRASTRUCTURE ATTACK
The Red Team tries to penetrate corporate security by exploitingvulnerabilities in the IT infrastructure or, as is increasingly the case, in web-based applications.
PROCESS EVALUATIONThe results obtained from the Red Team service provide objective data that can be used to assess the adequacy of IT business processes, highlighting critical issues that have an impact on security.
WHITEBOARD ATTACKThe objective is to assess the client's ability to react in a series of simulated scenarios that represent real situations. This activity is carried out through a role-playing game in which attackers (IMQ Intuity) and defenders (client) sit around a table and challenge each other.
DE
FE
NS
IVE
SE
CU
RIT
YB
LUE
TE
AM
OBJECTIVES OF THE BLUE TEAM SERVICES
AWARENESSIncrease internal awareness:
make the human factor a key element for the security of the business
PROTECTIONEnsure corporate security:
to correct the most critical vulnerabilities, strengthen technological safeguards, and monitor and respond to risk situations
COMPLIANCECorrectly comply with the required regulations and standards:
ISO27001, PCI-DSS, AgID, internal compliance.
IMQ Intuity’s BLUE TEAM services allow you to increase your security as well asyour compliance with standards and regulations.
It brings you up to speed on your current issues and how they impact yourreality, helping you manage all aspects of security with a modern and proactiveapproach and implement an effective protection strategy.
HACKING INFRASTRUCTURE
VULNERABILITY ASSESSMENT & PENETRATION TESTWe look at how technological vulnerabilities can be exploited and what consequences they can have foryour business. We test systems, Wi-Fi, apps, and source code.
WEB E MOBILE APPLICATION VULNERABILITY ASSESSMENT & PENETRATION TESTWe look for vulnerabilities in your company's web and mobile applications.
DoS/DDoSWe test applications and infrastructure to assess the level of resilience against DoS/DDoS attacks.
HACKING PEOPLE
SECURITY ASSESSMENTOur service is developed according to the CIS20 model to assess the level of corporate IT security, whichcan also be compared with other standards such as: ISO27001, NIST, PCI DSS.
SOCIAL ENGINEERINGWe exploit human vulnerabilities to launch an attack on the company and provide evidence of criticalpeople-related issues using phishing, impersonation, baiting, tailgating and piggybacking techniques.
SECURITY AWARENESSIMQ Intuity's training services provides employees with the basic skills to face cybersecurity threatsknowledgeably and autonomously, with training courses aimed at both technical and non-technicalpersonnel, often employing gamification.
ADVISORS/CONSULTANCYWe help companies correctly approach cybersecurity, directing them towards the specific path that bestmatches their own particular needs.
HACKING DEFENSE
IN.SIGHT (INCIDENT, DETECTION & RESPONSE)We offer services for the detection and management of computer incidents.
THREAT INTELLIGENCEWe study phenomena that could pose risks to a company or to a specific sector.We update our customers and their technologies with the latest cybersecurity findings to protect thembefore a problem even arises.
TECHNOLOGY SOLUTIONSWe select the most innovative and effective technologies to increase the safety of our customers.
NetworkDevice
Endpoint
Application Security Device
Intruder TrapHoneypot
Mobile Device
Remote Worker
Cloud Service
NetworkTraffic IN.SIGHT
INC
IDE
NT
DE
TEC
TIO
N
& R
ES
PO
NS
E
IN.S
IGH
T
The IN.SIGHT Service was born from the awareness,matured in the provision of Red Team services, of themethods, tools and procedures used during a cyberattack and, consequently, the most effective strategiesto detect and block it.
For this reason, the IN.SIGHT service is provided byboth analysts and ethical hackers.
EVENT SOURCELet's check what's going on inside and outside your company:
TECHNOLOGY SOLUTIONSEach company has its own history and culture, target market and business priorities and, consequently,different levels of risk appetite.
We select the best and most innovative technologies to integrate into our defensive security (BLUE TEAM)services, with the aim of offering customers the most effective and appropriate solutions for their businessneeds.
Selecting the right service and the right technological solution to counter risks uncovered by assessmentactivities (RED TEAM) is essential to creating an effective and sustainable security plan.
We collaborate with market leaders to tackle this challenge together.
We manage application and infrastructure vulnerabilities. We monitor the current state of security with a market-leading SIEM.
We help you improve the development process of your industrial and IoT products, guaranteeing you and your customers safety by design.
We monitor who does what, where and how often in the IT infrastructure to increase security and respond to compliance issues.
We detect critical issues in web applications before they become a risk to your business.
We constantly monitor the presence of sensitive information on the web and dark web, to act before it can be used against your organization.
We securely and intelligently manage one of the most critical security assets: passwords.
We provide, on-demand or ASaS, one of the most powerful OSINT search engines on the web, deep and darkweb, because if there is information that concerns you it is right that you know it.
We protect your airspace from the latest threat to security and privacy: drones.
We protect your data from intentional or accidental theft with a DLP solution that's both revolutionary and easy to implement.
We train your staff using one of the best Security Awareness platforms for simulating phishing attacks.
KN
OW
BE4
En
able
s yo
ur
emp
loye
es t
o m
ake
smar
ter
secu
rity
dec
isio
ns,
eve
ry d
ayIMQ Intuity has found in KnowBe4 the right partner for the provision of itsSecurity Awareness services.
IMQ Intuity, in fact, thanks to the KnowBe4 platform, offers companies thebenefit of making their users more responsible and aware in the use of worktools, guaranteeing individuals a more fun and engaging learning experience.
Based on the experience and valuable contribution of Kevin Mitnick, hacker andpioneer of Social Engineering, the platform promotes awareness raising and stafftraining on the most modern social engineering threats, aimed at exploiting theweaknesses of the human factor.
BENEFITS
IMQ Intuity using the KnowBe4 platform is able to create a customized SecurityAwareness path according to the customer's needs, guaranteeing:
Reduction in loss of business data.
Reduction of information theft.
Greater attention of the user towards cyber threats.
Major individual user security.
Reduction of malware infections.
With more than 30,000 customers, KnowBe4 positions itself as a leader in Gartner's MagicQuadrant for its Security Awareness services, offering companies one of the best SecurityAwareness platforms for simulating phishing attacks and training staff on topics ranging fromcompliance cybersecurity.
KnowBe4 aims to improve the most important line of defense in the business environment: employees.
THE SOLUTION
BASELINE TESTINGThe KnowBe4 platform allows you to run simulatedPhishing campaigns, with the aim of establishing the levelof success and impact that attacks of this type would haveon the company.
TRAIN YOUR USERS
companies are offered a library of multimedia content ofdifferent types, to increase internal awareness: interactivetraining modules, videos, TV series, posters, newsletters,etc.
PHISH YOUR USERS
Finally, the ability to activate automated and recursivePhishing campaigns to keep staff attentive to theproblem of Phishing, even at the end of the trainingcourse.
SEE THE RESULTS
The platform provides for detailed reports on the results ofsimulations, statistical data on the progress of trainingand the level of awareness gained.
ITALY - PADOVA
Via Ceron, 2, [email protected]
Ph. +39 049 817 0850
www.intuity.it/en
UAE – DUBAI - DAFZA
Bldg. 6WA Office [email protected] | [email protected]
Ph. +971 (0)4 25 25 475
www.imq.it/en
HEADQUARTERS ITALY | MILANO