Web Availability and Defacement Monitoring

Our web defacement monitor system will remotely poll the monitored URL at a regular internal and compare it with a set of preset baselines. The results of the comparison put thorough our AI alogirthm will automatically sent out an alert to our 24x7 security operations team if it suspect that your web application has been defaced. Our security analysts will notify customer if a malicious activity has occurred.

Web Application Vulnerabilities Scanning

Web application attacks are carried out over HTTP and HTTPS; the same protocols that are used to deliver content to legitimate users. Yet web application attacks, both on free open-source software, such as WordPress, Drupal and Joomla!, as well as commercial or custom-built applications, can have repercussions that are the same, or worse than traditional network-based attacks.

We perform periodic web application vulnerability scanning with Acunetix Vulnerability Scanner.

Threat Hunting

Companies that only wait for their security information and event monitoring systems to alert them to anomalies will suffer from alerts fatigue, eventually ignore them and completely expose their network to risks.

Hackers may not be familiar with the network that they hack into, and they do things that the employees do not normally do. Kill-chain-based hunting with traffic trending tools will expose the abnormal behaviours in the network, and eventually break the attack chains and disrupt the hacking attempts.

eSOC Cloud SIEM and Onsite/Cloud Collector

The infrastructure that supports the web application must also be monitored and protected against malicious activities. This can be achieved with our Security Services Appliance (SSA) which is a collector, a IDS and a vulnerability scanner.

The SSA receives event logs from the firewall, IPS, web servers, database servers and correlates these events with the IDS signatures and threat feeds to generate actionable alarms.

Offensive Security

There are new vulnerabilities emerging each day and the cyber-attacks are getting much sophisticated. How can you be assured that your company has sufficient protection against the threat of compromised access?

Penetration Testing (aka Ethical Hacking) helps to uncover vulnerabilities by performing authorised hacking attempt targeting IT infrastructure and employees. The aim of penetration testing is to assist you to make the informed decisions to perform remediation actions to address these vulnerabilities.

Our Penetration consultants carry out the engagements based on the following standards:

​

The Open Web Application Security Project (OWASP)

The National Institute of Standards and Technology (NST)

Source Security Testing Methodology Manual (OSSTMM)

Incident Response

The overall cyber threat landscape has changed dramatically over the past 10 years. Cybersecurity related attacks have become frequent, complex and disruptive. Organizations must assume that their infrastructure are vulnerable and therefore it is becoming more important to have an effective Cyber Incident Response Plan to limit the damage, data lost, show compliance and increase stake holders confidence.

​

SiteSpade adopts a 7-step Incident Response Process that includes preparation, detection, containment, eradication, recovery and post-incident activities.