The world around us is changing rapidly. Over twenty years ago ITsec was one the first independent ‘pentesting’ companies to enter the cyber security market. Remarkably, our field of expertise hasn’t changed that much over the years. For us, innovation is an absolute necessity to face the threats and challenges of today.
ITsec sees that organizations, sometimes the hard way, mature rapidly when it comes to cyber security. We see a shift from superficial security testing for compliance purposes towards testing to assess the inherent security level of an infrastructure and/or application. The next step is to structurally embed cyber security in the development lifecycle.
Organizations take security testing serious more often. Aiming at resilience and recovery. Penetrations testing and social engineering merge and real threats are simulated (red teaming). A field for which ITsec, together with sister company Insite Security, is very well equipped for. Important elements are ‘open source intelligence’ (OSINT) and ‘human intelligence’ (HUMINT).
The cyber security market is still very fragmented. In our opinion the market needs to mature more rapidly than their clients. To do so innovation is of vital importance. Our strategy is to make our knowledge scalable with artificial intelligence, cognitive technologies and machine learning. At this moment, we are working on an intelligent vulnerability management system. The goal is to develop an autonomous system.
Within ITsec graduates, clients/partners and our own professionals, daily, work in our Zero-day lab. From different angles, they do research on zero-days. A zero-day is an undisclosed vulnerability not known to the software’s author. We use the knowledge we gain here to make the world a little more secure and to continuously (improve the quality of) our services. Within the Zero-day lab we defined themes to work on: like connected cars, energy grid, electronic payments and aviation.
One of Insite Groep’s innovations is ‘Zerocopter’ (https://www.zerocopter.com), a software platform for continuously testing the security of web applications. Via Zerocopter you have access to the best security experts worldwide. The researchers of Zerocopter actively look for zero-days enabling organization to increase the level of security of a web applications even further. Zerocopter only reports real bugs and in an understandable way. You only pay when a real bug is found (no-cure-no-pay).