Audit &
Assessment

Consulting & Integration

Detection & Incident Response

Training &
Awareness

Alert &
Warning

By its human scale, its expert resources selected with great care and strategic partnerships, Brightway has flexible operation centered on customer interest and delivers quality services. Convinced that security should not be a luxury or second necessity service, everything is done to ensure that clients’ budgets are respected.

« Give yourself the means to succeed thanks to our expertise »

AUDIT & ASSESSMENT

The first step towards securing its data is the knowledge of its information system, weaknesses, vulnerabilities, threats around it and risks to these shortcomings.

Knowledge of the Information System inevitably involves an audit of all or part of it, by means of :

  • Organizational audit
  • Process auditing
  • Compliance audit (to Security Policy and/or to regulation)
  • Technical audit of infrastructures
  • Technical audit of network and application security (source code audit, internal / external penetration test, etc.)
  • Employee maturity audit

CONSULTING & INTEGRATION

Once the weaknesses have been identified, Brightway provides support for security and / or infrastructure managers in order to establish priority action plans and put them into practice.

Examples of services that can be provided by Brightway teams :

  • Implementation of the documentary corpus : IS security policy (ISSP), Business Recovery Plan (BRP), Business Continuity Plan (PCA), Incident Response Plan (IRP), etc.
  • Study and proposal of secure IS architecture (on premise / Cloud)
  • IT infrastructure / Security project management ;
  • Installation of IS security equipment: firewall, IDS / IPS probe, etc.
  • Risk analysis

Alert
& Warning

As cyber security is not a temporary purpose but an ongoing process, it is important to remain watchful on new emerging threats and vulnerabilities that appear daily.

To this end, Brightway experts alert you about recently discovered news: cyberthreats and vulnerabilities; and this, with an action plan and advices to adapt and adjust your protection in an anticipated and prioritized manner.

DETECTION
& INCIDENT RESPONSE

Once all the protections are in place, organizations must now acquire means of detection, analysis and response allowing them to detect abnormal behavior, to fight efficiently and quickly against cyber attacks while meeting the standards in force regarding security log retention.

As part of this operational security management, Brightway operates as Managed Security Services Provider (MSSP) by offering its Security Operation Center (SOC) to:

  • Ensure a monitoring activity on cyber threats (Cyber Threat Intelligence) targeting your information systems, in particular new unpatched vulnerabilities (0-day), new malwares, phishing campaigns targeting your employees / customers, data leaks and hacking operations.
  • Carry out regular network and application vulnerability scans to identify and correct vulnerabilities threatening your IS boundary exposure area security.
  • Monitor security events threatening your information and assets’ confidentiality, availability and integrity in order to alert you in case of an occured incident: this is achieved by the monitoring scope definition, assets (servers, equipment networks, applications, etc.) selection, identifying potential risks, setting up the generation of relevant logs, creating detection rules and defining report means
  • React to incidents, assist and support you in order to restore, as quickly as possible, regular service, minimize the incident impact, identify the attack source and assess the incident impact. At the end of the intervention, a report describing the incident and recommendations for remediation will be delivered

TRAINING & AWARENESS

It has become known that the weakest link in the information security chain is the human. On this basis, Brightway offers support to its clients in raising the IS security knowledge level by providing both:

  • Training for a seasoned audience in IT and even IT security. This training can be technical or managerial in several areas of IS security; some are intended to prepare professional certifications such as CEH, CHFI, ISO 27001 LA, ISO 27001 LI, ISO 27005 RM, web application security, network penetration tests, malware analysis, incident response, etc…
    Brightway is accredited training center by EC-COUNCIL, one of cybersecurity certifications global leaders
  • Awareness sessions for all employees using the organization’s information system without having much knowledge of data security: this can also concern business leaders, as they have access to and handle sensitive data.
  • Brightway provides exercises (CTF, Cyber drill, etc.) for candidates that allow them to assess and raise their levels of technical knowledge and skills in an operational manner.

« Ask for our training catalog or contact us for tailor-made sessions »