OFFERING ELITE CYBER SECURITY SERVICES SINCE 1996

Imagine adding 3 decades of cybersecurity expertise instantly to your tool belt.

That is what we provide.

Wether you need personal advice or your enterprise is facing challenges that appear complex, our role is to make you shine and to make it EASY for you.

We have developed our own tools over decades of R&D. These tools and this expertise is all put to work for you.

Why not have a 5 minute call with one of our senior analysts and see what we bring to the table.
Stacks Image 95
What is the EVATrust ® continuous maturity evaluation process all about…

Most companies simply cannot afford to have commercial grade vulnerability assessment tools let alone a team of seasoned security professionals looking out for them. We provide this integrated into a continuous service model.
EVATrust ® is exactly all this, in a monthly service model. Throw into that a ongoing oversight that is focused on continuously evaluating your maturity and you have yourself the industries only cost effective winning.

EVATrust ® is :
  • Multiple commercial grade vulnerability assessment tools rolled into one continuous process.
  • Cyclic compliance evaluation based on a maturity model mapped to an industry recognized standard (NIST 800-171)
  • Cyclic vulnerability assessment (Network based, web and application based, etc.)
  • Cyclic intrusion testing performed yearly (baseline) and monthly (Yes! Monthly)
  • Project support, enables you to never again put something into production without testing it first!
  • A team of security testing specialists dedicated to providing you the benefits of all these elements
  • A management tool that enables managers at all levels to make optimized decisions based on facts

What you get: Dedicated 24 hour access to the most technology savvy team available today. A toolset developed over the course of over 30 years of continuous IT and business work. Technological tools and software to make it work together and deliver a meaningful evaluation that brings results.

CONTACT US and get a feeling for how EVA Technologies ® can change your life.


What is the EVA-TRUST® security attestation model
The EVA-TRUST® security attestation is a multi-part, multi-year program that ensures an enterprise progressively optimizes their security by delivering concrete milestones to senior management.

The program is a multi-part program that an enterprise can subscribe to in order to achieve maximum optimization.

Four categories of activities are possible under the EVA-TRUST® model.For each category an dashboard often referred to as a score card or report card of the enterprise is published on our website with a specific URL for the enterprise under review.This guarantees an updated and independent unalterable report card is available for our client to show their clients.

Each report card section includes the date performed along with any comments on the findings.

The report card also includes the contact information of the security analysts who performed the various tests.

The four modules found within the EVA-TRUST® model are:


EIT - Enterprise Intrusions Testing

This initiative involves a roadmap based on the PTES (Penetration Testing Execution Standard)

Ref: 
http://www.pentest-standard.org

When the complexity of the infrastructure and business processes warrants it, the OSSTMM (Open-Source Security Testing Methodology) testing methodology is employed.

Ref: 
http://www.isecom.org/mirror/OSSTMM.3.pdf

Under all cases, a scope is identified by our team based on a formal review of the enterprises infrastructure and business processes.To be considered a penetration test (or intrusion test) at no point can the enterprise influence what is being tested.The EVA-TRUST® analysis team identifies the optimal scope and modulates testing year after year to ensure a progressively deeper penetration test is performed using a reasonable budget.

In the event the client targets a specific area for their “intrusion test” we would report this as a “security review”.Only tests scoped and identified by our team can have the title of “Intrusion Test”.

Intrusion testing initiatives are performed annually however some tests will be performed more frequently (example: password quality review test, phishing test, etc.) 


CVA - Continuous Vulnerability Assessment

Enterprise vulnerability testing is an important part of any secure infrastructure.Under this category, tests are configured both internally and externally to be executed monthly providing technical staff with the details required to address critical issues and providing management with trending information to gauge the evolution.

Clients have access to our EVA-TRUST® portal which offers many dashboards and technical reports to ensure both managers and technicians have all the information needed to move security ahead.

The CVA goes beyond simple VA (Vulnerability Assessment) and includes configuration testing to identify non hardened systems and provide optimization recommendations based on known hardening configuration standards.


EMA - Enterprise Maturity Assessment

Inspired by ISO27001 and NIST 800-171, the EVA maturity assessment provides management with a score card of strengths and weaknesses grouped by themes that allow an enterprise to target weak areas that are meaningful for them and invest effort in areas that will yield the most dividends.Our security analysts provide resolution and optimization recommendations for each theme presented within a maturity audit.This initiative is performed yearly and trending information is also represented to allow all involved to easily see regression and progression for each theme.


TWT - Targeted Web Testing

Web application tests are often taken as a secondary task outside of the scope of an enterprise intrusion testing initiative. In order to provide a quality web application test, we handle basic web application testing within an EIT but any business critical web application is scoped separately and is tested using the OWASP (Open Web Application Security Project) testing methodology.

Ref:
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
The following are the core products used by our security analysts.  Many other tools are also used based on the TOA (Target of Analysis).

Several other tools are also used based on the identified attack path / exploitable vulnerability to be tested.