Audit, Penetration Testing and Red Team Services

Through audit, penetration testing and red team services, we assess the exposure of your tertiary and industrial IS and IoT/embedded equipment to a cyber security attack.

Cybersecurity

To provide guarantees and consolidate the trust that our clients place in us, Alter Solutions has implemented a labelling and certification process for our services and resources.

In particular, Alter Solutions uses PASSI qualification for all of our scopes: organizational and physical audit, architectural audit, configuration audit, code audit and penetration test.

This qualification ensures, for example, that our clients can rely on the high level of expertise of our auditors, as well as a robust and tested audit process.

Which services will provide the best assessment of your security?

Organisational audit

Our auditors assess how well the security of your information systems is managed in relation to the reference standards, your internal and sector-specific reference standards and your operational risks.

Architecture audit

Our experts assess the technical and organisational security measures of your information systems in relation to security requirements concerning availability, integrity, confidentiality and traceability, while considering the threats that the system in question will be exposed to.

Configuration audit

Our auditors test the implemented security configurations against internal policies and reference standards.

Code audit

Our experts evaluate your web applications, mass-market clients and smart contracts through industrialised static analysis, a human code review and a dynamic approach.

Pentest

Working within a perimeter agreed with the client, our pentesters proceed in the same way as an attacker would. They can simulate attacks from outside and/or inside your network, or target specific systems and equipment. They help you to define scenarios and select the approaches (black box, grey box and white box) that will provide the best response to your security objectives.

RedTeam

Our most experienced penetrators simulate and sequence a full-scale advanced attack on your business, from stealing information to recovering confidential documents or accessing critical features, as well as exploiting technical or human weaknesses. This service will challenge your security incident detection and response teams.

The scope of our services covers:

IT

Infrastructure: datacentre, corporate networks, public and private cloud
Systems: servers, virtualisation, hypervision, orchestration and containerisation
Telecoms and VoIP
Wi-Fi networks
Desktop and mobile devices (Windows, Linux, Android, iOS and specific)
Web, native and mobile applications, hosted on-premise or with cloud providers

OT

Industrial control systems (ICS)
SCADA systems
Programmable Logic Controllers (PLC)
Distributed Control Systems (DCS)
Safety Instrumented Systems (SIS)
Miscellaneous embedded systems

IoT

Cloud IT infrastructure, web interfaces / APIs
Mobile applications
Communications (NFC/RFID, BT/BLE, UMTS/LTE, WI-FI, etc.)
Updating systems
Firmware

Physical interfaces (USB, JTAG, SD, etc.)
Hardware

Why choose Alter?

Trust

To provide guarantees and consolidate the trust that our clients place in us, Alter Solutions has implemented a labelling process for our services and resources. RGS (General security baseline) PASSI (IS security audit services provider) qualification is the first milestone in this strategy.

Expertise

Developing and maintaining a high level of expertise is one of our main objectives. We are fostering communities of in-house experts that complement Alter Solutions’ cybersecurity services. In addition to our intelligence and innovation budget, we train and certify our consultants and auditors with the best cybersecurity organisations.

Local presence

With 10 offices in 6 countries, we are always on hand to assist you, with project and assignment management in your own language if needed, by supplying the skills and resources of all our European teams.

Audit & Pentest