Information security in an organization greatly depends on the choice and definition of the infrastructure upon which the information is managed. The infrastructure's functionality is an important element; however, its application under secure conditions is equally important.

BugSec specializes in the performance of diverse tests that enable to determine the level of information security of its infrastructure and network, such as penetration tests from the external to the internal network; and tests conducted on servers, end stations, infrastructure products, firewall bypass and more. However, the company does not market security products such as firewalls and various network protection products, in order to avoid any possible conflicts of interest, leaving it free to provide its clients with the most cost-effective solutions on the market.

The uniqueness of the tests performed by BugSec is expressed in the very limited use of scanners, as compared with manual penetration tests; and in the high level results they produce – justifying the client's investment. Many of our company’s clients benefit from these sophisticated tests and the consequent provision of a suitable response prior to purchasing their infrastructure.

Addition of new infrastructure

The addition of infrastructure in a secure manner to the organization's network may also result in significant savings in the future; for example, the appropriate installation of a server from the onset may save the costs of checking and hardening it in the future.

Instruction Manuals

Additionally, BugSec supplies instruction manuals detailing how to install a server from the initial stages until the conclusion of the hardening process to attain the highest level of security. These manuals comprise a worthwhile investment, since their level of detail enables infrastructure personnel who are not knowledgeable in Information security to arrive at a very high level of hardening on their own – on one or many servers.
Outsourcing Services
BugSec also provides outsourcing services to infrastructure specialists, including any or all of the following elements, as required by the client organization:

• Assistance in defining the organization's information security policy


• Preparing a complete set of information security procedures, tailored to meet the organization's specific needs


• Designing PKI infrastructures
  


• Managing infrastructure and application tests:
  ●   Periodic testing in accordance with regulator requirements
  ●   Penetration tests on applications
  ●   Penetration tests on infrastructure
  ●   Security audits
  


• Support of external tests and validation


• Assisting organizations in their preparations for external audits, and providing them with professional support throughout the process


• Preparing expert opinions and recommendations prior to the purchase of products by the organization


• Preparing recommendations prior to the implementation of changes in the network and the application


• Maintaining continuous contact with application and infrastructure development teams, including meetings conducted on a periodic basis


• Arranging professional study days


• Performing tests and updates in the area of information security, including the submittal of a periodic report