Our story: We analyze

Don’t buy a pig in a poke. We will help you to eliminate security risks while integrating new solutions into your infrastructure.

One of the largest savings banks, that has affiliates all over the Czech Republic, used the application for negotiating loans in some external centers. The application became successful here, so the savings bank decided to buy it from the supplier and use it within its entire network. The ICT manager wasn’t sure if it was secured well enough and if it was possible to have it integrated into the existing internal processes of the firm.

The ICT manager chose our team. We executed an audit of the application and a recognition of the security risks as well as organizational, procedural and other risks which its integration could bring. Our cases revealed serious errors, for instance unauthorized access to a database and access to the financial data of the savings bank’s clients. We proposed effective remedial measures to quickly recover the detected vulnerabilities, which the application supplier implemented in no time.

In addition, after we appraised all the risks of the external development and business processes, we passed on the detected advantages and disadvantages of particular options of the application ownership. These files were an important guideline for the decision making of the bank’s management.

Our story: We design

We are an independent lab. With our expert approach we will help you to build an extremely safe solution.

ncial group needed to create its own solution for a second factor of authentication with the aid of One Time Password technology for its banks and institutions. Three suppliers passed the tendering procedure. Each of them proposed a slightly different approach.

The group contacted CSE for help with the evaluation of the proposals from a security point of view, and with choosing the most appropriate solution. After a month of precise cases we passed on a document to the group summarizing the advantages and disadvantages of the particular solution, which was the basis for final choice of the supplier.

We became the project consultant in the field of project security being developed. Together with the supplier we suggested a final solution within three months. We also cooperated during its implementation at individual mobile platforms. To conclude, everything was verified by penetration tests. The entire process took about five months, and the subsequent in-depth testing took less than three months. In one year the group gained a new, security-wise very strong solution, which was implemented in all of its banks.

Our story: We integrate

We managed to shorten the time of the operation recovery of the company from several days down to less than six hours.

A subsidiary of a worldwide provider of car and van leasing, which owns about million cars, expanded and therefore needed to appropriately modify its accident insurance plans. This corporation’s services are based, among others, on permanent availability of solutions for the execution of the customers’ requirements. The absence of ICT services could mean a weakening of trust, and it could cause harm to the customers themselves.

The subsidiary hired CSE to change its accident insurance plans, as we had good references based on previous services for the holding company that it is part of. It was not just a theoretical revision of the accident insurance plans and an impacts cases, but also a field test of their effectiveness.

After a proper impact cases, revision and an update of the accident insurance plans and relating documentation we, together with the ICT manager, switched off the circuit breakers of the data center during full operations and we renewed data of the leased servers of the substitute data center. Only 20 employees (instead of the standard 150 employees) who are capable of running 80% of the critical processes of the corporation were called into the back-up locality. These employees ensured the firm’s operation for the set testing time-period.

According to the previous methodology, the simulated recovery of the firm’s operation would take several days. After the changes processed into the accident insurance plans, and their completion by field knowledge gained from testing, the firm’s operation recovery took less than six hours.

Our story: We test

We can play in the big leagues.

One big international financial group, that includes dozens of banks, insurance companies and leasing corporations from countries all the way from Ireland to Hungary, needed to lower their operating costs on executing security audits and penetration tests.

In order to be successful in the tendering procedure we had to prove not only expert knowledge in security testing systems, but also an ability to communicate within various cultures in the international environment. The benefit from a unitary contract with AEC is a 30% lower price on project and demand management of individual procurements. We unified the quality and reports’ structure, which led to further savings in the process of evaluating information systems’ security. Due to our customers’ satisfaction, our four-year contract has been prolonged for additional time.

Our story: We audit

We don’t google your problem’s solutions!

One bank with international representation asked AEC for an access security evaluation of its external employees into the internal network within the VPN (virtual private network). Pre-configured computers, whose functions were limited to connection to the VPN and the firm’s portal pages, were used for the access. We decided to verify the data protection as it comes to the level of endurance to the most frequent security threats. We managed to react to the unique customer’s environment by adjusting our procedures and methodologies.

We created a new testing methodology due to the bank’s unusual technologies. This methodology reflects the newest attacks that target a specific environment and hardware. The test of the entire solution, with the cooperation of the security lab of VUT in Brno, took 20 days. In this cooperation, we managed to detect some weaknesses even before starting up the full operation. One of the most serious errors found was a possibility to bypass the two-factor signing in, which by default, requires not only a name and a password, but also a cryptographic certificate. We found a way to log in by only using a name and a password.

We developed a survey for the bank that contained a review of vulnerabilities and recommendations for remedy. After we fixed all the deficiencies we carried out additional testing to verify that everything is well secured.