Moving to the Cloud, businesses need a new approach to security

Security on Cloud VSEC - BLOG

According to experts, the Cloud environment changes rapidly every day and it is difficult for businesses and organizations to keep up, thus requiring units to have a completely new approach to information security.

In order to achieve high efficiency in work as well as achieve development goals and bring products to the market as quickly as possible, recently, organizations and businesses in the world as well as in Vietnam have joined Continue to move your unit’s workload to the cloud environment at a rapid pace.

Research by CyberSecurity Insider and Fortinet shows that up to 39% of organizations surveyed said they have moved more than half of their workloads to the Cloud, while 58% of organizations are planning to do so in the future. Next 12-18 months.

VSEC CEO Tran Thanh Long shared at the information security session of Smart Banking 2022.

Talking to a VietNamNet reporter on the sidelines of the Smart Banking 2022 event, Mr. Tran Thanh Long, CEO of The Vietnamese Security Network – VSEC also affirmed that moving to the Cloud environment is no longer a trend. has become a mandatory requirement for organizations and businesses, especially banks and financial institutions.

The outstanding advantages of Cloud give organizations and businesses a huge competitive advantage in terms of business, helping organizations focus on the main business area, greatly reducing the time to put services in. activities, especially financial institutions and banks.

According to a study, in 3 years from 2018 to 2020, up to 99.8% of CIOs and strategic planners participating in the survey want to move to the Cloud environment. Worldwide, Amazon Web Services currently leads the cloud services market with 45% market share, followed by Azure 18% and Google Cloud Platform at 5%.

In Vietnam, recently, many organizations and businesses have also moved part of their work to the Cloud. Vietnam’s orientation in the coming time is that by 2025, 100% of government agencies will use cloud computing, 70% of Vietnamese businesses will use cloud computing services provided by domestic enterprises. .

“Moving to the cloud environment has become a mandatory requirement for agencies, organizations and businesses,” emphasized the VSEC representative.

However, in the trend of moving to the Cloud environment, experts also pointed out that businesses and organizations face great challenges in ensuring network information security, including information protection. , data.

Talking about this issue, expert Nguyen Gia Duc, Country Director, Fortinet Vietnam said, maintaining the traditional “on-premise” system and pushing a part of the workload to the Cloud environment, as well as the cloud environment. The choice of multi-cloud, will give businesses flexibility in deploying applications, but at the same time, there are potential threats when data and applications are not centrally managed, but distributed.

Sharing the same opinion, VSEC CEO Tran Thanh Long analyzed, the risks and challenges of network information security when moving to the Cloud environment come from the operating way of the Cloud environment which is completely different from the environment. traditional.

“Not only that, the Cloud environment also changes rapidly on a daily basis and it is difficult for businesses to keep up, which requires a whole new approach to information security. Finally, there is a serious shortage of personnel in the field of information security in general and information security for the cloud system in particular,” said Mr. Nguyen Thanh Long.

As for units in the financial and banking sectors, from actually providing services to banks, CEO of VSEC said: “Banks and financial institutions are required to move to the Cloud environment. to increase competitiveness in business. And what is most lacking for banks is highly qualified personnel in the Cloud, especially in the field of network information security.

Choosing to cooperate or outsource with professional information security service providers is a solution that businesses and organizations can consider when moving to the Cloud. (Illustration)

Making recommendations to businesses and organizations, VSEC experts said that there are a number of approaches that can help units consider, that is, using consulting units on the strategy of moving to the Cloud. as well as consulting, designing professional Cloud architecture. This will greatly reduce the risk from the start.

Regarding network information security, choosing to cooperate or outsource with professional security service providers (MSSPs) to support system operation can help banks and financial institutions focus on the main commercial aspect. Because, MSSPs are units that focus on deep expertise, have full forces as well as processes and technology that are completely compliant with international standards.

According to Mr. Nguyen Gia Duc, participating in the Cloud environment, Vietnamese agencies, organizations and businesses should always pay attention to the model of sharing responsibility between Cloud providers and businesses to proactively protect for applications and data of your unit when moving to the Cloud.

“Delivering a comprehensive security strategy, capable of monitoring and protecting applications, data moving between multi-cloud platforms as well as a mixture of Cloud and “on-premise” environments is the way for businesses to Enterprises best ensure their information assets and data on this advanced storage platform,” suggested Fortinet Vietnam expert.

Source: https://ictnews.vietnamnet.vn/chuyen-dich-len-cloud-doanh-nghiep-can-co-cach-tiep-can-an-toan-bao-mat-moi-5003577.html

“SOC is the solution” on Cloud environment

Security on Cloud VSEC - BLOG

On November 25, 2022, The Vietnamese Security Network (VSEC) attended the Workshop “Data safety and security in the Cloud environment” organized by VNG Cloud in Hanoi.

The conference took place in  two main parts: Part 1 was the topic “The security level of data on Cloud infrastructure” shared by speaker Bui Trung Thanh – Security Solution Consultant of VSEC. Part 2 is the topic “Building a safe security architecture in the Cloud environment” shared by speaker Nguyen Hong Chuong – Cloud solution consultant from VNG Cloud.

Speaker Bui Trung Thanh – Head of Solution consultant VSEC

“In recent years, the global cloud computing market has grown by about 40% each year. The domestic cloud market is currently still occupied by international providers. This causes us to encounter many difficulties and challenges in ensuring information security and safety” – Mr. Thanh shared at the conference. In addition, the VSEC representative also gave a perspective from a unit providing information security services, how to ensure information when deployed on the cloud system. He hopes VSEC’s information security monitoring service solutions will help business organizations build strategies to migrate to cloud computing platforms in the safest way.

SOC IS THE SOLUTION!

Also according to Mr. Thanh: “When an information security incident occurs, all business activities of that enterprise will collapse. When building systems on the cloud, enterprise engineers missed security configurations and did not follow the supplier’s instructions on security configurations. This has created vulnerabilities for hackers to attack easily, creating information security violations on the cloud.”

SOC is a solution to help businesses minimize damage caused by hackers

To solve the above problem, VSEC representatives have proposed an important and urgent solution in the current situation. That is the Information Security Monitoring (SOC) solution –  helping businesses detect hackers’ attack activities as soon as possible and minimize the damage caused by hackers. This system helps continuously monitor and improve the organization’s security situation, allowing effective incident detection, analysis and response. In 2021 alone, VSEC’s SOC Center monitors and warns of millions of information security events, supporting many businesses to successfully prevent attacks on the system. The SOC system provided by VSEC has the ability to be customized according to the field of operation, scale and unique needs of each organization. This helps organizations feel secure about performance and operating costs effectively.

BUILDING SECURITY ARCHITECTURE

In part 2 of the seminar, speaker Nguyen Hong Chuong shared knowledge about security models that allow organizations to properly operate resources. Besides, he will present existing security solutions and optimal security architecture. “Cloud was born as a service, solving the problem of moving quickly but still safely and at a reasonable cost for businesses.”

Speaker Nguyen Hong Chuong – Cloud solution consultant of VNG Cloud

Also during the conference, the speakers also answered all questions for all attending guests. Evaluating after the seminar, the guests were very satisfied because the knowledge that the events brought was extremely valuable.

The Hero Inside

Uncategorized
Having been with VSEC since he was a confused intern, gradually becoming a Security Assessment Specialist and then Head of the Expert Services Team, Mr. Be Khanh Duy has spent nearly 6 years working and is also a the time when he changed himself and became the “Hero of Transformation” in 2022 of VSEC.
Mr. Duy shared a quote: “People are defined by two things: the beliefs they change and the people they fight for.” For him, the beliefs and people that he “fights” for have never changed, they are still beliefs in the company’s goals and vision, they are still brothers and sisters of the VSEC family. However, 6 years is a long enough time for him to be more clear and certain of that belief.
From a purely technical person who was afraid to speak and do whatever he was assigned, Mr. Duy transformed himself without realizing it, to become an open-minded person who shares and is ready to accept responsibility. Accompanying VSEC since he was a trainee, witnessing the transition between generations of VSEC, inheriting unique values from here, Mr. Duy gradually transformed himself, becoming a more complete version. , strives to retain, convey and attract everyone, and gradually becomes the brother who takes care of the trainees the same way he was received from them in the early days.
To continue on the path to change and improve himself better and better, Mr. Duy made a bold decision – to move South, to Ho Chi Minh City with a new mission and many responsibilities. than. However, he finds himself cheerful and happy with his current transformation. New position, new environment, but with the values at VSEC, learned and cultivated day by day, he has increasingly proven himself as the Expert Services Team Leader in Ho Chi Minh. This position is an affirmation of Mr. Duy’s efforts and personal transformation during his association with VSEC and G-Group.

IBM Announces a New Strategic Security Partner at “IBM Security QRadar Suite” Event

Outstanding

Hanoi, August 25, 2023 – IBM, the world’s leading technology corporation, has officially announced a new strategic partner in the field of security at the highly anticipated event “IBM Security QRadar Suite – Predict, prevent and respond to Information and Communications Security threats” which took place in Vietnam today.

The important event “IBM Security QRadar Suite – Predict, prevent and respond to Information and Communications Security threats” organized by IBM in collaboration with VSEC and the distributor Tech Data has attracted the attentions from security experts, risk managers and business leaders in the field of Finance and large corporations in Vietnam. In the increasingly complex and diverse context of information and communications security threats, strategic partnership cooperation in the field of security has become more urgent than ever. IBM has chosen a reputable and experienced partner to cooperate in developing a comprehensive, high-quality security solution to effectively deal with increasingly sophisticated and complex information security threats in the digital environment.

Security Operations Center (SOC) is an effective solution in predicting, preventing and responding to current information security threats in businesses and organizations. According to statistics, 63% of organizations look for the ways to improve SOC’s ability to detect and prevent. Thanks to providing a unified platform, full of necessary technology solutions to SOC, IBM Security QRadar Suite helps businesses and organizations solve the problem of technological complexity, supporting the engineers to focuses mainly on surveillance activities to deal with modern threats. Safety and network security operation monitoring services on IBM Security Qradar Suite platform (also known as Managed Qradar) is the key provided by VSEC to solve the problem of People and Processes – a very big challenge in organizations and businesses today

Ms. Ung Thi Dieu Uyen – Partner Director of IBM Vietnam, shared that: “IBM is always looking for partners who can give “end to end” services on information security, especially in the field of SOC with the world class to customers. VSEC is a longtime unit in such MSSP field. You can completely trust 100% in the cooperation of VSEC and IBM in the coming time, which will bring quality services to ensure information security for the businesses to further develop.”

Mrs Ung Thi Dieu Uyen- Partner Director of IBM Vietnam (left) and Mrs. Phan Thi Hai Anh – TechData (right)

At the announcement ceremony, Mr. Le Duc Hop – Sales Director for the North of THE VIETNAMESE SECURITY NETWORK JOINT STOCK COMPANY expressed that: “During its development, VSEC is constantly looking for partners who can resonate with VSEC to give the best and most effective service values to customers. Becoming a strategic partner of IBM will further affirm VSEC’s position not only in the Vietnamese market but also in the international market.”

It can be said that the “IBM Security QRadar Suite” event not only introduces advanced solutions, but is also a place where experts and businesses have the opportunity to discuss, exchange and update knowledge about current and future security situation.

 

About IBM:

IBM is a global technology corporation shaping the future of business through connecting information, analyzing information and applying artificial intelligence in order to solve complex world challenges. With more than 100 years of experience, IBM has been driving innovation in many sectors, including industry, transportation control, pharmaceuticals and energy. IBM is present in more than 170 countries worldwide.

 

About VSEC:

VSEC is the first information security management service provider in Vietnam to achieve both important certifications: CREST for Security Operations Center and Pentest Information Security Assessment service. Thanks to 20 years of experience in the field of cybersecurity, it has provided information security services to more than 1,000 domestic and international organizations and businesses, of which more than 50% of banks in Vietnam have chosen to use security services.

Why you should hire a CREST Penetration Testing Provider?

Outstanding VSEC - BLOG

Cyber threats evolve at a rapid pace, and one of the most effective ways to assess and improve the security posture and resilience of a company’s systems against such threats is penetration testing. By performing controlled and simulated cyber attacks against an organization, pentesting aims to identify vulnerabilities that could be exploited by malicious hackers.

However, the effectiveness of security testing services hinges greatly on the expertise of the provider, and this is where the value of hiring a CREST penetration testing provider becomes clear. In this post, we will delve into why businesses should consider partnering with a CREST-accredited firm for their penetration testing needs.

CREST serves as an internationally recognized accreditation body, endorsing the capabilities, technical expertise and quality of service for cybersecurity firms and individuals professionally involved in the field.

But what exactly is CREST, and why is it so crucial in the cybersecurity sector? Let’s delve into it in the next section.

What is CREST and its significance in the cybersecurity industry

CREST, originally known as the Council of Registered Ethical Security Testers, is a not-for-profit accreditation body that represents the technical information security industry. As a global certification body, it provides a framework of accredited professional services in cybersecurity, particularly in penetration testing. CREST serves as a benchmark for cybersecurity service providers, ensuring they meet the highest standards of skill, knowledge, and competence in the industry.

The body has two different types of accreditation, both for companies and individuals, who deliver services. Disciplines that CREST accredits for include penetration testing, incident response, threat intelligence, vulnerability assessment, intelligence-led penetration testing and Security Operations Centre (SOC).

CREST has been setting a new gold standard in the cybersecurity industry. It’s devised a framework for proficiency and ethical conduct that all accredited members are obliged to follow. To achieve CREST certification, companies must successfully pass a stringent assessment process. This includes a thorough evaluation of their business procedures and personnel, consulting practices and service delivery standards, as well as the security measures of the prospective CREST member company.

By providing a trusted benchmark for organizations seeking cybersecurity services, it assures customers that a CREST-accredited cybersecurity provider has undergone rigorous validation of their service delivery standards, procedures and methodologies. This increases the reliability, consistency and effectiveness of the services your organization contracted.

Advantages of hiring a CREST-accredited penetration testing firm

Choosing a CREST-accredited penetration testing firm brings a multitude of advantages, key among which are the assured quality of service, world-class technical expertise, and enhanced compliance and trust.

Assured quality of penetration testing services

By choosing an accredited company for CREST penetration testing, businesses guarantee themselves a superior quality penetration test.

The rigorous accreditation process that CREST imposes on firms and penetration testers ensures that they uphold the highest standards in their methodologies and service delivery. CREST’s strict criteria entail meticulous security testing processes that delve into the very core of a system’s vulnerabilities, leaving no stone unturned. The result is a comprehensive and effective approach to penetration testing, which allows for in-depth analysis and targeted fortification of weak points.

This assured quality extends to all areas of a CREST firm’s operations, providing not just technical excellence but also superior customer service, professional communication, and well-documented reporting.

REQUEST A PENTEST

World-class technical expertise

One of the critical components that differentiate a CREST-accredited firm is the high level of technical expertise they possess. CREST member companies must demonstrate that their security experts are not just knowledgeable but are at the top of the game in terms of technical skills and industry acumen.

According to CREST’s examination page, the body offers professional exams at three different levels:

  • CREST Practitioner level exams. These are the basic exams for professionals, and they’re meant for individuals who have been working in the field regularly for about 2,500 hours, or roughly two years.
  • CREST Registered exams. Passing this level shows that you’re dedicated to your work in information security testing. As a guideline, professionals taking this exam should have at least 6,000 hours of regular experience, which is around three years or more.
  • CREST Certified level exams. These exams are the ultimate goal for many professionals in the industry, and they’re intended for individuals with about 10,000 hours, or five to six years, of regular work experience in cybersecurity.

This means that when you hire a CREST penetration testing firm, you’re gaining access to a team of experts with a deep understanding of the cybersecurity landscape. These professionals use their expertise to conduct rigorous penetration tests, identify potential vulnerabilities, discover IT risks in your organization and recommend effective, tailored solutions to bolster the security of your systems.

Increased trust and confidence

Working with a CREST provider for your cybersecurity needs brings an inherent level of trust and confidence. Their accredited status signifies a commitment to ethical practices and high standards of service delivery, which can provide peace of mind as you navigate the complex landscape of cybersecurity.

Compliance assistance

Many industries have strict cybersecurity regulations that companies must comply with. A CREST member company will not only be aware of these requirements but also be able to help your company meet them, thanks to their extensive knowledge and experience.

 

Conclusion

As the threat landscape continues to evolve, businesses must be proactive in strengthening their defenses. Engaging in penetration testing is a crucial aspect of any comprehensive cybersecurity strategy, and choosing a CREST-accredited provider for this task ensures a superior level of service delivered by highly skilled professionals.

CREST accreditation represents a commitment to excellence in cybersecurity. By choosing a CREST member company for cybersecurity services, businesses are assured of rigorous, comprehensive testing that leaves no stone unturned. Furthermore, the credibility and trust associated with CREST certification enhance the business’s reputation and help foster confidence among its stakeholders.

If your organization is considering the advantages of a CREST penetration testing provider, don’t hesitate to reach out to our team of experts. We’re here to provide guidance and answer any questions you might have. Let’s work together to ensure your cybersecurity measures are robust and effective.

Teamlead of Solution – (HN)

Tech Job EN
  1. Job description:
  • As the head of VSEC’s solution team, you shall be responsible for the work and management of team members.
  • Collaborate with business professionals to communicate and work regularly with customers from C-level to security specialists to identify problems and needs of customers.
  • Consulting, building technical and commercial proposals in accordance with the needs of customers.
  • Finalize technical documents for bid requests or bidding documents.
  • Work closely with service deployment teams, act as a bridge to convey customer requirements and technical proposals to the service deployment team.
  • Non-stop research & update the latest global security knowledge, standards, systems, tools and technologies.
  • Recruit, manage, guide and train Solution team members.
  • Perform other tasks as assigned by the Sales Manager

 

  1. Job requirements:
  • Graduated from University with major in IT, Electronics and Telecommunications, etc.; Preference will be given to candidates with knowledge of Information Security.
  • Over 3 years of experience in consulting/selling computer and information security solutions, including experience with Internet technology and Information Security issues.
  • Extensive knowledge of engineering and technology
  • Ability to listen to customers.
  • Ability to write technical proposals and come up with suitable solutions.
  • Able to listen, speak, write and read English documents well
  • Strong communication and negotiation skills
  • Ability to write and present technical documents clearly and coherently
  • Good planning and teamwork skills.
  • Good health, available for business trip at any time.

 

  1. Benefits:
  • Probationary with 100% salary. Attractive negotiable income according to capacity.
  • Salary review: twice per year. Flexible working hours
  • Received training to improve professional skills required to be fulfilled. To be entitled to financial support to participate in training courses on professional skills and soft skills necessary for the job.
  • Quarterly bonus, year-end bonus according to the Company’s business results. Other special bonuses according to the nature of work. Bonus on all holidays and New Year; bonus for introducing internal candidates, seniority bonus; etc.
  • ESOP bonus for excellent employees and managers of the year.
  • 12 days annual leave + 1 day off on birthday. For each year of seniority. the annual leave shall be increased by 1.
  • Fully enjoy insurance policy and holidays in accordance with the company’s regulations and current laws.
  • Enjoy welfare policy and collective cultural activities: Team Building, Year-end Gala, birthdays, holidays, etc.;
  • Working in a friendly, dynamic and professional environment

 

  1. Contact:
  • Human Resources Department – hr@vsec.com.vn
  • Address: M Floor, N01A Golden Land Building, 275 Nguyen Trai, Thanh Xuan Trung Ward, Thanh Xuan District, Hanoi City.

Business Development – HCMC

Non Tech Job En
  1. Job description:
  • Searching for business opportunities, taking responsibility before the Sales Manager for the assigned sales targets.
  • Perform business development tasks related to IT equipment, solutions and services. etc; ensure the achievement of business goals and sales targets.
  • Coordinate with technical departments, related departments in the sales implementation process to understand customer needs and make appropriate suggestions and solutions.
  • Making and implementing individual annual/quarterly business plans.
  • Comply with regulations on planning and periodical reporting as required.
  • Communicating, maintaining relationships with relevant partners, identifying and building relationships with potential Accounts.
  • Responsible for managing, supporting, monitoring and taking care of, in order to ensure customer satisfaction with the company’s products and services.
  • Support and build marketing activities and brand for the company.
  • Perform bidding-related jobs and other tasks as assigned by the Deputy General Director in charge of sales and the Sales Manager.

 

  1. Job requirements:
  • At least 3 years of experience in IT product business and 2 years in IT project business.
  • Knowledge of IT, especially in the field of information security.
  • Having worked or had relationships with partners in the industry of: Banking, Finance, Securities, Insurance, IT, state agencies.
  • Good communication skills, dynamic and creative.
  • Good relationship building skills.
  • Ability to work at high intensity and under pressure.
  • Good negotiation and persuasion skills.

 

  1. Benefits:
  • Probationary with 100% salary. ATTRACTIVE negotiable income according to competency.
  • Salary review: twice per year. Flexible working time
  • To be entitled to attend training course to improve professional skills required to be fulfilled. To be entitled to receive financial support to attend training courses on professional skills and soft skills necessary for the job.
  • Quarterly bonus, year-end bonus according to the Company’s business results. Other special bonuses according to the nature of work. Bonus on all holidays and New Year; bonus for introducing internal candidates, seniority bonus;
  • ESOP bonus for excellent employees and managers of the year.
  • 12 days annual leave + 1 day off on birthday. Each year of seniority is increased by 1 day of leave.
  • Fully enjoy insurance policy and holidays and holidays in accordance with the company’s regulations and current laws.
  • Enjoy welfare policy and collective cultural activities: Team Building, Year-end Gala, birthday, holidays, etc.;
  • Working in a friendly, dynamic and professional environment

 

  1. Contact:
    • Hanoi: M Floor, N01A Golden land building, 275 Nguyen Trai, Thanh Xuan Trung Ward, Thanh Xuan District, Hanoi City.
    • Ho Chi Minh City: 18F, Park IX Building, No. 8-10 Phan Dinh Giot Street, Ward 2, Tan Binh District, Ho Chi Minh City

 

VSEC officially launched Deep Penetration Testing Service

Outstanding Redteam Confession
On April 18, Vietnam Cyber Security Joint Stock Company VSEC launched the Red Team Deep Penetration Testing service – a security assessment based on performing attacks by any means to penetrate the business’s system. career as a cybercriminal.
As defined by the Computer Security Resource Center, NIST: Red Team is a group authorized and organized to simulate a potential adversary’s attack or exploit capabilities against a computer security system. enterprise. Red Team’s goal is to improve enterprise cyber security by illustrating the effects of successful attacks and demonstrating what actually works for the defense team (Blue Team) in a operating environment.
VSEC’s team of experts has succeeded in researching and finding Zero day vulnerabilities (unknown and unresolved software or hardware vulnerabilities) from the most popular software such as WordPress, Joomla, … to applications and systems of technology giants such as Microsoft,  Oracle, … all achieve high CVSS scores.
According to VSEC representative, officially announcing the provision of Deep Penetration Testing service – Red Team means that at the present time VSEC has full technological capacity, the team has international standard certificates and Practical experience participating in reputable security assessments, meeting all needs of all domestic and foreign organizations and businesses.
“In Vietnam, not many businesses and organizations are confident in using Red Team because they are still concerned about the capacity of domestic suppliers as well as risks in data issues. VSEC’s official announcement of the Red Team 2023 Deep Penetration Testing service with the full version “Red Team full version” will bring a new perspective on the security capabilities of Vietnamese experts, fully meeting the highest international standards”, Mr. Truong Duc Luong, Chairman of the Board of Directors of VSEC shared.
VSEC is an international standard MSSP (Managed Security Service Provider) information security management service provider operating since 2003. VSEC’s services meet the needs of all organizations and businesses regardless of the scale or complexity of the information technology infrastructure system. VSEC has obtained CREST (UK Information Security Service Standards) certification for Penetration Testing and SOC (Security Operation Center) services in 2021, 2022.
During 20 years of operation, VSEC announced that it has served more than 500 businesses and government organizations. Being a member of domestic and foreign associations and organizations such as VNCert – National Incident Response Network, VNISA – Vietnam Information Security Association, Command 86, FS-ISAC (The Financial Services Information Sharing) and Analysis Center), Blackpanda, RAPID7, Affinitas Global, CoreSecurity, RecordedFuture, …
Download announcement: HERE
See more at:
  • Vietnamnet newspaper: https://vietnamnet.vn/vsec-trien-khai-dich-vu-bao-mat-chuyen-sau-cho-doanh-nghiep-2133969.html
  • Dan Tri Newspaper: https://dantri.com.vn/suc-manh-so/ra-mat-dich-vu-kiem-thu-xam-nhap-sau-red-team-20230419160124678.htm
  • Bao Moi Newspaper: https://baomoi.com/vsec-trien-khai-dich-vu-bao-mat-chuyen-sau-cho-doanh-nghiep/c/45589171.epi
  • Thanh Nien Newspaper: https://thanhnien.vn/vsec-trien-khai-dich-vu-danh-gia-phuong-thuc-bao-mat-chuyen-sau-185230417172647058.htm

Distinguishing Between Pentest and Red Team

For pentester Outstanding Redteam Confession VSEC - BLOG

In the area of security, the terms Pentest and Red Team are often used interchangeably. So, what is the distinction between these two terms? We’ll discuss in this article to assist you learn more about which service would be the greatest fit for your organization.

Penetration Testing:

Pentester is someone who has hacker-like abilities and knowledge who approaches projects from a hacker’s perspective to undertake network, application, and device examinations. They look for ways to circumvent defensive measures and physical obstacles (bypassing) in order to find security flaws within targets or organizations. An skilled pentester can identify a target’s weak points while also building hacker scenarios for prospective attacks, methods of exploitation, and scope of impact, and then make recommendations for the best system handling and defense.

In this activity, Pentester employs automated testing tools to uncover a variety of cybersecurity issues, as well as manual testing to examine the organization’s attack vulnerabilities. Pentesting has become an essential requirement for most companies in assuring data safety in the light of an increasingly complicated cybersecurity ecosystem. Even firms that assume they do not have any valuable information to protect face hazards when hackers take control, install harmful software, disrupt services,… and cause substantial disruptions during operations.

Although many firms have IT teams that build, administer, and oversee daily security policies, it is nevertheless recommended that these units undergo pentesting to acquire a third-party view on the offensive aspects. Even if internal teams are doing well, this evaluation can help assess multidimensional defensive capabilities.

 

Red Team

Pentest’s goal is to find as many vulnerabilities and configuration flaws as possible, exploit them, and assess the level of risk. In contrast to Pentest, which seeks to identify all potential vulnerabilities, Red Team conducts targeted assaults using specialized tactics.

Red Team is often made up of a group of individuals who work together to thoroughly understand the amount of risk and the potential for real-world attacks across an organization’s technical, human, and physical aspects (assets, materials).

The Red Team employs a wide range of attack methods, including traditional deception, non-technical attacks (social engineering) on employees, and even impersonating a staff member in order to get administrator access. Red Team members are well-versed in the strategies, techniques, and processes that an attacker might employ in order to maximize the efficacy of their attacks.

Organizations with a strong presence in the information security business frequently use Red Team. After frequent pentesting and patching of most vulnerabilities, they demand individuals to undertake offensive assaults against the system’s security measures (bypass) in any feasible method, from numerous distinct angles.

 

Red team’s operations

The Red Team begins by doing reconnaissance in order to gather as much information as possible in order to comprehend the human factor, technology, and surroundings. This allows them to build and acquire appropriate tools for the attack. Red Team members can gather deeper insights into the infrastructure, physical assets, and employees by leveraging Open Source Intelligence Gathering, resulting in a better understanding of the target and its operations. This allows them to conduct more sophisticated attacks, such as writing malicious programs and configuring hardware trojans,…

Members of the Red Team will conduct a variety of attack actions, both technical and non-technical, in order to discover weaknesses in the target’s systems and processes. They then exploit these flaws to conduct attacks against servers, applications, networks, or to circumvent physical safeguards in preparation for escalation attacks.

Using Red Team provides organizations with a multifaceted view of their systems and processes, as well as the support of security experts to rectify, patch vulnerabilities, remedy issues, provide training, and address any necessary measures to ensure that those risks do not reoccur.

Security testing for one of the first joint stock commercial banks in Vietnam

Case study VSEC - BLOG

VSEC’s client is one of the first licensed commercial joint stock banks in Vietnam with nearly 300 branches and transaction offices across the country. In order to deliver the finest service possible to their end clients, this company has just begun actively utilizing digital transformation in banking activities. When a breach in information security exposes sensitive company data, the enterprise requires the involvement of a reliable security solution.

Following the data collection procedure, we identified the following distinguishing features of the company:

  • There has never been a thorough evaluation and testing of the information security of the complete IT system.
  • The information security team is currently insufficient to implement a thorough system-wide examination of information security.
  • A lack of an external, objective examination of security measures.

 

VSEC analyzes the situation and then confers with businesses to determine the optimal course of action. Accordingly, VSEC will offer Pentest, an IT security assessment and penetration testing service, to the customer. Server systems, network equipment, internal and external applications, and critical databases are all part of the scope of the project. 

We have uncovered security flaws in our customers’ IT systems with the help of our team of experienced specialists, which has allowed us to paint a more complete picture of our customers’ information safety. Information security risks are reduced, client confidence is maintained, and losses are kept to a minimum while the business benefits from implementation guidance and support.

Providing solutions for customers in the energy sector

Case study VSEC - BLOG

Organizations in the Manufacturing and Energy sectors are always prime targets for hackers. Although VSEC is a member of Vietnam’s leading energy corporation, its customers are no exception this time. The enterprise operates in national key fields, providing, and conducting the business of electric energy services in the Northern provinces.

There is a challenge that the enterprise owning many IT systems at various levels is subject to the regulations on information security of the State management agencies. Therefore, its implementation of information security solutions will have much higher requirements than that of other common enterprises. Like many previous cases seeking the aid of VSEC, this unit also lacks a well-equipped team of specialized personnel in information security to fulfill the requirements of large-scale information security assessment activities. This time, VSEC will have to carefully research and advise on solutions for the enterprise.

Through discussing with the unit and referring to the regulations of the State management agency, VSEC has assessed and tested the information security penetration for the entire IT infrastructure and several critical applications of the unit.

After a period of implementing assessment measures, our experts have detected numerous vulnerabilities in clients’ IT systems, thereby providing a comprehensive overview of the information security for clients. Based on that, they have provided recommendations and supported the client in implementing measures to mitigate information security threats. Moreover, we not only safeguard the client’s reputation but also minimize potential damages to the enterprise.

Security solutions for the pioneering corporation in eco-cities

Case study VSEC - BLOG

The client of VSEC is a major corporation that is the developer of Vietnam’s largest green urban project in the country’s northern region and which also has invested in many different sectors, including but not limited to education, health, clean agriculture, high technology, travel, entertainment, etc.

The cross-industry products are supported by a massive IT infrastructure and a workforce of over 300 personnel.

VSEC faces a difficult problem in maintaining its public business image given that the real estate industry deals with highly personal information about its clients. The company has a large number of servers and workstations, a broad set of operations, a widespread connection system, and frequent upgrades to a huge number of new apps, but no dedicated employees to ensure the security of this infrastructure. 

With nearly 20 years in the industry, we have successfully implemented a wide range of security solutions for clients including:

  • Conduct a comprehensive analysis of the existing IT system and current supported applications.
  • Deploy and monitor all servers and workstations of the enterprise
  • Forewarning and coordinated analysis to forestall data security breaches
  • Launch your account’s management page to take charge of all monitored components.
  • Export periodic reports and overview of information security events

Our experienced team has found security flaws in the client’s IT application system after conducting a Pentest and doing a system analysis. We then provide our clients with guidance and assistance during deployment in an effort to lessen their exposure to information security threats, protect their reputations as well as limit any resulting damage.