Across Verticals

Menu

CyberNinja Services

Web Application Pentest + Web Services pentest

Our web application penetration testing focuses on identifying vulnerabilities within the entire web application structure itself. This includes the user interface, login elements, forms, etc. While our web services penetration testing is narrowed down further to identify vulnerabilities in the APIs and backend servers. To detect these vulnerabilities, we simulate real-world attacks on your web application or web services.

Across Verticals’ penetration testing process covers all areas of your web application and web services with a comprehensive, thorough assessment which then helps us provide you with the best recommendations to secure your web apps according to the industry’s highest standards.

As a certified CREST OVS Web Application service supplier, Across Verticals’ application testing is conducted in adherence to OWASP Application Security Verification Standard (ASVS) for assessment methodology.

For mobile application penetration testing, our team at Across Verticals works on conducting security assessments that target vulnerabilities in your mobile applications regardless of the platform they’re on. These assessments thoroughly test both the front and back end of applications to ensure that your customers’ data is always protected.  With the increasing reliance on mobile apps for customer engagement, data processing, and online transactions, this form of testing is essential for maintaining data integrity, meeting regulatory requirements, and protecting your brand’s reputation.

As a certified CREST OVS Mobile Application service supplier, Across Verticals’ application testing is conducted in adherence to OWASP Mobile Application Security Verification Standard (MASVS) for assessment methodology. Across Verticals can deliver assessments against applications up to Level 3 security verification levels and up to Level 2 security verifications for Mobile Application testing.

For thick applications, the majority of their processing is done on the client side rather than on their servers. These applications include video conferencing software, Enterprise Resource Planning (ERP) systems, Customer Relationship Management (CRM) applications, etc. Penetration testing for these applications involves assessing the security of both the client software and its interactions with the backend server. It ensures that these applications are secure against potential threats that can occur from reverse engineering, data interception, and unauthorized internal access. 

The source code is the literal heart of your application. Identifying potential vulnerabilities or errors that hackers can exploit right at the source helps you lay a solid security foundation for your application before it is deployed for your users. Here at Across Verticals, we conduct this process both manually and with the assistance of automated tools to ensure that our assessments are extensive and complete. We will review the code and provide detailed findings that identify where your problems lie and suggest tailored solutions.

Our approach is to scrutinize your application in various aspects such as authentication, session management, and data validation. This helps us target the most critical (and likely) problem areas.

The goal is to help your business detect security flaws in the development cycle. This will allow you to save on future security costs, and maintain a strong reputation that builds trust with your users.

A network VAPT is crucial in identifying and mitigating risks before attackers can exploit them, reducing the likelihood of costly data breaches. Across Verticals are experts in identifying weak points through our VAPT, so companies can prevent these attacks from disrupting their operations.

The beauty of this assessment is that it not only reveals technical flaws in the network but it also highlights weaknesses in the overall design of the network. With these insights, businesses can focus on improving and securing their network architecture only for the better.

Businesses and organizations use wireless networks daily as they are often a key access point to a company’s internal systems. A wireless network penetration test is an authorized hacking attempt, which is designed to detect and exploit vulnerabilities in security controls employed by several wireless technologies and standards, misconfigured access points, and weak security protocols.

If vulnerabilities do exist in your organization’s wireless network, attackers could exploit them to gain access to sensitive data. Across Verticals’ wireless network penetration test helps verify that encryption protocols are strong enough to block any unauthorized access. With our expertise in compliance as well, our penetration testing service also checks and confirms that your wireless networks are compliant with the highest industry standards. This service is an essential part of a strong security system as remote work and the need for mobile connectivity become more prominent in businesses these days.

Across Verticals performs the wireless security assessment to identify weaknesses and known vulnerabilities on the wireless network, such as below:

  • Weak Protocols
  • Default or weak administrative credentials
  • Mis-association attack potential
  • Dis-association attack potential (e.g. DoS attacks)
  • Evil Twin attack potential (Honeypot)
  • Unauthorized access points (Rogue Access Point, Ad-Hoc Connections)
  • WPA Enterprise misconfigurations
  • Client Station Probe information disclosure

Did you know that “a comprehensive analysis from IBM in 2023 revealed that 16% of company data breaches directly resulted from a phishing attack?” This clearly shows how vulnerable our systems can be to phishing attacks. A phishing attack assessment is a great way to test how vulnerable your organization is to socially engineered attacks. For phishing alone, the attackers can deploy numerous different tactics constantly confusing users. By simulating phishing attacks, we can help your organization identify those who easily fall victim to these attacks and weak points that are commonly targeted before we strengthen your defenses.

Since phishing attacks mostly target employees as an entry point, it is important to conduct regular training to educate your organization’s employees to be more conscious of these attacks. Our phishing assessment may also include security awareness training to raise awareness and help your employees identify key indicators or phishing attempts and how to avoid them.Through regular assessments, your organization can stay ahead of evolving threats and ensure that your human defenses are as strong as your technical ones.

Distributed Denial of Service (DDoS) attacks target vulnerabilities within your organization’s systems, networks, and servers. These vulnerabilities function as an access point to hackers as they start flooding your application with an overwhelming amount of traffic using multiple compromised systems. This causes your application to be inaccessible to users who are authorized to get through.

DDoS penetration testing is carried out to identify and fix those vulnerabilities or access points that attackers target so they can’t be exploited. This test helps businesses understand how their systems function under extremely stressful conditions and the necessary steps to improve them. This test is essential for businesses because DDoS attacks can cause significant downtime and financial losses. Companies would have to deal with having annoyed customers, losing sales, reduced employee productivity, and a damaged brand reputation if attackers can easily target and exploit your applications. With cyberattacks only getting more creative, DDoS testing has become a vital component of every organization’s cybersecurity strategy. To protect the integrity of your systems and ensure uninterrupted business operations, Across Verticals offers our expertise for DDoS testing.

Intelligence-led penetration testing is different from traditional penetration testing. It is an approach where our testing team utilizes threat intelligence to perform the testing campaign against your organization’s critical systems such as payment gateways, trading platforms, customer databases, healthcare information systems, etc.
Using threat intelligence, we will analyze your system’s business and technical functionality and we will imitate advanced real-life attack techniques that cater to your environment. This type of penetration testing is tailored to real-world threats, allowing us to conduct much more precise evaluations of how attackers target and exploit different industries.

Across Verticals is qualified as a CREST Certified Simulated Attack Specialist, which endorses our expertise in performing intelligence-led penetrating testing assessments. With this service, your organization can assess its security teams’ effectiveness in detecting, responding to, and managing advanced cyberattacks in real time.Our methodology includes system discovery, surveillance, threat modeling, risk analysis, attack simulation, and reporting of findings.

In cybersecurity, we have a team of cyber defenders who are highly skilled and contribute to strengthening your security systems. These teams have their own set of skills and are targeted to focus on different aspects of securing your organization. This triad of cyber specialists is the Red, Blue, and Purple team.

The Red Team is a group of highly skilled professionals whose job is to break into your systems – legally. These ethical hackers (also known as penetration testers) simulate real-world attacks, exposing your system’s vulnerabilities before attackers can exploit them. Their goal is to test your defenses from every angle ensuring that no threat goes undetected. While the Red Team is on the offensive, the Blue Team stands guard. These are your cybersecurity specialists, system administrators, and incident responders. They monitor, detect, and neutralize threats in real time. They function as your security immune system that constantly works on adapting to new and evolving threats. When Red and Blue collide, you get Purple. The Purple Team actively works on facilitating collaboration between offensive and defensive units, ensuring that the Blue Team effectively implements lessons learned from the Red Team’s exercises. They work as a middleman between the Red and Blue Team helping them analyze and translate data, document changes that have been made, best approaches and references, and mediate communication between both teams too.

At Across Verticals our teams are trained to provide immense expertise to organizations when crafting a tailored cybersecurity strategy for their business while also focusing on strengthening their security posture. This collaborative approach is not only a more reasonable approach but it is extremely extensive as well because no stones are left unturned.

Did you know that misconfigured systems are a common cause of data breaches and security issues because it is commonly overlooked? A configuration review is a detailed assessment of your organization’s IT systems, such as servers, firewalls, databases, cloud environments, and network devices. Even small businesses that use programs such as email servers and content management systems like Shopify and WordPress can fall victim to a data breach if their configurations aren’t up to date.

Across Verticals conducts configuration reviews to help your organization identify misconfigurations and outdated settings. It also verifies that your systems have been set up correctly and are compliant with the industry’s necessary regulations. Flaws or errors in any of these aspects result in vulnerabilities that can be potentially exploited by hackers. This is why proper and regular configuration reviews are crucial for your business in an era where cyber threats are only evolving and increasing. Besides strengthening your system’s security posture, a properly configured system also improves the overall performance and efficiency of your system. And you know what they say, efficient systems result in an efficient workplace.

Critical Infrastructure Security is the shield that guards the vital systems and assets crucial for our nation’s functioning. It’s not just about firewalls and surveillance cameras; it’s a comprehensive approach to protecting the pillars that hold our daily lives together which includes but is not limited to power grids, water treatment facilities, healthcare systems, financial institutions, telecommunications, and more.
The security of these systems is a non-negotiable as a breach in any of these sectors could trigger a chain reaction of more breaches. Additionally, downtime in these sectors could cause a significant financial loss as it affects the overall operations of these infrastructures that are used almost 24/7 by end-users. 

Across Verticals’ expertise in conducting this assessment ensures that your organization complies with the highest industry standards and constantly adapts to new threats in real time. We are focused on providing you with tailored solutions that focus on fortifying your organization’s resilience and creating a shield that bends but never breaks.

IT GRC Assessment

IT Governance, Risk, and Compliance (GRC) plays an important role in ensuring your organization maintains an effective operational strategy for managing its overall governance, enterprise risk management, and regulatory compliance efforts. Across Verticals provides comprehensive assessments that ensure your organization stays compliant with regulatory requirements with improved cybersecurity measures. External Service Provider Assessment (BNM RMIT Appendix 9) Any new services or  major enhancements that are related to e-banking, internet insurance, and internet takaful services require the financial institution’s notification to Bank Negara Malaysia (BNM). These notifications are to be attested along with an independent external party’s assurance that the technology risks and security controls associated with the services have been adequately addressed and implemented. Across Verticals provides independent assessments on these services or enhancement as an independent External Service Provider (ESP), where we will review the comprehensiveness of the risk assessment performed by the financial institution and validate the adequacy of the control measures implemented or to be implemented, as per the requirements in the BNM RMIT Appendix 9.

Why us?

We assess the security requirements by breaking down the key areas into specific controls and provide our customers with a comprehensive risk-based assessment that is relevant to the operations and nature of each unique service. We have worked with numerous financial institutions including banks and insurance organizations and provided the attestations.

The Cloud plays an essential role in today’s IT infrastructures and applications, as virtualization of systems and assets consumes fewer resources compared to on-premise solutions. While Cloud adoption and migration bring new opportunities, they also bring new and evolving cyber threats. Across Verticals provides a comprehensive assessment ensuring your cloud environment is secured from the latest Cloud cyber threats, including all types of service models such as IaaS, PaaS, or SaaS.

Why us?

Our consultants are certified in the Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance (CSA), which ensures our consultants are equipped with a comprehensive and unbiased understanding of how to effectively secure data in the cloud. For financial institutions, we ensure that the assessed controls are in compliance with Cloud security requirements in the BNM RMIT.

A Secure Software Development Lifecycle (SDLC) process is important because it ensures the security assurance of specific activities including architecture analysis, code review, and penetration testing, all of which are integral aspects of the development effort. To ensure that your security is integrated at every phase of your SDLC, Across Verticals will assess and ensure that adequate governance and operational controls have been implemented in each phase to improve the process of identifying and mitigating security risks throughout the software development process.

In today’s data-driven business landscape, IT audits are no longer just a regulatory checkbox – they’re a crucial tool for ensuring your digital infrastructure is secure and efficient. IT Audit readiness helps prepare your organization before an external organization does a deeper dive into your systems and processes (IT Audit).

The primary goal when conducting an IT audit readiness assessment is for us to scrutinize every aspect of your organization’s security system and detect any gaps or weaknesses that should be fixed before going for a formal audit and having it highlighted by external auditors. This assessment focuses on exposing your system’s vulnerabilities in a safe environment, testing your processes rigorously, and scrutinizing your documentation for completeness. At Across Verticals we assist in preparing our customers for the IT Audit while tailoring our solutions to your business’s needs, so once we’ve identified any potential gaps we will help your organization implement long-term solutions that will only further fortify your security systems. Don’t wait for auditors to uncover your systems’ strengths and weaknesses. Embrace IT audit readiness as a continuous process, and transform potential audit stress into an opportunity for growth and optimization.

Swift’s Customer Security Programme (CSP) helps financial institutions ensure their defences against cyberattacks are up-to-date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have already implemented with those detailed in the Customer Security Controls Framework (CSCF), before attesting their level of compliance annually. 
It is a SWIFT requirement to verify compliance with all mandatory controls and provide the attestation to SWIFT. The attestation must be supported with an independent assessment,which Across Verticals provides as per the latest CSCF requirements as an external assessor.

Why us?

Across Verticals is one of the registered CSP assessment providers in the Swift Partner Programme, where our assessors are equipped with extensive knowledge of the CSP assessment methodology as well as SWIFT components and architecture requirements. You may find us on the CSP Certified Assessors Directory | Swift. Being part of the SWIFT Partner Programme also allows us to work closely with SWIFT, which fosters collaboration, knowledge sharing, and best practice development, enabling us certified assessors to deliver even better CSP assessment services to our customers.

Our Experience?

Across Verticals has performed numerous SWIFT CSP Assessments for financial institutions, including regulatory banks. We have also provided independent assessments for organizations located both locally and abroad.

An organization’s employees are one of the biggest risks to its cybersecurity. In fact, human error is often considered the leading cause of data breaches. However, an organization’s employees can also be a huge asset for an organization’s cybersecurity. If employees are provided with the knowledge that is required to identify cyber threats; through an effective and engaging security training program, they can act as another line of defense for the organization. 
We have designed a mature and comprehensive training syllabus to help your employees maintain their awareness of recent cyber security threats and attacks.

Your organization’s current cybersecurity strategy and posture may be good but there’s always room for improvement to make it great and stronger than before. As cyber threats evolve, it can be hard to keep up as a new one emerges every day, which is all the more reason why your organization should be ever ready to handle these threats head-on without having your security compromised.

The cyber capability maturity assessment evaluates your organization’s current security practices, policies, and processes. We help you understand where your strengths and weaknesses are and how they can be improved to make sure your security defenses are  top-notch and align with the best industry standards.

Across Verticals is here to help you improve your organization’s readiness to deal with these cyber attacks. This assessment gives you a clear benchmark and a proper roadmap on areas for improvement as these vulnerable areas will be the main target for attackers.

As everything around is becoming more technologically advanced, cyber threats are equally evolving and looming. But how are you supposed to know if your business has already been compromised? Our cyber compromise assessment would be your first line of defense to protect your business from cyber attacks.

A cyber compromise assessment is an extensive evaluation of your organization’s IT infrastructure to detect any signs of ongoing or past data breaches. This assessment helps us comb through all your systems to identify traces of compromisation.

This assessment is crucial for your business because it can help identify any hidden threats that have compromised your systems and are trying to stay undetected and allow your organization to make the necessary efforts to get rid of them. Additionally, this assessment not only helps strengthen your security systems but also prevents future data breaches that could save your organization from large financial losses.

Data centres play an important role in housing your critical IT infrastructure and sensitive assets. Across Verticals’ Data Centre Risk Assessment (DCRA) services are focused on ensuring that your data centre is secure, resilient, and capable of mitigating potential risks that could affect your business continuity, data integrity, and availability. We assess your Data Centre in multiple aspects including Network Architecture, Resiliency, Physical Security, Logical Security, Environment Security, Capacity Management, Operations, and Governance management.

It is crucial to ensure your network infrastructure is resilient against any unexpected disruptions or cyber-attacks. Across Verticals’ Network Resilience Assessment (NRA) is designed to identify vulnerabilities and weaknesses in your network’s design, operations, and security, as per industry standards and regulation requirements.

Our Cybertronics Lab is certified ISO17025 by Standards Malaysia, which means our services meet international standards for testing and calibration quality and competence. We provide specific testing and evaluation services that adhere to the required standards for your products or systems.

The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. The evaluation process also establishes the level of confidence that may be placed in the product’s security features through quality assurance processes. 

Why us?

Cybertronics Lab is one of the few facilities that has been accredited by Jabatan Standards Malaysia (JSM) to perform the Common Criteria Evaluations. We can perform evaluations up to the Evaluation Assurance Level (EAL) of EAL7. Evaluators in Cybertronics Lab are also certified Common Criteria evaluators with vast experience in performing these assessments.

Why CC?

Common Criteria Certifications are recognized globally by various countries. Having a CC-certified product or system provides assurance to your customers or users that your product or systems are secured in the aspect of IT security, as it is tested against an internationally recognized framework. 
Certified Products: Some of the successfully certified products where Cybertronics Lab has provided the evaluations: 

  • SECIRON – Android Mobile Application Hardening Sandbox Module (AMAHSM)
  • Guardian-CCS Blockchain Secure Authentication (BSA)
  • SecureKi Automated Privilege Password Management
  • Evault Mobile
  • Fortix Security Suite
  • Valari Web Application Firewall

As the healthcare sector has been advancing technologically, it is key that proper cybersecurity practices should be in place. One key aspect of cybersecurity integrating with the healthcare industry would be in the testing of medical devices. As the first company in the Asia Pacific and Oceania region to be accredited as an Authorised Medical Devices Test Laboratory by IEEE, we are permitted to assist healthcare device manufacturers and regulatory bodies in assessing your medical device’s ability to withstand cyber threats.

This comprehensive assessment thoroughly evaluates your medical devices, searching for vulnerabilities, and weak points, and proceeding to how we can fix them. Our goal is to ensure that every aspect of it from design and development to deployment and maintenance has been tested against the highest industry standards.

Secure medical devices only lead to good things for your company and the healthcare industry. Across Verticals is committed to helping you increase trust with your end-users, reducing the potential for costly disruptions in healthcare delivery, safeguarding your patients’ data, and ensuring compliance with regulatory requirements.

Web Application Pentest + Web Services pentest

Our web application penetration testing focuses on identifying vulnerabilities within the entire web application structure itself. This includes the user interface, login elements, forms, etc. While our web services penetration testing is narrowed down further to identify vulnerabilities in the APIs and backend servers. To detect these vulnerabilities, we simulate real-world attacks on your web application or web services.

Across Verticals’ penetration testing process covers all areas of your web application and web services with a comprehensive, thorough assessment which then helps us provide you with the best recommendations to secure your web apps according to the industry’s highest standards.

As a certified CREST OVS Web Application service supplier, Across Verticals’ application testing is conducted in adherence to OWASP Application Security Verification Standard (ASVS) for assessment methodology.

For mobile application penetration testing, our team at Across Verticals works on conducting security assessments that target vulnerabilities in your mobile applications regardless of the platform they’re on. These assessments thoroughly test both the front and back end of applications to ensure that your customers’ data is always protected.  With the increasing reliance on mobile apps for customer engagement, data processing, and online transactions, this form of testing is essential for maintaining data integrity, meeting regulatory requirements, and protecting your brand’s reputation.

As a certified CREST OVS Mobile Application service supplier, Across Verticals’ application testing is conducted in adherence to OWASP Mobile Application Security Verification Standard (MASVS) for assessment methodology. Across Verticals can deliver assessments against applications up to Level 3 security verification levels and up to Level 2 security verifications for Mobile Application testing.

For thick applications, the majority of their processing is done on the client side rather than on their servers. These applications include video conferencing software, Enterprise Resource Planning (ERP) systems, Customer Relationship Management (CRM) applications, etc. Penetration testing for these applications involves assessing the security of both the client software and its interactions with the backend server. It ensures that these applications are secure against potential threats that can occur from reverse engineering, data interception, and unauthorized internal access. 

The source code is the literal heart of your application. Identifying potential vulnerabilities or errors that hackers can exploit right at the source helps you lay a solid security foundation for your application before it is deployed for your users. Here at Across Verticals, we conduct this process both manually and with the assistance of automated tools to ensure that our assessments are extensive and complete. We will review the code and provide detailed findings that identify where your problems lie and suggest tailored solutions.

Our approach is to scrutinize your application in various aspects such as authentication, session management, and data validation. This helps us target the most critical (and likely) problem areas.

The goal is to help your business detect security flaws in the development cycle. This will allow you to save on future security costs, and maintain a strong reputation that builds trust with your users.

A network VAPT is crucial in identifying and mitigating risks before attackers can exploit them, reducing the likelihood of costly data breaches. Across Verticals are experts in identifying weak points through our VAPT, so companies can prevent these attacks from disrupting their operations.

The beauty of this assessment is that it not only reveals technical flaws in the network but it also highlights weaknesses in the overall design of the network. With these insights, businesses can focus on improving and securing their network architecture only for the better.

Businesses and organizations use wireless networks daily as they are often a key access point to a company’s internal systems. A wireless network penetration test is an authorized hacking attempt, which is designed to detect and exploit vulnerabilities in security controls employed by several wireless technologies and standards, misconfigured access points, and weak security protocols.

If vulnerabilities do exist in your organization’s wireless network, attackers could exploit them to gain access to sensitive data. Across Verticals’ wireless network penetration test helps verify that encryption protocols are strong enough to block any unauthorized access. With our expertise in compliance as well, our penetration testing service also checks and confirms that your wireless networks are compliant with the highest industry standards. This service is an essential part of a strong security system as remote work and the need for mobile connectivity become more prominent in businesses these days.

Across Verticals performs the wireless security assessment to identify weaknesses and known vulnerabilities on the wireless network, such as below:

  • Weak Protocols
  • Default or weak administrative credentials
  • Mis-association attack potential
  • Dis-association attack potential (e.g. DoS attacks)
  • Evil Twin attack potential (Honeypot)
  • Unauthorized access points (Rogue Access Point, Ad-Hoc Connections)
  • WPA Enterprise misconfigurations
  • Client Station Probe information disclosure

Did you know that “a comprehensive analysis from IBM in 2023 revealed that 16% of company data breaches directly resulted from a phishing attack?” This clearly shows how vulnerable our systems can be to phishing attacks. A phishing attack assessment is a great way to test how vulnerable your organization is to socially engineered attacks. For phishing alone, the attackers can deploy numerous different tactics constantly confusing users. By simulating phishing attacks, we can help your organization identify those who easily fall victim to these attacks and weak points that are commonly targeted before we strengthen your defenses.

Since phishing attacks mostly target employees as an entry point, it is important to conduct regular training to educate your organization’s employees to be more conscious of these attacks. Our phishing assessment may also include security awareness training to raise awareness and help your employees identify key indicators or phishing attempts and how to avoid them.Through regular assessments, your organization can stay ahead of evolving threats and ensure that your human defenses are as strong as your technical ones.

Distributed Denial of Service (DDoS) attacks target vulnerabilities within your organization’s systems, networks, and servers. These vulnerabilities function as an access point to hackers as they start flooding your application with an overwhelming amount of traffic using multiple compromised systems. This causes your application to be inaccessible to users who are authorized to get through.

DDoS penetration testing is carried out to identify and fix those vulnerabilities or access points that attackers target so they can’t be exploited. This test helps businesses understand how their systems function under extremely stressful conditions and the necessary steps to improve them. This test is essential for businesses because DDoS attacks can cause significant downtime and financial losses. Companies would have to deal with having annoyed customers, losing sales, reduced employee productivity, and a damaged brand reputation if attackers can easily target and exploit your applications. With cyberattacks only getting more creative, DDoS testing has become a vital component of every organization’s cybersecurity strategy. To protect the integrity of your systems and ensure uninterrupted business operations, Across Verticals offers our expertise for DDoS testing.

Intelligence-led penetration testing is different from traditional penetration testing. It is an approach where our testing team utilizes threat intelligence to perform the testing campaign against your organization’s critical systems such as payment gateways, trading platforms, customer databases, healthcare information systems, etc.
Using threat intelligence, we will analyze your system’s business and technical functionality and we will imitate advanced real-life attack techniques that cater to your environment. This type of penetration testing is tailored to real-world threats, allowing us to conduct much more precise evaluations of how attackers target and exploit different industries.

Across Verticals is qualified as a CREST Certified Simulated Attack Specialist, which endorses our expertise in performing intelligence-led penetrating testing assessments. With this service, your organization can assess its security teams’ effectiveness in detecting, responding to, and managing advanced cyberattacks in real time.Our methodology includes system discovery, surveillance, threat modeling, risk analysis, attack simulation, and reporting of findings.

In cybersecurity, we have a team of cyber defenders who are highly skilled and contribute to strengthening your security systems. These teams have their own set of skills and are targeted to focus on different aspects of securing your organization. This triad of cyber specialists is the Red, Blue, and Purple team.

The Red Team is a group of highly skilled professionals whose job is to break into your systems – legally. These ethical hackers (also known as penetration testers) simulate real-world attacks, exposing your system’s vulnerabilities before attackers can exploit them. Their goal is to test your defenses from every angle ensuring that no threat goes undetected. While the Red Team is on the offensive, the Blue Team stands guard. These are your cybersecurity specialists, system administrators, and incident responders. They monitor, detect, and neutralize threats in real time. They function as your security immune system that constantly works on adapting to new and evolving threats. When Red and Blue collide, you get Purple. The Purple Team actively works on facilitating collaboration between offensive and defensive units, ensuring that the Blue Team effectively implements lessons learned from the Red Team’s exercises. They work as a middleman between the Red and Blue Team helping them analyze and translate data, document changes that have been made, best approaches and references, and mediate communication between both teams too.

At Across Verticals our teams are trained to provide immense expertise to organizations when crafting a tailored cybersecurity strategy for their business while also focusing on strengthening their security posture. This collaborative approach is not only a more reasonable approach but it is extremely extensive as well because no stones are left unturned.

Did you know that misconfigured systems are a common cause of data breaches and security issues because it is commonly overlooked? A configuration review is a detailed assessment of your organization’s IT systems, such as servers, firewalls, databases, cloud environments, and network devices. Even small businesses that use programs such as email servers and content management systems like Shopify and WordPress can fall victim to a data breach if their configurations aren’t up to date.

Across Verticals conducts configuration reviews to help your organization identify misconfigurations and outdated settings. It also verifies that your systems have been set up correctly and are compliant with the industry’s necessary regulations. Flaws or errors in any of these aspects result in vulnerabilities that can be potentially exploited by hackers. This is why proper and regular configuration reviews are crucial for your business in an era where cyber threats are only evolving and increasing. Besides strengthening your system’s security posture, a properly configured system also improves the overall performance and efficiency of your system. And you know what they say, efficient systems result in an efficient workplace.

Critical Infrastructure Security is the shield that guards the vital systems and assets crucial for our nation’s functioning. It’s not just about firewalls and surveillance cameras; it’s a comprehensive approach to protecting the pillars that hold our daily lives together which includes but is not limited to power grids, water treatment facilities, healthcare systems, financial institutions, telecommunications, and more.
The security of these systems is a non-negotiable as a breach in any of these sectors could trigger a chain reaction of more breaches. Additionally, downtime in these sectors could cause a significant financial loss as it affects the overall operations of these infrastructures that are used almost 24/7 by end-users. 

Across Verticals’ expertise in conducting this assessment ensures that your organization complies with the highest industry standards and constantly adapts to new threats in real time. We are focused on providing you with tailored solutions that focus on fortifying your organization’s resilience and creating a shield that bends but never breaks.

IT GRC Assessment

IT Governance, Risk, and Compliance (GRC) plays an important role in ensuring your organization maintains an effective operational strategy for managing its overall governance, enterprise risk management, and regulatory compliance efforts. Across Verticals provides comprehensive assessments that ensure your organization stays compliant with regulatory requirements with improved cybersecurity measures. External Service Provider Assessment (BNM RMIT Appendix 9) Any new services or  major enhancements that are related to e-banking, internet insurance, and internet takaful services require the financial institution’s notification to Bank Negara Malaysia (BNM). These notifications are to be attested along with an independent external party’s assurance that the technology risks and security controls associated with the services have been adequately addressed and implemented. Across Verticals provides independent assessments on these services or enhancement as an independent External Service Provider (ESP), where we will review the comprehensiveness of the risk assessment performed by the financial institution and validate the adequacy of the control measures implemented or to be implemented, as per the requirements in the BNM RMIT Appendix 9.

Why us?

We assess the security requirements by breaking down the key areas into specific controls and provide our customers with a comprehensive risk-based assessment that is relevant to the operations and nature of each unique service. We have worked with numerous financial institutions including banks and insurance organizations and provided the attestations.

The Cloud plays an essential role in today’s IT infrastructures and applications, as virtualization of systems and assets consumes fewer resources compared to on-premise solutions. While Cloud adoption and migration bring new opportunities, they also bring new and evolving cyber threats. Across Verticals provides a comprehensive assessment ensuring your cloud environment is secured from the latest Cloud cyber threats, including all types of service models such as IaaS, PaaS, or SaaS.

Why us?

Our consultants are certified in the Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance (CSA), which ensures our consultants are equipped with a comprehensive and unbiased understanding of how to effectively secure data in the cloud. For financial institutions, we ensure that the assessed controls are in compliance with Cloud security requirements in the BNM RMIT.

A Secure Software Development Lifecycle (SDLC) process is important because it ensures the security assurance of specific activities including architecture analysis, code review, and penetration testing, all of which are integral aspects of the development effort. To ensure that your security is integrated at every phase of your SDLC, Across Verticals will assess and ensure that adequate governance and operational controls have been implemented in each phase to improve the process of identifying and mitigating security risks throughout the software development process.

In today’s data-driven business landscape, IT audits are no longer just a regulatory checkbox – they’re a crucial tool for ensuring your digital infrastructure is secure and efficient. IT Audit readiness helps prepare your organization before an external organization does a deeper dive into your systems and processes (IT Audit).

The primary goal when conducting an IT audit readiness assessment is for us to scrutinize every aspect of your organization’s security system and detect any gaps or weaknesses that should be fixed before going for a formal audit and having it highlighted by external auditors. This assessment focuses on exposing your system’s vulnerabilities in a safe environment, testing your processes rigorously, and scrutinizing your documentation for completeness. At Across Verticals we assist in preparing our customers for the IT Audit while tailoring our solutions to your business’s needs, so once we’ve identified any potential gaps we will help your organization implement long-term solutions that will only further fortify your security systems. Don’t wait for auditors to uncover your systems’ strengths and weaknesses. Embrace IT audit readiness as a continuous process, and transform potential audit stress into an opportunity for growth and optimization.

Swift’s Customer Security Programme (CSP) helps financial institutions ensure their defences against cyberattacks are up-to-date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have already implemented with those detailed in the Customer Security Controls Framework (CSCF), before attesting their level of compliance annually. 
It is a SWIFT requirement to verify compliance with all mandatory controls and provide the attestation to SWIFT. The attestation must be supported with an independent assessment,which Across Verticals provides as per the latest CSCF requirements as an external assessor.

Why us?

Across Verticals is one of the registered CSP assessment providers in the Swift Partner Programme, where our assessors are equipped with extensive knowledge of the CSP assessment methodology as well as SWIFT components and architecture requirements. You may find us on the CSP Certified Assessors Directory | Swift. Being part of the SWIFT Partner Programme also allows us to work closely with SWIFT, which fosters collaboration, knowledge sharing, and best practice development, enabling us certified assessors to deliver even better CSP assessment services to our customers.

Our Experience?

Across Verticals has performed numerous SWIFT CSP Assessments for financial institutions, including regulatory banks. We have also provided independent assessments for organizations located both locally and abroad.

An organization’s employees are one of the biggest risks to its cybersecurity. In fact, human error is often considered the leading cause of data breaches. However, an organization’s employees can also be a huge asset for an organization’s cybersecurity. If employees are provided with the knowledge that is required to identify cyber threats; through an effective and engaging security training program, they can act as another line of defense for the organization. 
We have designed a mature and comprehensive training syllabus to help your employees maintain their awareness of recent cyber security threats and attacks.

Your organization’s current cybersecurity strategy and posture may be good but there’s always room for improvement to make it great and stronger than before. As cyber threats evolve, it can be hard to keep up as a new one emerges every day, which is all the more reason why your organization should be ever ready to handle these threats head-on without having your security compromised.

The cyber capability maturity assessment evaluates your organization’s current security practices, policies, and processes. We help you understand where your strengths and weaknesses are and how they can be improved to make sure your security defenses are  top-notch and align with the best industry standards.

Across Verticals is here to help you improve your organization’s readiness to deal with these cyber attacks. This assessment gives you a clear benchmark and a proper roadmap on areas for improvement as these vulnerable areas will be the main target for attackers.

As everything around is becoming more technologically advanced, cyber threats are equally evolving and looming. But how are you supposed to know if your business has already been compromised? Our cyber compromise assessment would be your first line of defense to protect your business from cyber attacks.

A cyber compromise assessment is an extensive evaluation of your organization’s IT infrastructure to detect any signs of ongoing or past data breaches. This assessment helps us comb through all your systems to identify traces of compromisation.

This assessment is crucial for your business because it can help identify any hidden threats that have compromised your systems and are trying to stay undetected and allow your organization to make the necessary efforts to get rid of them. Additionally, this assessment not only helps strengthen your security systems but also prevents future data breaches that could save your organization from large financial losses.

Data centres play an important role in housing your critical IT infrastructure and sensitive assets. Across Verticals’ Data Centre Risk Assessment (DCRA) services are focused on ensuring that your data centre is secure, resilient, and capable of mitigating potential risks that could affect your business continuity, data integrity, and availability. We assess your Data Centre in multiple aspects including Network Architecture, Resiliency, Physical Security, Logical Security, Environment Security, Capacity Management, Operations, and Governance management.

It is crucial to ensure your network infrastructure is resilient against any unexpected disruptions or cyber-attacks. Across Verticals’ Network Resilience Assessment (NRA) is designed to identify vulnerabilities and weaknesses in your network’s design, operations, and security, as per industry standards and regulation requirements.

Our Cybertronics Lab is certified ISO17025 by Standards Malaysia, which means our services meet international standards for testing and calibration quality and competence. We provide specific testing and evaluation services that adhere to the required standards for your products or systems.

The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. The evaluation process also establishes the level of confidence that may be placed in the product’s security features through quality assurance processes. 

Why us?

Cybertronics Lab is one of the few facilities that has been accredited by Jabatan Standards Malaysia (JSM) to perform the Common Criteria Evaluations. We can perform evaluations up to the Evaluation Assurance Level (EAL) of EAL7. Evaluators in Cybertronics Lab are also certified Common Criteria evaluators with vast experience in performing these assessments.

Why CC?

Common Criteria Certifications are recognized globally by various countries. Having a CC-certified product or system provides assurance to your customers or users that your product or systems are secured in the aspect of IT security, as it is tested against an internationally recognized framework. 
Certified Products: Some of the successfully certified products where Cybertronics Lab has provided the evaluations: 

  • SECIRON – Android Mobile Application Hardening Sandbox Module (AMAHSM)
  • Guardian-CCS Blockchain Secure Authentication (BSA)
  • SecureKi Automated Privilege Password Management
  • Evault Mobile
  • Fortix Security Suite
  • Valari Web Application Firewall

As the healthcare sector has been advancing technologically, it is key that proper cybersecurity practices should be in place. One key aspect of cybersecurity integrating with the healthcare industry would be in the testing of medical devices. As the first company in the Asia Pacific and Oceania region to be accredited as an Authorised Medical Devices Test Laboratory by IEEE, we are permitted to assist healthcare device manufacturers and regulatory bodies in assessing your medical device’s ability to withstand cyber threats.

This comprehensive assessment thoroughly evaluates your medical devices, searching for vulnerabilities, and weak points, and proceeding to how we can fix them. Our goal is to ensure that every aspect of it from design and development to deployment and maintenance has been tested against the highest industry standards.

Secure medical devices only lead to good things for your company and the healthcare industry. Across Verticals is committed to helping you increase trust with your end-users, reducing the potential for costly disruptions in healthcare delivery, safeguarding your patients’ data, and ensuring compliance with regulatory requirements.

Looking for tailored cybersecurity strategies but don’t know where to start?
Let’s Connect
This website uses cookies and asks your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).
Ok, I agree Privacy Policy