Aletheia Consulting SA performs consultancy in the field of data protection, management and process consulting and research and development activities.
Collaborating with DARKTRACE and IMMUNIWEB allows us to use artificial intelligence for external and internal scans, to respond to ever changing threats and offer cutting-edge services with extraordinary efficiency and simplicity.
The system of WEB Shield products allows to have a complete picture of the situation on the web, “illuminating” the attack surface, examining in depth important or critical resources, investigating the regulatory compliance of policies and procedures, looking for signs, even indirect, of attacks in progress or interest by malicious attackers.
RED Shield platforms allow to visualize and document compliance in an interactive way, with inventory, registry, processing log, security checklists, decision matrices and response to data breaches.
Thanks to WIRE, TRESORIT and PROTONMAIL we can implement resilient communication networks with very advanced security features, also to react promptly to any disruption of the main systems.
The cooperation with SWASCAN complements our offer, and we are always available for dedicated consulting and staff training.
WEB Shield is a cloud-based software with advanced security measures, designed to generate technical and regulatory adequacy analysis of the attack surface exposed on the web, mail servers, cloud resources, IoT and mobile apps, and vulnerability and domain security scans from phishing and cybersquatting attempts for individual web resources (WEB Shield OS).
WEB Shield allows you to view information by accessing directly to the cloud, or through periodic reports generated specifically for you, as well as the vulnerability scan of individual web resources that is activated on demand; all services can be accessed remotely and without any intervention at your premises.
RED Shield is a cloud-based software with advanced security measures, designed to support projects to assess and improve regulatory compliance and cybersecurity levels of organizations.
RED Shield is composed of a Web compliance module that allows the analysis of the regulatory adequacy of an arbitrary number of websites that make up an organization’s web presence, and a Corporate compliance module that includes all the master data, procedures, records, checklists and templates needed to manage the normative adequacy of an organization’s data management.
RED Shield allows you to view information and also collaborate by accessing directly to the cloud or receive periodic reports generated specifically for you; all services can be used remotely and without any intervention at your premises.
For the realization of its products and to improve its integrated offer we have carefully selected excellent technologies, which guarantee a high degree of safety and reliability:
WEB Shield and RED Shield projects are developed with FileMaker Pro, a relational database that guarantees power, intrinsic safety and flexibility of use, and the possibility of fast and reliable updates and customizations.
Filemaker is cross-platform, and can therefore be used on Mac OSX and Windows systems, and in network environments that include different operating systems.
The same app can be used on iPad and iPhone with FileMaker Go, on computers and on the Web with FileMaker WebDirect. Supported browsers include Internet Explorer, Microsoft Edge, Chrome and Safari.
Applications developed with FileMaker can be distributed for local use, but also for use in the Cloud.
Security is guaranteed by
- Database encryption that uses AES 256-bit AES encryption for all types of stored data, including video, audio files, PDF and more.
- SSL encryption to encrypt data in transit between FileMaker Server or FileMaker Cloud and FileMaker clients.
- SSL Certificates. Supports certificates with alternative subject name (SAN) and wildcard. FileMaker Cloud includes built-in SSL certificates.
- Multi-factor authentication
- Set of privileges to define permissions, down to field level, to determine access levels to custom apps.
Claris is the web platform used to manage RED Shield and WEB Shield class products.
Cloud management allows you to access your data from anywhere you have access to the web, from the office, from operational departments with a tablet, or on the go.
Claris offers many advantages, but we want to highlight a few:
- Security: Included are industry standard solutions such as: 256-bit AES encryption, automatic file encryption, built-in SSL certificates and optional multi-factor authentication support.
- Mobility: Host executable apps on iPad and iPhone. Use the built-in functionality to instantly run your apps in a web browser and ensure access from any mobile device.
- Manage under control: Manage and monitor your apps with an easy-to-use Admin Console. Data backups and software update notifications are automatic.
- Scalability: FileMaker Cloud is ideal for teams of a few or a few hundred people. As your business grows, it will be easy to add more users. Plus, you can increase processing power and amount of memory according to your actual needs.
Immuniweb® is a cloud platform that uses Artificial Intelligence to test web application security and improve visibility and management of attack surfaces, integrating Dark Web monitoring and providing a holistic view of risk exposure.
ImmuniWeb® leverages award-winning AI and Machine Learning technology to improve and accelerate web application penetration testing and mobile penetration testing, with custom remediation guidelines and zero false positives, and the ability to achieve continuous monitoring to quickly detect new code with just-in-time web penetration testing and 24/7 access to security analysts.
Darktrace offers Cybersecurity AI (Artificial Intelligence) technology solutions that promptly detect new attacks and internal threats, identifying the subtle signs of an advanced attack – without relying on blacklists, rules and signatures or previous assumptions, but rather using unsupervised machine learning and artificial intelligence to observe and model users and devices, cloud containers and workflows, and learn what is normal for an organization.
Darktrace’s AI technology is also critical to OT (Operational Technology) cyber defense, passively learning the “normal” aspect of OT, IT and industrial IoT, and allowing even the most subtle signals of emerging cyber threats to be detected in real time, in a protocol agnostic manner and compatible with many OT environments, providing complete coverage of the organization without disrupting daily operations.
Through Threat Visualizer’s intuitive interface, Darktrace provides instant visibility into different digital infrastructures, allowing operators to proactively investigate malware and specific areas of the ICS, and view every user, device and controller on the network, identifying new threats and insiders in real time.
The IPS module can take action against ongoing malware, stopping them before damage occurs. Critical to defending against fast-moving threats such as ransomware, it reacts in seconds, giving the security team time to catch up without disrupting daily operations.
Advanced reporting and logging capabilities enable powerful forensic and asset inventory management.
Tresorit is an online cloud storage service based in Switzerland and Hungary, offering data protection for business customers based on its own end-to-end encryption and additional security systems such as digital rights management (DRM), role-based access control and other functions that aim to create a secure collaboration system.
- Public Key Encryption: Tresorit encrypts every file on your devices before it is uploaded to the cloud by applying the Advanced Encryption Standard algorithm using 256-bit keys. Your files are never decrypted on Tresorit’s servers.
- Zero-knowledge: zero-knowledge privacy means that no one, not even Tresorit, can examine the content of your files. Only you and those with whom you decide to share them can access them.
Client-side integrity protection: by applying a message authentication code to each file, Tresorit guarantees that the contents of your files cannot be changed without your knowledge, even if someone hacked their system.
- Compliance: GDPR highlights encryption as one of the technological measures to ensure data protection and compliance. With Tresorit’s end-to-end encryption technology, encryption keys that unlock data are stored on the client side, on the device. Unlike in-transit or at-rest encryption, only the team sharing the information has access to it.
Wire offers the most comprehensive suite of collaboration with messenger, voice, video, conference calls, file sharing and external collaboration, all protected by the most secure end-to-end encryption.
RED Shield uses Wire for customer support, combining secure group messaging, voice and video calls and file sharing.
Text messages and images use the Proteus protocol for end-to-end encryption. Proteus is based on Axolotl encryption and pre-key optimized for mobile and multi-device messaging.
Voice and video calls use the WebRTC standard. More precisely, DTLS and KASE are used for key negotiation and authentication and SRTP is used to transport encrypted media. This means that voice calls are encrypted end-to-end with perfect transmission secrecy enabled without compromising HD call quality.
Protonmail.com is a Swiss-based e-mail system, which ensures data security thanks to an extremely secure physical infrastructure, entirely resident in Switzerland, and neutrality and protection thanks to strict Swiss privacy laws.
All e-mails are automatically protected with end-to-end encryption, so even the service provider cannot decipher and read them, nor share them with third parties; no personal information is required to create accounts, nor is any IP log that can be linked to e-mail accounts stored.
The platform, although very easy to use, implements controls that allow a particular protection and security of messages even in transit, while maintaining compatibility with all email providers.
Cookiebot provides transparency and control over cookies and tracking on a website, enabling compliance with applicable data protection laws and building a relationship of trust with users, with the use of automatic and easy to implement features: consent, tracking and control of cookies.
Cookiebot allows a real respect of privacy regulations through a respectful and transparent exchange of data, based on the correct collection and documentation of consent between the end users and the websites they visit.
Swascan is a cybersecurity cloud platform that includes Vulnerability Assessment, Network Scan, Code Review, GDPR Assessment, Phishing Attack Simulation and Security Management services.
Web App Scan is an automated Web Vulnerability Scan service that allows you to identify vulnerabilities and security vulnerabilities of websites and web applications.
Network Scan is an automated Network Vulnerability Scan service that allows the scanning of infrastructure and devices to identify vulnerabilities and security issues.
The Vulnerability Analysis aims to quantify the risk levels and indicate the corrective and repositioning actions necessary for the recovery.
Code Review is an automated tool for static analysis of an application’s source code to verify that the minimum security requirements are present and effective.
GDPR Assessment is an online tool that allows companies to verify and measure their level of compliance with EU Regulation 2016/679.
Phishing Attack Simulator is a simulation solution that allows employees to understand how phishing attacks work, the tactics used by hackers and how to recognize and avoid a phishing attack.
Security Management services are advanced consulting services for all phases of cybersecurity and compliance.