sravnenie-s-drugimi-podhodami

Comparison with other approaches

The market of IS services is represented by the following types of persons:
  • Pentesters are "good" hackers who hack the infrastructure as if they were highly skilled attackers. One-time service costs $5,000 - $15,000.'
  • Suppliers of IS tools are system integrators from major vendors. Their task is to sell the solution, but not to exploit it, assuming that qualified support will be on your side. They are interested in working with companies that employ over 100 people.
  • Security Operation Center (SOC) - analysts look for complex attacks in the logs that are passed on to them. High-quality and expensive service.
  • Auditors prepare you for ISO 27001, PCI DSS, etc. certifications. From $3,000 and up. 
 PentestersSuppliersSOCAuditorsOur Company
Разведка OSINT (разово)+-+
Сканирование инфраструктуры на уязвимости (разово)+---+
Сканирование инфраструктуры на уязвимости (регулярно)- - --
Автоматизированное сканирование веб-приложений на уязвимости (разово)+---+
Автоматизированное сканирование веб-приложений на уязвимости (регулярно)---
Фишинг (разово)+--по согласованию
Перебор паролей+---по согласованию
Аудит кода вашего ПО+----
Продажа средств защиты (CAPEX)-+---
Аренда средств защиты (OPEX)----+
Эксплуатация средств защиты----+
Аренда ловушек для хакера----+
Мониторинг ловушек--+-+
Мониторинг безопасности серверов--+-+
Осведомление сотрудников---+/-+
Сбор и хранение всех логов--+-+
Поиск признаков взлома--+-+/-
Подготовка к сертификации---++


We provide a range of services. Our goal is for you not to be hacked, that is, to protect you in a cost-effective way. We have all the competencies necessary for SME.

  1. We have a professional pentester and top-end scanning systems that guarantee the absence of known vulnerabilities in the external and internal perimeters. But we don't scan the systems once like pentesters do. We do it regularly.
  2. For each security issue, vendors have several Enterprise products, usually with a starting price of $10,000. Selecting worthy solutions takes a long time. Since we don't make money on sales, we choose the most effective solution, and if we don't find it, we develop it ourselves (The Brick).
  3. SOC is expensive for SME. But we collect logs for detecting and investigating incidents, and if necessary, we can quickly connect any external SOC.
  4. We approach frameworks and standards such as ISO 27001 and Cyber Essential from a practical point of view. For us, the wisdom contained in them is more important than blind conformity. First of all, we implement what is necessary, and then we gradually continue with the rest.
Let us we compare our services with hiring a full-time IS employee. You will be lucky to find a specialist for $1,500, and taking into account the workplace and taxes, this will cost you from $2,000 a month or $24,000 a year. You will also need to purchase licenses, services, and servers for IS tools, and you will need to manage all of this. Our services will cost you several times less. One specialist is not able to provide the range and quality of services that our team provides.
And finally, let's talk about the polygraph. There are a lot of data leak prevention (DLP) tools on the market. All these systems, no matter how much they cost, are powerless. If an employee has access to important data that they need to perform their duties, they can just take a picture of everything they need on their personal smartphone, or copy it onto a piece of paper. This will not leave any traces in the DLP system. Therefore, the best way to prevent and detect leaks is to use a polygraph. All employees of DIS.works, including the head, have to take a lie detector test. We do not conduct the questioning, but our team has sufficient competencies to help you develop a strategy for using a polygraph, formulate the right questions, and select polygraph examiners. The questioning price is $50-$100.