Home/Services

Managed Security Services

Fully-managed, outcome-driven, security services. Offload your management and technical team and focus on your core business.

Managed Services

vCISO - Virtual CISO

Our Virtual CISO is an additional collaborator for your organization: it assesses the current state of your Cyber Security and continuously improves it. Thanks to the Security Program Maturity Assessment based on the NIST framework, corrective actions are integrated into a strategic plan that is followed periodically until the objectives are achieved.

vCISO in detail
VMS - Vulnerability Management Service

Our Vulnerability Management service identifies and manages vulnerabilities in corporate systems, freeing up your internal resources. We perform scans and security analyses of all assets, and our experts support you in implementing the necessary solutions. With security tools and periodic reports, the organization is protected.

VMS in detail
CTS - Cyber Threat Simulation

We conduct personalized simulations to test and improve corporate resilience to cyber attacks. Using realistic scenarios, we assess the ability to detect and mitigate threats. Periodic simulations allow for continuous improvement of corporate cybersecurity.

CTS in detail
THREAT - Threat Intelligence & Digital Risk Protection

We periodically conduct an in-depth analysis of external and internal digital threats and evaluate your countermeasures. We constantly monitor the digital environment, identifying potential risks and vulnerabilities. We clearly indicate the proactive measures necessary to protect your digital assets and avoid security breaches.

THREAT in detail
SOC - Security Operation Center

The SOC (Security Operation Center) service offers prevention of cyber attacks. The service is carried out through the monitoring of networks and data centers by a team of professionals who will assess threats and mitigate attacks in case of intrusion attempts.

SOC in detail

Offensive services

NPT - Network Penetration Testing

Manual verification of the actual security level of an IT infrastructure through simulation of attacker techniques and methods. An NPT aims to identify unknown security issues that would otherwise not be detected by automated tools. Experience and creativity are combined with the use of the most accredited methodologies such as OSSTMM and OWASP.

NPT In detail
WAPT - Web Application Penetration Testing

Manual verification of the actual security level of one or more web applications through simulation of attacker techniques and methods. A WAPT aims to identify unknown security issues that would otherwise not be detected by automated tools. Experience and creativity are combined with the use of the most accredited methodologies such as OSSTMM and OWASP.

WAPT In detail
MAST - Mobile Application Security Testing

Simulation of an attacker against an application downloadable directly from official stores (AppStore and PlayStore) or distributed alternatively for internal use. Depending on the type of application and level of access obtained, we will try to modify the application flow and manipulate and exploit local and remote server data to our advantage.

In detail
EH - Ethical Hacking

Attackers do not follow rules and can act in many different ways to achieve their goal with minimal effort. Our Tiger Team will analyze the client's IT infrastructure, procedures, human resources, and physical security to discover vulnerabilities and exploit them to perform a simulation as truthful as possible of what could happen in real conditions.

EH In detail

Defensive Services

VA - Vulnerability Assessment

Execution of non-invasive audits, both manual and through open source and commercial software tools, of IT infrastructures and web applications. A VA can identify known vulnerabilities. None of our services are purely automatic, which is why our VAs are of superior quality while maintaining reduced costs and time.

VA In detail
CR - Code Review

Source code analysis of an application aimed at identifying security issues and bad practices. CRs allow identification of most vulnerabilities as it is a White Box activity (where the client provides all useful information to the auditor), including those that would not normally be exposed during a WAPT or NPT. Many of the vulnerabilities we discover in our research activity are the result of application source code analysis.

CR In detail
TRA - Training

We offer various training and updating paths for network administrators, system administrators, developers, and penetration testers. Training is a fundamental component for raising the security level and awareness of a team over the long term.

TRA In detail

Security Assessment Services

RA - Risk Assessment

The IT Risk Assessment service will allow you to become aware of the risks your company is exposed to, determine their impact, and periodically find and implement new security measures to stay safe from infrastructure attacks.

RA In detail
SAR - Secure Architecture Review

The Secure Architecture Review service offered by ISGroup allows individuals and companies to have a security assessment on their applications. The service focuses on complex infrastructures that may expose sensitive data. The Secure Architecture Review is useful both to learn the current state of security and to improve certain aspects under the advice of the ISGroup team.

SAR In detail
CSA - Cloud Security Assessment

Security verification of cloud infrastructures based on Amazon Web Services (AWS), Microsoft Azure, Google Cloud, private and hybrid clouds. The purpose of a Cloud Security Assessment is to identify and highlight vulnerabilities inherent in the infrastructure design. The results are useful for reviewing cloud security design and implementing new security controls.

CSA In detail
WSA - Windows Security Assessment

Security verification of Windows integrity and probable attack surfaces. The purpose of a Windows Security Assessment is to identify and highlight vulnerabilities inherent in the operating system itself. The results are useful for reviewing Windows security and implementing its security, while maintaining regular security checks.

WSA In detail
ISA - IoT Security Assessment

Security verification of IoT infrastructures and devices in application contexts such as smart home, home automation, telemedicine, smart city, and smart grid to highlight and remedy vulnerabilities in infrastructure design, device design, or security control implementation. Hardware, software, and infrastructure design aspects are considered. The results of this test are useful for correcting possible vulnerabilities and avoiding system compromise.

ISA In detail
PTA - Purple Team Assessment

The ISGroup Purple Team Assessment service offers a security assessment of the company based on the defensive team's response to actual attack attempts.

PTA In detail
PHISH - Phishing & Smishing

We train staff against the latest Phishing, Smishing, and Vishing tactics. Through a combination of simulated attack campaigns, training, and consulting, we increase your employees' awareness. Achieve regulatory compliance and protect against attacks that occur via email, SMS, and other corporate communication channels.

Schedule an appointment
SE - Social Engineering

We train staff on advanced psychological manipulation tactics. Through realistic simulations and expert consulting, we increase employee awareness of the dangers of Social Engineering. Achieve regulatory compliance and actively protect the company from threats involving employees and collaborators.

SE In detail
PSA - Physical Security Assessment

We simulate an attacker and thoroughly analyze the physical security of offices, shops, warehouses, technical rooms, and production sites. Our experts identify individual vulnerabilities and the weakest areas, proposing effective solutions to improve the protection of assets and personnel.

Schedule an appointment

Governance, Risk and Compliance

GDPR - GPDR Compliance

GDPR compliance verification service through evaluation of implemented measures, risk analysis, and study of customized solutions. To ensure GDPR compliance, ISGroup also offers a continuous training service to raise awareness of risks and develop solutions independently.

GDPR In detail
NIS2 - NIS2 Compliance

We thoroughly evaluate the implemented measures, analyze specific risks, and design the necessary remedial actions and solutions to achieve and maintain compliance. Thanks to the training program, we raise awareness and develop internal skills regarding NIS2 requirements.

NIS2 In detail
PCI - PCI DSS Compliance

To ensure the security of payment card transactions, detailed assessments, risk analyses, and customized solutions are carried out. Through continuous training, we raise awareness of security practices to ensure full compliance with PCI DSS standards.

Schedule an appointment
27001 - 27001 Compliance

We guide you to obtain and maintain compliance with the ISO/IEC 27001 standard. We create or maintain your Information Security Management System, supporting you until certification or renewal. We implement the documentation system, analyze risks, train staff, and assist you in third-party audits.

27001 In detail
27017 - 27017 Compliance

For compliance with the ISO/IEC 27017 standard, our service offers an initial assessment of your current information security status, then focuses on the main features of this extension, namely cloud security and use, offering a tailored plan to achieve certification.

Schedule an appointment
27018 - 27018 Compliance

To optimize the protection of personal data in the cloud computing environment, we conduct an in-depth analysis of compliance with the already implemented ISO/IEC 27001 standard. Through this initial assessment, we identify any gaps, calculate the necessary effort, and support implementation to achieve compliance with the ISO/IEC 27018 standard.

Schedule an appointment
ISO 17025 - Accredited Laboratory VA

To ensure compliance with regulations and maintain the quality standards required for accredited laboratories, we offer a comprehensive compliance service with the ISO/IEC 17025 standard. We propose and implement customized solutions to fill gaps, ensuring effective process management and accurate documentation compliant with accredited standards.

Schedule an appointment
PSD2 - PSD2 Compliance

The approach focuses on the detailed analysis of payment processes and your organization's internal procedures. We identify any non-compliance and assess the impact of the new regulations introduced by PSD2. We then propose tailored solutions to address the identified issues and ensure full adherence to PSD2.

Schedule an appointment
ITGOV - ACN-AGID Norms

It focuses on the detailed analysis of the regulatory provisions proposed by ACN and AGID and their implications for your organization. Through a thorough exploration, we identify any gaps or non-compliance with the established regulatory requirements. We then propose and implement customized solutions to address these issues and ensure full compliance with the regulations.

Schedule an appointment
DORA - Digital Operational Resilience Act Regulation

It is based on the in-depth analysis of the regulatory provisions established by DORA and their implications for your organization. Through a detailed exploration, we identify critical aspects and areas for improvement concerning the regulatory requirements defined by DORA. We then propose and implement customized solutions to address these challenges and ensure full compliance with the DORA Regulation.

Schedule an appointment

SECOPS SERVICES

MDR - Multi-Signal MDR

Combines advanced technologies like open XDR with the continuous vigilance of our expert team. This approach monitors and analyzes data from various sources to detect and block threats in real-time. Using our XDR platform, we can promptly respond and block potential attacks, thus protecting the organization from significant damage.

Schedule an appointment
DFIR - Digital Forensics and Incident Response

Ideal for a prompt response to advanced cyber attacks. Thanks to digital forensic technologies and the expertise of our experts, we ensure rapid and comprehensive incident management. Our professionals provide support throughout the investigative process, analyzing the causes of attacks and collaborating with you to improve security and prevent future harmful events.

Schedule an appointment
WSM - Wireless Security Monitoring

The Wireless Security Monitoring service offered by ISGroup allows you to know and continuously monitor the devices that communicate in radio frequency present inside or around your company to assess what the risks are, the vulnerabilities, and identify attacks, even advanced ones.

WSM In detail
DDoS - Anti-DDoS

A DDoS attack aims to make a server, service, or infrastructure unavailable. They occur more frequently today, which is why ISGroup has developed the Anti-DDoS service to keep your company safe from these attacks.

DDoS In detail
FWaaS - Firewall as a Service

The FWaaS (Firewall as a Service) service will allow you to have customized protection for: data, applications, and to have granular control over user navigation. The ISGroup team will take care of the implementation and maintenance of next-generation firewalls to protect the infrastructure from most threats.

FWaaS In detail
SIR - Security Integration

The ISGroup Security Integration service is oriented towards customer security. Through the Security Integration process, the interested infrastructures will be periodically analyzed, and in case of vulnerabilities, solutions will be proposed to reduce risks. The result is a continuous process of vulnerability discovery and flaw correction for more secure infrastructures.

SIR In detail

SSDLC Services

SAL - Software Assurance Lifecycle

With the Software Assurance Lifecycle service, you can keep your company, your customers, and your online presence safe with the help of the ISGroup expert team. Continuous security checks on your software releases by the ISGroup team ensure secure implementation and adherence to best practices.

SAL In detail
CST - Continuous Security Testing

It is designed to ensure constant and thorough surveillance of IT system security. Through continuous and regular testing, we use a series of advanced methodologies and tools to identify and assess potential vulnerabilities and security threats. Our team of experts constantly analyzes the threat landscape and updates our testing procedures to ensure maximum effectiveness in detecting potential risks.

Schedule an appointment

Publications

A brief collection of publications, materials and presentations that our staff members produced and presented during their career.

This is a demonstration that IT Security is not just a profession for us but also a great passion.

Our publications

Research

Research is a fascinating activity that puts the computer security expert always against scenarios and challenges. For years, even through our non-commercial embodiment, ush.it - a beautiful place, we dedicated ourselves to the publication of advisories, exploit development and bug hunting.

Our researches

Certification and Training

Thanks to the experience gained during technical activities performed so far, the results of our research and our knowledge of IT Security issues and solutions, we are able to provide different training paths for those who are in position to execute offensive (auditor, penetration tester) or defensive (network administrators, developers) activities.

The Training

ISGroup SRL
Via Cantarane, 14
37129 Verona VR
CF e P.IVA 04164220230
REA VR-397513

Contacts

Social Network

© 2005-2025 ISGroup SRL. All Rights Reserved.

Sitemap  Privacy Policy  Cookie Policy

IQNET Certification ISO/IEC 27001:2022 Certification ISO/IEC 9001:2015 Certification

🎉 We want to talk to you! Book an appointment!