Cybersecurity

Cyber threats, ransomware attacks, data theft: today no company can consider itself safe. Whether SMEs or large companies, prevention is the only effective approach.

FBITECH srl supports you in this path, providing professional vulnerability analysis services and security tests based on reliable and certified technologies.

To guarantee our clients concrete results, we rely on the CyLock certified platform, an innovative tool for extended vulnerability assessment (EVA – Extended Vulnerability Assessment), designed by Italian cyber experts.

Thanks to this collaboration, we can offer:

Detailed and rapid analysis of vulnerabilities in sites, servers, networks and IT systems;
Clear reports, with clear technical guidance and support for corrective actions;
Compliance with the main standards (e.g. ISO 27001, GDPR, NIS2), with outputs ready for audits or certification paths.

CyLock is a solution recognized and used by public bodies, private companies and professionals in the sector: we at FBITECH have chosen to integrate it into our processes to guarantee our customers a high level of reliability, without compromise.

Services

Extended Vulnerability Assessment (EVA)

The Extended Vulnerability Assessment (EVA) service provides a detailed analysis of vulnerabilities within the corporate network, with the aim of identifying and mitigating cybersecurity risks.
The EVA (Extended Vulnerability Assessment) software is a patented system (Patent No. 10202200001641 from the Ministry of Business and Made in Italy – UIBM) and is officially recognized as a vulnerability assessment tool by OWASP.

Our services are divided into three main categories, based on the type of asset to be analyzed.

EVA Internal
● Description: Vulnerability assessment for all assets within the company network;
● What’s included: Firewalls, routers, PCs, printers, virtual machines;

EVA Public
● Description: Vulnerability analysis for servers with public IPs and cloud infrastructures;
● What’s included: Public IPs and cloud infrastructures;

EVA Url
● Description: Security analysis for publicly exposed websites and web applications;
● What’s included: Websites and web applications.

EVA includes:

Vulnerability Scanning: We will use our EVA software to perform a comprehensive scan of your infrastructure, identifying weaknesses such as out-of-date software, incorrect configurations, or known flaws.
Vulnerability Classification: Identified vulnerabilities will be classified based on severity, using standard metrics such as the Common Vulnerability Scoring System (CVSS).
Detailed Report: We will provide a comprehensive report that includes the list of identified vulnerabilities, the potential impact, and mitigation recommendations.

Advantages of using EVA software:

Accuracy: EVA reduces the number of false positives thanks to its ability to analyze the specific contexts of vulnerabilities.
Efficiency: Automated scanning and machine learning capabilities deliver results faster than traditional tools.
Adaptability: EVA is highly configurable and can be used in complex environments, including legacy systems, cloud, and hybrid applications.

CRI (Cyber Risk Investigation)

Our CRI service focuses on collecting and analyzing publicly available information that could put your business at risk. Our main activities include:

Exfiltrated Credential Detection: We continuously monitor the dark web and other public platforms for stolen or exfiltrated credentials belonging to the company or its employees.
Company mention monitoring: We check whether the company name, its assets, or other sensitive information appears in forums, social media, public databases, or illegal platforms.
External threat identification: We analyze potential threats or malicious actors that could target the company, ensuring a timely and proactive response.
Detailed periodic reporting: We provide regular reports with strategic insights and alerts to maintain a clear overview of emerging threats and protect sensitive data.

The service will be provided entirely in SaaS (Software as a Service) mode, without the need to install complex hardware or software. You will have access to a dedicated web platform for:

Monitor identified vulnerabilities and OSINT analysis results in real time
View an interactive dashboard with automatic notifications and updates.
Manage multi-user access for your team.
Access historical reports and collected data securely for comparative analysis.

Cybersecurity Awareness

Our Cybersecurity Awareness service is designed to improve staff awareness of cyber risks through practical simulations and training courses. The package includes:

Phishing Simulations: Customized phishing attack simulations to test employee readiness and preparedness. Attacks are simulated based on business contexts, with detailed reports to evaluate performance and identify areas for improvement.
E-learning Training Course: A comprehensive, interactive course, accessible online, covering key cyber threats and best practices for ensuring corporate security. Unlimited access to the training portal with interactive modules, assessment quizzes, and a certificate.

Why choose FBITech

✔ We collaborate with market-leading technologies like CyLock
✔ We offer a transparent approach, with clear and actionable reporting
✔ We are a reliable partner for small, medium, and large businesses
✔ We provide certified and up-to-date expertise

Frequently asked questions

What exactly is a computer vulnerability?

A vulnerability is a weakness in a software or hardware system that can be exploited by an attacker to compromise security. It’s like an open door or a broken window: a cybercriminal can detect it and use it to gain access to your system and steal sensitive data. Common vulnerabilities include weak passwords, outdated software, and incorrect configurations.

How are your services different from traditional tools?

Traditional tools require 14 complex steps and specialized expertise to obtain results that are often riddled with false alarms. With CyLock technology, we reduce everything to just 2 simple steps: insert the target and run the test. Artificial intelligence automatically handles configuration, analysis, vulnerability assessment, and professional report generation.

Why do you guarantee "zero false positives"?

The key difference is that CyLock technology doesn’t just look for vulnerabilities, but actually tests them to verify whether they’re actually exploitable. It’s like the difference between an inspector reporting a potentially faulty door and one actually trying to open it to confirm the problem. This completely eliminates false alarms that waste valuable time.

Will the tests interfere with our daily operations?

Assolutamente no. Our tests are designed to be completely non-invasive. We don’t perform DoS attacks, post-exploitation, or privilege escalation. Your business continuity is 100% guaranteed. It’s like a medical checkup: we identify problems without compromising the patient.

What is the difference between Vulnerability Assessment and Penetration Testing?

Vulnerability Assessment identifies all potential vulnerabilities quickly and cost-effectively, like a general health check. Penetration Testing simulates a real hacker attack and is slower and more expensive, like specialized surgery. Our services offer a middle-ground approach: the speed of VA with the accuracy of PT, eliminating false positives thanks to CyLock’s AI.

How does Dark Web monitoring work?

Our Cyber Risk Investigation service uses advanced intelligence techniques to constantly monitor the Web, Dark Web, and Deep Web for information regarding your company: stolen credentials, compromised databases, company documents, cookies, and other sensitive information. We provide you with a report with concrete actions to take before this data becomes a problem.

Do your services work on all operating systems?

Yes, completely. CyLock technology is designed to work with all major operating systems (Windows, Linux, Unix) without distinction. The software automatically identifies the target operating system and adapts the tests accordingly, without requiring any manual configuration on your part.

Can I see a sample report before I decide?

Certainly! We can provide you with demo reports for both services (Vulnerability Assessment and Cyber Risk Investigation). Our reports are structured into two sections: a high-level section for management with an overall risk overview, and a detailed technical section for IT teams with all the information needed for remediation. Contact us for specific examples.