This level goes beyond the organization's logical and physical boundaries (materialized by its security solutions) and seeks information that, directly or indirectly, may affect the organization's security. Information conveyed by channels such as deep surface & dark web / darknet, Tor, Freenet, I2P, Riffle, among others, consolidated into Hardsecure OSINT engine framework, provide excellent commitment indicators that allow a preventive reaction to security incidents.
Execution of security audit services based on controls of the main security standards, according to the organization's business (IT, IoT, OT, …), as well as analysis of vulnerabilities and injection of security incidents, with injection of zero-day/zero-hour exploits, to applications, ports, services, protocols, databases into infrastructure & cloud, web, mobile, Wi-Fi under methodologies black-box, gray-box and white-box. In addition, this level is complemented with response capabilities against security incidents, ensuring the correlation, detection and correction/mitigation of attacks against botnets, DDoS, fuzzing, trojans, ransomware, phishing and its aspects, social engineering attacks, mobile malware and widespread malware.