Functional IT security thrives on comprehensive prevention


@-yet carries out a four-part check to make sure your enterprise is as digitally secure as possible:


We analyse the robustness of your existing IT; we assess the physical security of your buildings; we examine the human factor; and we review the current security regulations and structures. We can then develop preventive measures tailored for your company. We always work transparently and in partnership with your IT managers.

IT resilience check

Quick check

The rapid test for your IT security: @-yet experts subject your IT to a rapid but comprehensive test based on interviews and documentation. This gives us an overview of where to find any weak points in your ISMS, IT infrastructure, etc. Use the quick check to identify areas where more comprehensive analyses and digital security measures are needed.

Penetration testing

We consider your enterprise from a hacker’s point of view, and carry out realistic cyberattack simulations on your hardware and software. Every pentest is tailored to your enterprise and can be relied on to highlight any vulnerabilities.

Red teaming

A red-team assessment simulates a cyberattack on a broad front, using every weapon available. An entire group of diverse @-yet specialists “attack” your enterprise, identifying technical, physical and human vulnerabilities in your IT security. The “red team’s” findings are used as the basis for a comprehensive security scheme.

Threat hunting

There is an important difference between IT security and football: when the opponent attacks your IT systems, all too often the attack goes unnoticed. It’s all a matter of defence. We always assume that your system is under attack, or has already been penetrated. We use various patterns and indicators to identify attacks, launch a defence and repair any damage.

Cloud security

The cloud floats outside the company. This means that using cloud services always involves outsourcing data and company tasks – and that means a potential loss of control. @-yet makes sure that you remain master of your digital assets, even those in the cloud.

Mobile device security

Mobile devices can soon become more mobile than you would like if they are lost or stolen. It doesn’t take long for company data and network access details to fall into the wrong hands. There are also more and more cyberattacks targeting smartphones and similar devices. @-yet develops mobile device strategies, for your IT security on the go.

Web and mobile application check

We check your company-wide software (whether developed in-house or third-party software) for vulnerabilities. Your own web and mobile apps, directly connected to the internet, make particularly popular targets for cyberattacks. We can also provide comprehensive advice and security training to strengthen your in-house software development.

Code review

@-yet reviews the entire application architecture from front-end to server, and carries out detailed source code analyses. These analyse the security aspects of software functionality and expose systematic, logic or implementation bugs.

WLAN/WiFi security

Going wireless is like travelling with no seatbelt. WLAN may bring mobility to your workplace, but the internet in the ether is difficult to secure, and exposes numerous potential attack targets – even from a distance. @-yet analyses your wireless network, performs test cyberattacks and develops measures to improve your security.

Physical security check

Building and premises check

Are hackers strolling through your company’s front door? Often, companies simply don't keep track of who’s wandering in and out of the premises. In large organisations, strangers can often walk about unnoticed – and easily steal sensitive data and damage IT equipment. We assess your building and premises for physical vulnerabilities, check your access and locking systems and test for unauthorised access.

Human awareness check

Social engineering training

Computers aren’t all that can be hacked – humans are also susceptible, via the psychological interface. Hackers try to trick the subject into disclosing information about personal contacts, launching a tampering attack, or implementing malware – perhaps spyware targeting co-workers. We provide training and realistic tests to raise awareness among your employees and increase resilience against this kind of attack.

Security awareness & live hacking

We sharpen your security senses. In the @-yet workshops, we demonstrate live under realistic conditions how hackers work and how they can penetrate your company network. We use real examples to raise employee awareness of the importance of IT security and the role that the human plays as a potential weak point.

Phishing campaigns

It’s just like real fishing: the more realistic the bait, the more likely it is to get a bite. We simulate phishing emails and test whether external links are clicked, email attachments opened or data passed on. We guarantee you at least one “Aha!” moment. @-yet teaches your staff about the issues, trains them to spot phishing attacks and explains how your company can sustainably protect itself with a good security model.

Open-source intelligence (OSINT)

What information do other people have about your company? An important element of IT security is checking and “capturing” data that is currently circulating freely available online and which could provide hackers with information about potential vulnerabilities. @-yet carries out comprehensive data collection in digital channels. We use our findings to draw up potential threat scenarios and derive preventive measures.

Structure and process check

Analysis of your organisation and rules

@-yet analyses the completeness and maturity of your IT security management system (ISMS). Is everyone in the company playing by the same security rules? We use interviews and document reviews to compile a detailed picture of the existing IT security rules, structures and procedures. What are the processes and escalation mechanisms? Have they been documented? Can your employees use them?

Certification support

Meet, or, better, exceed expectations! @-yet helps your company to obtain and maintain official IT security certification such as ISO/IEC 2700X, VdS 10000, Common Criteria, TISAX, BSI-Grundschutz (baseline protection). Prove to current and potential customers and business partners that your IT security is trustworthy. It’s good for business!

Speak to the @-yet experts directly

@-yet perspective

You can’t outsource problems. Prevention means putting enterprises in a position where they can solve their own difficulties.

Wolfgang Straßer – Strategy