CONTACT US

Metabase Q Solutions

Sales Proposals

One Shot Services
Montlhy Subscription Services




Otther Services:










Talk with Sales
Get Pricing Print
Proposal for
Add Your Heading Text Here
Proposal By:
June 7, 2023

WHAT IS METABASE Q?

The fast, trusted way to secure your business.
Metabase Q is the end-to-end cybersecurity platform for companies in Latin America – combining scalable managed services, proprietary threat intelligence, and security orchestration and automation to enable corporations to level up their cybersecurity, quickly.

Strength In Numbers

The largest and fastest growing companies have joined forces with Metabase Q to secure their businesses.

Partners with the best technologies

We built our approach to make it more affordable (and easier) for businesses to stay safe

The combination of offensive and defensive services of our teams allows your company to have security that evolves and continually adjusts to current risks.

Our cybersecurity solutions are offered via a monthly subscription with possible add-ons

Request your personalized quote or speak to a member of our team to learn why the best companies choose Metabase Q.

OFFENSIVE

APT Simulation

APT Simulation for Security Validation

1

Spear Phishing + Social Engineering

Attacks on the mail gateway to deliver malicious e-mails

2

Controlled Execution

Controlled malware execution and exploits on endpoints

3

Lateral Movement

Lateral movement techniques to gain access to additional resources

4

Data Exfiltration

Execution of data exfiltration techniques

OFFENSIVE

Threat Intelligence

Continuous improvement across advanced threat intelligence
  • Executive dashboard
  • Specialized cyber intelligence team
  • Broad visibility
  • IOCs focalizados por región y sector
  • Mandiant partnership for global view

OFFENSIVE

PoS Pentesting for Security Validation

The goal of this service is to evaluate the security of point-of-sale devices from three attack vectors: hardware, software and signaling, allowing the proactive identification of vulnerabilities as well as a continuous improvement in the configuration and hardening of these devices.

Ejemplo de extracción de Firmware o Memoria Flash
Analysis Strategy

Test Bed Setup: In this initial stage, the device is replicated in our laboratory to understand and test its end-to-end operation.

Blackbox: Attacks at the hardware level trying to obtain sensitive information that allow us to understand the operation of the device, such as Firmware or Flash Memory extraction.

Main-In-The-Middle: Attacks without taking advantage of device knowledge: With our own technology through ELMA, we verify the communication between PoS and card at EMV and SIM card level.

Whitebox: Identification of vulnerabilities by analyzing the source code of components including but not limited to: authentication bypass, encryption errors, privilege escalation, information disclosure, local and remote code execution, device impersonation, etc.

Protocol Stack level Pentest:

  • Bluetooth/BLE: L2CAP, SDP, Pairing, ACL
  • NFC: APDUs, Secure Element, PAywave, Paypass, Express Pay kernels, ISO/IEC 14443
  • USB: Spoofing, Rubber Ducky, Replay, Tampering

OFFENSIVE

Security testing of mobile applications

Expertise in mobile banking application analysis
  • Validation of security in communication channels
  • Validation of sensitive data
  • Interaction with APIs
  • Functionality testing at API endpoints
  • Functionality exposed to other applications
  • Validation of application security methods
  • Validation of methods against modifications and manipulation in the applications.
  • Android and iOS coverage
  • Reverse engineering ARM-based libraries

OFFENSIVE

Payment Switch Pentesting

We released the first and only transactional switch secure code guide which covers the following points:

  • Bad Memory: Errors in the handling of index, tokens and variables in the transaction.
  • Bad File: Errors related to file handling causing read and write errors and erroneous pointers at memory level affecting service availability
  • PCI Violation: We validate the protection of banking information in motion and at rest.
  • Abends: Unexpected generation of abends during operation with tokens, memory and memory file uploading..
  • Validación del protocolo 3DSV2: Analysis on the implementation of the protocol for secure authentication dsd.
  • Device Handlers: Device drivers for PoS and ATMs are evaluated to ensure correct processing of received messages

We review authorizers at the Banking/Transactional Switch level for ATM and PoS, identifying transactions being approved erroneously, unplanned reversals, abends affecting service availability, PCI violations.

Our methodology is agnostic to the Busy Switch technology: Base24, Postilion, ACCL, ACH Transfers, Device Handlers, T24, etc.

OFFENSIVE

ATM Pentesting for Security Validation

Penetration tests efforts are focused on performing attacks on the main ATM components (Dispenser and CPU Core) with a view to demonstrate attack scenarios according to the following categories of abuse:

  • Jackpotting: ATM attack which the objective is to make the node perform unauthorized cash dispensing.
  • Carding: Attack that compromises card information, transactional information, and customer authentication (e.g. PIN) and/or the enabling of counterfeit cards at the ATM.
Independent compliance validation and/or QA requirements Security to reduce ATM operation risk
  • ATM configurations
  • Integrations with backend
  • Validation of attack indicators (events and alerts) for operation.
Hardware and Software Security Validation to reduce supply chain risk.
  • Third-party hardware integration (Multivendor)

DEFENSIVE

Managed Detection & Response (MDR)

Service Structures / SOC Component

Alerts Management

24/7 information in real time and decision making in a single click

Cobertura Tecnológica

Defensive

Platforms Management

We can integrate and manage security tools and agents.

We seek to provide coverage, to know the installation status and to be able to manage registrations and cancellations. 

Batuta logo white bg

Batuta has the ability to integrate and manage security tools and agents. We are looking for speed and efficiency in the deployment.

DEFENSIVE

CISO as a Service

The CISO as a Service service provides companies with a highly qualified and experienced information security professional who acts as a member of your organization.
Among the most important functions that a CISO as a Service can perform are the following:

  • Design and implementation of processes, architecture and technology to build the cybersecurity strategy from scratch
  • Fraud prevention (internal and external)
  • Security audit to check the effectiveness of your tools
  • Secure move to the cloud
  • Support of a new paradigm of remote work
  • Response to critical incidents
CISO enables regulatory compliance, manages the cloud and responds to incidents 24/7, meeting all the requirements of compliance frameworks

Metabase Q Cloud I Elevate

Cloud Migration Strategy and Roadmap

Our services can be contracted in the following modalities

Projects

By specific objectives in any of our areas of expertise.

Managed Services

Complete teams dedicated to managing your entire cloud infrastructure and security, including the implementation of DevOps methodologies.

Staffing

We provide human resources in our different areas of expertise.

Metabase Q Cloud I Elevate

Cloud Migration

Our services will help you reduce time to market.

You’re not hiring individuals, you’re hiring a team certified in AWS, Google Cloud, Azure, Kubernetes and expert in other technologies such as:

  • Terraform
  • CI/CD
  • Log Centralization
  • Linux
  • Jenkins
  • Docker
  • Python
  • Ruby
  • Cheff
  • Saltstack
  • Puppet
  • Ansible
  • gruntwork.io

Metabase Q Cloud I Elevate

DevOps Practices

Cloud infrastructure management services and DevOps methodologies are ideal for all types of organizations. Our multidisciplinary team offers guidance and expertise in managing various areas

Automation

Automation of software development lifecycles.

Cost Optimization

Create and/or customize CI/CD pipelines

Observability

Automate infrastructure as a deployment of code

Availability

Collaborate with engineering teams to find the best options for implementing and deploying IT solutions in the cloud.

Scalability

Follow security and compliance guidelines and best practices.

Total Price

This price includes fees for subscription services

Price for one shot payment services

Price for Subscription services

Terms and Conditions

  • The prices in US dollars mentioned above do not include VAT.
  • The payment must be covered before the start of the project.
  • The client may cancel at any time with a notice of 90 days in advance
  • Payments will be made by electronic transfer of funds immediately available to the bank account indicated for this purpose by Metabase Q.
  • The information exchanged by Metabase Q and the customer is confidential and will be subject to the terms and conditions described in the NDA previously concluded.
  • The parties may enter into a contract incorporating the terms and conditions set forth herein, but regardless of the conclusion of such contract, this proposal is valid and enforceable between the parties from the date of signature of this proposal.
  • The interpretation and compliance with the terms set forth herein shall be subject to the applicable law of Mexico City.
  • This proposal is valid until 30 days after it is sent.
Confidentiality
For purposes of this Project, the Parties agree that the term “Confidential Material” means any information, written, graphic or contained on any tangible or intangible media that Metabase Q delivers to
for the provision of the Services and identifies it as confidential. The term Confidential Material does not include information that (I) is available to the general public, (II) was made available to Metabase Q without the character of confidential before what is established herein, or (III) was made available to Metabase Q, without the character of confidential, by another source without obligation of confidentiality. To maintain the confidentiality of this material,
agrees to: (I) not use the Confidential Material, except for the provision of the Services; (II) not to disclose, -except by order of a judicial authority or administration – the Confidential Material to any person except its directors, employees, advisors and representatives (collectively the “Representatives”) who need to know the information; said Representatives undertake to keep it confidential, and (III) not to use the Confidential Material for their own purposes or those of third parties.
Restrictive covenant agreement
Restrictions on use, disclosure of content and the price of this service. The information contained in this service proposal or quote constitutes an industrial secret and is therefore classified as confidential. It is revealed to
with the restriction that it will not be used or disclosed, without the permission of Metabase Q, for purposes other than your evaluation; agreeing to protect the Confidential Information received, using a reasonable degree of care, but not less than the degree of care used to protect your information or similar material. In the event that the contract is concluded based on this proposal,
has the right to use and disclose this information using the clauses provided in the respective agreement. This restriction does not limit the right to
to use or disclose this information if it was obtained from another source without obligation of confidentiality. Restrictions on Providing an Electronic Copy. In the event of any discrepancy between the electronic and hard copy of this proposal, Metabase Q will guarantee only the hard copy.
Open the link to review the legal contract details
See details
 
 

Name:
Date:

Mauricio Benavides CEO
Privacy Policy © 2023 Metabase Q. All rights reserved.