Cyber risk is a major concern which has been increasing for several years. Since 2006, KEREVAL has developed a recognized expertise in cyber security through

  • Consulting and auditing activities recognized by the qualification “Information Systems Security Audit Provider” (PASSI) obtained for the first time in 2018.
  • A strong expertise in cybersecurity of embedded systems and IoTs

In the context of R&D activities, numerous academic partnerships (ENSTA, Supélec, Institut Mines Telecom…) have enabled the development of specific state-of-the-art cyber operational tools.

Embedded systems

Kereval is particularly present in the world of cyber audit of embedded equipment. The company, specialized in software testing, secures the entire chain “from the object to the cloud”, i.e. embedded and offloaded.

The mastery of software and hardware security, embedded protocols (CAN, LIN, SPI, I²C…) as well as radio technologies (Bluetooth, LoRa, NFC, BLE…) allows to bring a global vision of cybersecurity and to appreciate all the risks affecting embedded equipment.

Kereval’s expertise in sectors such as automotive or agri-business, as well as its good knowledge of the standards in force, represents a major asset for our partners, allowing them to precisely evaluate the impact of the detected vulnerabilities.

PASSI Qualification

With 18 years of experience, Kereval advises its clients how to professionalize their software quality approach and assists them in the development of their business strategy.

This qualification, initially obtained in 2018, and then renewed in 2021, was obtained for the following activities, as provided for in the PASSI standard:

  • Intrusion tests
  • Configuration audit
  • Architecture audit

The ANSSI qualifies Kereval as an “Information Systems Security Audit Service Provider” in the framework of the decree n°2015-350 of 27 March 2015, through its qualified audit process.

Intrusion testing

This involves carrying oudits with the aim of detecting a maximum number of application vulnerabilities on external and internal interfaces, i.e. on services exposed on the Internet or accessible from the internal network.

The intrusion test consists of identifying and classifying the anomalies, and then providing a set of recommendations to facilitate the correction of the discovered flaws.

Configuration Audit

As part of a configuration audit, Kereval verifies the implementation of state-of-the-art security practices for the configuration of software components (operating system, application servers, databases, …)

Architecture Audit

Kereval offers consulting services in architecture security: analysis of network equipment configurations (firewalls, routers, etc.) and in-depth defense of an information system.

Consulting and support

Kereval also carries out risk analyses and assists its clients in the creation of approval files in accordance with ANSSI guidelines and recommendations

They trust us