Assessing vulnerabilities and exposure

To respond to the increasing need for digital security, Cyllene’s CyberSecurity offers an overall approach comprising four aspects that are complementary, coherent and operational:


Falcon - Bastion - Sentinel - Javelin


For the Business to create Value, mastering the digital environment is an increasingly essential aspect. Exponential growth in volumes, new web services, mobile working, strategic maximization of data thanks to AI and the blockchain, the healthy dynamic of the IoT ecosystem and the complexity of IT system interconnections are both challenges and opportunity or risk factors for the Business.

Our Digital Security offer is Cyllene’s response to the expectations of managers to plan and organize (Falcon), deploy and protect (Bastion), diagnose and measure (Javelin), assess and anticipate (Sentinel), while meeting the regulatory obligations and the legal and insurance requirements; it completes the “Security By Design” process already up and running in all the Group’s other offers.


Javelin is part of the overall process of cybersecurity risk control, implemented through Bastion and Sentinel.


The principal action will be to carry out upstream audits (supporting a Falcon-type process to provide a reliable initial diagnosis), or downstream of the implementation of measures to assess the residual vulnerabilities.

Pen Test

Intrusion tests are carried out from inside or outside the audited information system to discover vulnerabilities and examine the impacts they have and the action that can be taken. The auditor thus plays the role of potential attacker in real conditions. The Pen Test completes and improves the effectiveness of other audit tasks, or demonstrates the feasibility of using the flaws and vulnerabilities discovered for awareness-raising purposes.

Organizational & Physical Audit

The audit concerns the security documentation and guarantees:
◦ Compliance with the security requirements and the standards in force
◦ Adaptation to the technical measures implemented
◦ Practical application and effective maintenance
The physical security audit will focus on the safety of buildings, IT rooms or offices: access controls, intrusion, CCTV, etc.

Social Engineering/Phishing

Exploitation of human vulnerabilities or those associated with the entity’s organization to access confidential information or certain assets. Social engineering tests create a real situation to help identify the awareness-raising actions to be implemented as a priority, together with the populations to be targeted, or to verify the effectiveness of a campaign.

Architecture Audit

Verification that security practices related to the choice, the positioning and the implementation of hardware and software deployed in an information system comply with the state of the art and the in-house requirements and rules of the audited party. The audit may be extended to interconnections with third-party networks.

Configuration Audit

Verification of the implementation of security practices that comply with the state of the art and the in-house requirements and rules of the audited party on the configuration of the hardware and software deployed in an information system.

Red Team

Red Team intrusion tests assess a business’s critical assets by testing out its different means of protection, be they physical, human, organizational or IT. This test is carried out in different stages over several weeks, to meet the objectives set by the Management.

Industrial systems audit

Assessment of an industrial system’s level of security and the associated control mechanisms: architecture audit, an audit of the configuration of the elements that make up the architecture and organizational and physical audit.

Audit of Source Codes

Analysis of all or part of the source code or the conditions for compilation of an application to discover its vulnerabilities, arising from programming or logic errors, which may have an impact on security.

Are you interested?
Complete our form

The replies to the headings “title”, “first name”, “surname”, “email”, “subject” and “message” are compulsory and necessary if we are to reply to your request. The replies to the other headings are optional.

The information collected is processed in accordance with the website confidentiality policy, which can be accessed at policy/.

In compliance with law no. 78-17 of 6 January 1978 on information technology, files and freedoms, as amended, and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, you may exercise your right to access, rectification, objection, erasure and portability by sending a written request together with a valid proof of identity to or DPO – CYLLENE – 93/99, rue Veuve Lacroix 92000 Nanterre.

Gérer mes Cookies

Les cookies sont importants pour le bon fonctionnement d'un site. Afin d'améliorer votre expérience et nos services, nous utilisons des cookies pour collecter les statistiques en vue d'optimiser les fonctionnalités de notre site Web.

Vous pouvez choisir de bloquer certains types de cookies. Sélectionnez votre choix concernant chaque catégorie de cookie. Cliquez sur «soumettre les préférences » pour valider vos choix.

Mesure d'audience

Ces cookies servent à mesurer et analyser l’audience de notre site (nombre de visiteurs, pages vues, durée sur le site, etc.) afin d’en améliorer la performance.

To receive our product sheet,
please enter your email address

To download our document, please enter your email address