IT Security Consulting we know where your risks are.
Security analysis, penetration tests and awareness training from a single source. We examine your environment, show the real risks and deliver a prioritised action plan your team can implement. On request, we take on the implementation as well.
Holistic information security is what we stand for.
We analyse, implement and monitor, instead of just handing over a report.
Security is not a product, it is an interplay.
Security analysis
We examine systems, networks and processes, find weaknesses and prioritise them by real risk, not by gut feeling.
Penetration tests
Controlled attacks on perimeter, web applications and internal systems. Black, grey and white box, in-house or with a specialised partner depending on scope.
Awareness training
Phishing simulations and practical training that measurably raises your employees' security awareness.
Implementation & hardening
From endpoint protection through email security to the firewall, we implement the measures with you or take them on entirely.
Ongoing monitoring
Security does not end with the report. On request we monitor your environment in operation and respond to incidents.
One point of contact
Analysis, implementation and operation from a single source. No interface ping-pong between consultants, vendors and support.
We attack before someone else does.
A penetration test does not show what is theoretically possible, but what is actually exploitable in your environment. We test under controlled conditions and deliver a verifiable proof for every gap.
- External and internal: perimeter, web applications and the internal network.
- Black, grey or white box, tailored to your goal and budget.
- Simpler tests we run ourselves, for specialist depth we work with proven partners.
- Proof of concept instead of theory, plus a concrete recommendation per finding.
- Re-test after remediation, so findings turn into gaps that are actually closed.
This is what a finding looks like with us.
$ clearmedia-assess --scope perimeter,web,internal
[OK] 1,842 hosts checked 12 findings
--------------------------------------------------------
[CRITICAL] Outdated VPN gateway, known vulnerability
→ exploit reproduced, access to internal network
Recommendation: firmware update + enforce MFA
[HIGH] RDP reachable openly from the internet
Recommendation: place behind VPN, set geo filter
[MEDIUM] Email without DMARC enforcement
Recommendation: policy to "reject", anti-spoofing
--------------------------------------------------------
Action plan : 3 quick wins · 5 mid-term · 4 strategic
Re-test : recommended after the quick wins are doneMost attacks target people, not machines.
Firewalls and endpoint protection do not help when someone clicks the wrong link. We turn your employees into the strongest line of defence, with training that sticks in everyday work.
- Phishing simulations with realistic scenarios, evaluated without naming and shaming.
- Practical training for every role, from the front desk to management.
- Measurable metrics so you can see progress over time.
- Recurring rather than one-off, because awareness is not a one-day affair.
Analyse, implement, monitor.
| Inventory | Systems, networks and processes captured in a structured way |
| Vulnerability check | Automated scans plus manual review |
| Risk prioritisation | By likelihood of occurrence and potential damage |
| Result | Written report with a prioritised action plan |
| Hardening | Secure endpoints, email, firewall and access |
| Quick wins first | Greatest effect for least effort first |
| Hand in hand | With your team or entirely by us |
| Platforms | Windows, Apple and Linux alike |
| Ongoing operation | Security as a process, not a one-off project |
| Early detection | Spot anomalies before they cause damage |
| Response | Clear procedures for the emergency |
| One point of contact | Consulting and operation from a single source |
From the enquiry to the closed gap.
Scoping
In the first meeting we clarify goals, scope and systems. NDA signed, fixed price named.
Analysis & tests
Technical review on-site and remote, including penetration tests within the agreed scope.
Report & action plan
A report that management and technicians both understand, with prioritised measures.
Implementation & re-test
On request we implement the measures and verify in a re-test that the gaps are closed.
IT security has long been a matter for the boardroom.
Cyber attacks now hit small and medium-sized companies too, often automated and untargeted. Those who check early protect not only data and systems, but also reputation, liquidity and competitiveness.
- More attacks: phishing and ransomware grow year after year, in the SME segment too.
- Sensitive data: customer, staff and financial data deserve protection, and not only for legal reasons.
- Connected systems: cloud, home office and mobile devices enlarge the attack surface.
- Reputation and trust: an incident quickly costs more trust than money.
- Financial impact: downtime, recovery and extortion add up, prevention is cheaper.
- Competitiveness: those who can prove security win contracts, especially as a supplier.
Consulting that does not stop after the report.
| Criterion | ClearMedia | Pure security consultant |
|---|---|---|
| Implementation & operation afterwards from one source | usually report only | |
| On-site and remote in the Zurich area | often remote only | |
| Windows, Apple and Linux covered | often Windows-focused | |
| Own provider with cloud in two CH data centres | – | |
| Fixed price after scoping | open hourly billing | |
| Prioritised action plan instead of a 200-page PDF | standard report |
What clients ask before a security analysis.
The analysis looks at systems, configurations and processes from an overview perspective and shows where you stand. A penetration test goes into depth and proves with controlled attacks which gaps are actually exploitable. The two complement each other.
We run simpler tests with our own know-how. For very specialised or deep tests we work with proven partners and coordinate that for you. This way you get the right depth without having to manage several providers.
Especially there. Most successful attacks start with an email to an employee. Even a few realistic phishing simulations and short training sessions noticeably reduce the risk, regardless of company size.
That depends on the scope. After a short scoping conversation we name a fixed price, no open hourly billing. That way you know where you stand from the start.
Yes, ClearMedia is ISO 27001 certified. However, we do not offer ISO 27001 certification for clients, our focus is on practical security: analyse, implement, monitor.
Yes. Many clients use the consulting as an entry point and then let us operate endpoint protection, email security or the firewall. You have one point of contact for everything, on-site and remote.
Do you know where your biggest security risks are?
We find out with you, with an analysis that fits the size of your company. Written findings, prioritised measures, one point of contact.