Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response.
Designed to monitor, control and alert when endpoints are compromised.
An endpoint detection and response tool for advanced threats.
Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response. McAfee Active Response is a leading innovation in finding and responding to advanced threats. As a key part of an integrated security architecture, it offers continuous visibility and powerful insights into your endpoints, so you can identify breaches faster and gain more control over the threat defense lifecycle. McAfee Active Response gives you the tools you need to correct security issues faster in the way that makes the most sense for your business. Key features include:
Collectors: Find and visualize data from systems.
Triggers and persistent collectors: Continuously monitor critical events or state change with one set of instructions.
Reactions: Get pre-configured and customizable actions when triggered, so you can target and eliminate threats.
Centralized management with McAfee ePolicy Orchestrator: Use a single console for comprehensive security management and automation.
Supported client operating systems
- CentOS 6.5, 32-bit
- RedHat 6.5, 32-bit
- Microsoft Windows
- Windows 8.0, Base, 32-bit, and 64-bit
- Windows 8.1, Base, U1; 32-bit and 64-bit
- Windows 2012, Server Base, R2; U1; 64-bit
- Windows 2008 R2 Enterprise, SP1, 64-bit
- Windows 2008 R2 Standard, SP1, 64-bit
- Windows 7 Enterprise, up to SP1; 32-bit and 64-bit
- Windows 7 Professional, up to SP1; 32-bit and 64-bit
Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
The process for performing digital forensics comprises the following basic phases: Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.
Over the last decade, the number of crimes that involve computers has grown, spurring an increase in companies and products that aim to assist law enforcement in using computer-based evidence to determine the who, what, where, when, and how for crimes. As a result, computer and network forensics has evolved to assure proper presentation of computer crime evidentiary data into court. Forensic tools and techniques are most often thought of in the context of criminal investigations and computer security incident handlingóused to respond to an event by investigating suspect systems, gathering and preserving evidence, reconstructing events, and assessing the current state of an event. Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
During a forensic investigation Cognosec will identifyi potential data source and acquire the data from the sources. Data acquisition will be performed using a three-step process:
- developing a plan to acquire the data
- acquiring the data
- verifying the integrity of the acquired data
After data has been collected, the next phase is to examine the data, which involves assessing and extracting the relevant pieces of information from the collected data. This phase may also involve bypassing or mitigating OS or application features that obscure data and code, such as data compression, encryption, and access control mechanisms. Once the relevant information has been extracted, Cognosec will study and analyze the data to draw conclusions from it and then prepare and present the information resulting from the analysis phase.
Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach.
Cognosec can assist you with the following steps:
- Creating an incident response policy and plan
- Developing procedures for performing incident handling and reporting
- Setting guidelines for communicating with outside parties regarding incidents
- Establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies)
- Determining what services the incident response team should provide
- Training the incident response team
Combating malicious software and events in your environment isn’t just a matter of implementing the right technological solutions. Effectively combating malicious activities is a solution that combines people, processes, and technology.
Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach. Cognosec’s Incident Response solution will also help establish new defenses, protecting your systems and data from future attacks
According to the SANS Institute, there are six steps to handling an incident most effectively:
Preparation: The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.
Identification: The response team is activated to decide whether a particular event is, in fact, a security incident. The team may contact the CERT Coordination Center, which tracks Internet security activity and has the most current information on viruses and worms.
Containment: The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.
Eradication: The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.
Recovery: Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence.
Lessons learned: The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations.
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls] This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources
Cognosec’s extensive experience and expertise in the Governance, Risk, and Compliance (GRC) sector has proven invaluable to countless organizations expecting to meet internal and external requirements in preparation for receiving certification. Cognosec’s independent and objective assessment on the policies and processes fulfills four major roles:
- Prepares you for the challenging process of certification.
- Avoids the potentially severe financial loss you may suffer for being incompliant with external regulations
- Prioritizes the corrective measures in order of maximum efficiency and effectiveness to your business processes.
- Ensures your regulators, customers, and shareholders that proper due diligence measures have been taken.
Our specialists will work side by side with the compliance, security, and risk officer in the design and improvement of company frameworks, guidelines, and processes.
Cognosec will provide you with an independent and holistic evaluation of your organization’s tasks and activities used for planning, implementing, controlling, and monitoring organizational information security activities.
As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment. The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls. The Do phase involves implementing and operating the controls. The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS. In the Act phase, changes are made where necessary to bring the ISMS back to peak performance
No matter how big or small an organization is, having a well-established Information Security Management System (ISMS) is necessary. Data and information systems need to be kept secure, therefore every facet of your system needs to be taken into consideration. You are only as strong as your weakest link after all. Cognosec will provide you with an independent and holistic evaluation of your organization’s tasks and activities used for planning, implementing, controlling, and monitoring organizational information security activities. Security frameworks can be designed and tailored to your requirements. Cognosec covers everything you need throughout the establishment, development, and maintenance of your new ISMS including the implementation of state-of-the-art GRC solutions, enabling you to automatically map your organization’s business policy framework to industry best-practice frameworks.
The development of an ISMS framework based on ISO/IEC 27001:2005 entails the following six steps:
- Definition of security policy
- Definition of ISMS scope
- Risk assessment (as part of risk management)
- Risk management
- Selection of appropriate controls
- Statement of applicability
The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment.
Penetration testing is recommended annually, and in the event of major changes to your infrastructure. It is essential for companies holding intellectual property, information linked to personal identities, or financial information such as credit card data – and is often mandated by regulators. Penetration testing will help:
- Prevent severe financial losses that could arise due to unreliable infrastructure or fraud
- Provide the necessary proof of due diligence for regulators, customers, and shareholders
- Protect the brand from the dreadful loss of reputation
Penetration testing is a crucial element in securing your IT systems. Our team of experts can simulate an attack on multiple levels to determine whether sensitive data is at risk. The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment. The assessment identifies weaknesses and vulnerabilities and quantifies the severity thereof – providing the information needed to address and control the threats.
Penetration testing is a ‘mock’ or staged attack to identify vulnerabilities in information systems. Our testers, ‘white hat hackers’, put themselves in the position of someone determined to gain access to resources without knowledge of usernames, passwords and other normal means. Like a hacker or cyber criminal, they try every trick in the book, every possible plan of attack. They find the ways applications could be modified, and confidential information such as price lists or customer databases stolen or subverted. They then provide a report – explaining how they ‘broke in’ and how an organisation can avoid it happening ‘for real’.