Filter page

Products

Security Information & Event Management (SIEM)

McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.

McAfee

McAfee

Features

Add-ons:

McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.

McAfee Application Data Monitor – monitor all the way to the application layer to detect fraud, data loss, and advanced threats. This SIEM tool supports accurate analysis of real application use, while enforcing policies and detecting malicious, covert traffic.

McAfee Database Event Monitor for SIEM – complete audit trail of all database activities, including queries, results, authentication activity, and privilege escalations, widening your visibility into who’s accessing your data and why.

McAfee Event Receiver – Collect up to tens of thousands of events per second with a single receiver.

McAfee Enterprise Log Manager – Reduce compliance costs with automated log collection, storage, and management. Collect, compress, sign, and store all original events with a clear audit trail of activity that can’t be repudiated.

McAfee Global Threat Intelligence for Enterprise Security Manager – Constantly updated threat intelligence feed that broadens situational awareness by enabling rapid discovery of events involving communications with suspicious or malicious IPs.

Description

A high-performance security information and event management (SIEM) solution brings event, threat, and risk data together to provide security intelligence, rapid incident response, seamless log management, and compliance reporting—delivering the context required for adaptive security risk management.

Specifications

Supported devices

System requirements

Processor

  • P4 class (not Celeron) or higher (Mobile/Xeon/Core2,Corei3/5/7)
  • AMD AM2 class or higher (Turion64/Athlon64/Opteron64,A4/6/8)
  • RAM — 1.5 GB

Windows operating system

  • Windows 2000
  • Windows XP
  • Windows 2003 Server
  • Windows Vista
  • Windows 2008 Server
  • Windows Server 2012
  • Windows 7
  • Windows 8
  • Windows 8.1

Browsers

  • Internet Explorer 9 or later
  • Mozilla Firefox 9 or later
  • Google Chrome 33 or later

Flash Player

  • Version 11.2.x.x or later

Virtual Machine requirements

  • Processor — 8-core 64-bit, Dual Core2/Nehalem, or higher or AMD Dual Athlon64/Dual Opteron64 or higher
  • RAM — Depends on the model (4 GB or more)
  • Disk space — Depends on the model (250 GB or more)
  • ESM features use pop-up windows when uploading or downloading files. Disable the pop-up blocker for your ESM.
  • ESXi 5.0 or later
  • The minimum requirement is 250 GB unless the VM purchased has more. See the specifications for your VM product.

Links

Data Sheet
Solution Brief
Product Guide 9.6
Insurance Case Study  

Download as PDF

Services

Security Monitoring

The transfer, storage, analysis, and elimination of these security logs can, however, become extremely complex and sometimes even unmanageable for organizations. Cognosec’s solutions allow you to easily log data from sources such as operating systems, network devices, applications, and databases.

Cognosec Services

Cognosec Services

Features

Security monitoring is the gathering, analyzing and presenting information from:

  • network and security devices
  • identity and access-management applications
  • vulnerability management and policy-compliance tools
  • operating-system, database and application logs
  • external threat data

Description

The extent of event logging has evolved incredibly over they years and is now used for almost everything from troubleshooting problems to optimizing system and network performance, tracking user actions, and providing vital information for the investigations of malicious activity. Due to the ongoing implementation of new legislation and the vast deployment of networked servers, workstations, and other devices over the last decade, the sheer amount of logging information available has become incredible. The transfer, storage, analysis, and elimination of these security logs can, however, become extremely complex and sometimes even unmanageable for organizations. Cognosec’s solutions allow you to easily log data from sources such as operating systems, network devices, applications, and databases. We ensure that the data is collected, filtered, normalized, and stored centrally in order to facilitate analysis, correlating, reporting, and alerting. Cognosec fully supports the design, implementation, and customization of log management systems to ensure that the desired objectives are still achieved with absolute minimal impact to performance, resulting in the safest and most easily managed systems possible.

Download as PDF

Incident Response, Business Continuity & Forensics

Security Incident and Event Management (SIEM) tools analyze & provide a consolidated view of the overall security posture in the organization.

Cognosec Services

Cognosec Services

Features

We provide a full service offering from consulting, gap analysis, technology choice, architecture & design, implementation and management of:

  • Managed Compliance Services (eg. Monitoring and reporting based on specific PCI-DSS or SOX requirements)
  • On premise SIEM implementations
  • Hybrid SIEM implementations
  • Cloud based SIEM implementations

Description

Security Incident and Event Management (SIEM) tools are used to collect, correlate, aggregate and store security logs from servers, network devices, DLP Systems, security devices, databases and Access Control Systems (any device that can provide a log file with a security context) on a network. They analyze & provide a consolidated view of the overall security posture in the organization. These systems allow security professionals to quickly identify suspected breaches & malware incidents in near real time and to conduct forensic investigations using historical data. SIEM systems can be enormously expensive and require a high level of skill to run. They require constant tuning and maintenance so it makes sense for many businesses to outsource to experts.

Specification

We provide bespoke managed compliance services for customers who are required to monitor and report on the compliancy of their systems, against certain standards and regulations such as PCI, Sarbanes – Oxley, HIPPA, COBIT, ISO, BASEL II, FISMA, GLBA, NERC, but who wish to outsource this function. Examples of these Managed Compliancy Services are:

  • Managed PCI Compliance
  • Managed IPS Reporting Service for Sarbanes – Oxley
  • Penetration Testing for compliance
  • Security Awareness training for compliance
  • Venerability Scanning Services for compliance
  • Gap assessments and configuration analysis of security tool sets
Download as PDF

Compliance & SIEM Services

Security Incident and Event Management (SIEM) tools analyze & provide a consolidated view of the overall security posture in the organization.

Cognosec Services

Cognosec Services

Features

We provide a full service offering from consulting, gap analysis, technology choice, architecture & design, implementation and management of:

  • Managed Compliance Services (eg. Monitoring and reporting based on specific PCI-DSS or SOX requirements)
  • On premise SIEM implementations
  • Hybrid SIEM implementations
  • Cloud based SIEM implementations

Description

Security Incident and Event Management (SIEM) tools are used to collect, correlate, aggregate and store security logs from servers, network devices, DLP Systems, security devices, databases and Access Control Systems (any device that can provide a log file with a security context) on a network. They analyze & provide a consolidated view of the overall security posture in the organization. These systems allow security professionals to quickly identify suspected breaches & malware incidents in near real time and to conduct forensic investigations using historical data. SIEM systems can be enormously expensive and require a high level of skill to run. They require constant tuning and maintenance so it makes sense for many businesses to outsource to experts.

Specification

We provide bespoke managed compliance services for customers who are required to monitor and report on the compliancy of their systems, against certain standards and regulations such as PCI, Sarbanes – Oxley, HIPPA, COBIT, ISO, BASEL II, FISMA, GLBA, NERC, but who wish to outsource this function.

Managed Compliancy Services are:

  • Managed PCI Compliance
  • Managed IPS Reporting Service for Sarbanes – Oxley
  • Penetration Testing for compliance
  • Security Awareness training for compliance
  • Venerability Scanning Services for compliance
  • Gap assessments and configuration analysis of security tool sets
Download as PDF

Network Security

Network Security components keep your network safe.

Cognosec Services

Cognosec Services

Features

Network Security refers to the security components which reside at the network layer of the business. The network layer connects the individual computers servers, applications and data storage areas together. Many attacks and interception attempts take place at this level, so it is a critical area to protect. The rapid adoption rate of cloud services and smart apps is becoming increasingly complex to manage, for both businesses and individuals in their own capacity. We provide a full service offering for any size of business from 25 users to 80,000 users, ranging from consulting, gap analysis, architecture & design, implementation and management of:

  • Host-based Intrusion Prevention Services HIPS) – For Servers
  • Perimeter facing and Internal facing Firewalls
  • Web Application Firewall Services
  • Network Access Control (NAC)
  • Network Intrusion Prevention (NIPS) Services

Description

Network Security components keep your network safe and include some or all of the following, depending on your requirements:

Firewalls (FW) – These are network devices that operate like border controls – only allowing the traffic you want to pass in and out of your company.

Web Application Firewalls (WAF) – These are similar to firewalls but designed to protect public websites. They only allow specific web traffic through in either direction to protect sensitive or confidential information often held in databases linked behind the website. WAFs are Essential for eCommerce businesses, who need public facing websites that facilitate payments.

Network Intrusion Prevention Services (NIPS) – protects against malicious hidden processes and hacking using devices on the network. These devices process large volumes of traffic and generate many lines of  log data, which have to be managed properly to deliver proper value.

Network Access Control (NAC) – This technology prevents unauthorized (or “Rogue”) devices from joining your network. When a device does not meet your security policies or standards it should not be able to access your network.

Network Data Loss/Leakage Prevention (NDLP) – is a technology which utilizes policies on a computer that helps prevent sensitive data from being transmitted to the wrong people, both inside and outside the company.

Distributed Denial of Service (DDoS) Services –DDoS attacks have evolved into complex and overwhelming security challenges. The attacks target the transport and network layers of a communication system and flood network interfaces with traffic, causing inability to respond to legitimate traffic. This impacts your ability to conduct business using the network or internet, causing financial loss.

By choosing the correct managed cybersecurity services provider, all technologies can be deployed, configured and managed from a central console, but have to be properly tuned and managed to deliver ROI to the End User.

All reporting, remediation and escalation activities coordinated centrally.

Download as PDF

Data Security

Data Security describes how your business protects it’s Intellectual Property or “Crown Jewels”.

Cognosec Services

Cognosec Services

Features

The service would typically involve full or part-time management of some or all of the following technologies:

  • Antimalware
  • Browser Control
  • Endpoint Encryption
  • Host Based Intrusion Prevention
  • Database Security
  • Host-based Data Loss/Leakage Prevention (DLP)
  • Cloud Application Controls & BYOD

Description

Data Security describes how your business protects it’s Intellectual Property or “Crown Jewels”. Data Security is achieved by combining various technologies at specific points on a network and configuring these to work together according to security best practice. Every company’s network will differ slightly from others, so it is important to architect the solution before implementing it. We provide a full service from consulting, gap analysis, architecture & design, implementation and management.

Specification

Remote Managed Services imply the virtual presence of our people on your premises. Our staff work remotely either as technical consultants or subject matter experts, or may perform specific operational security tasks for your company, depending on your requirements and the type of service you require. Our Remote Managed Cyber Security Service options are:

  • Retainers, where a fixed amount of hours are purchased, bundled with an SLA for a guaranteed response.
  • Full Outsource Where you fully outsource one or more of your security functions to us. We take full responsibility for the function from end to end, (this can include design, implementation, which would take place on site. Once implementation has been completed, we will remotely perform the daily management of the platform and / or the chosen solutions. This would typically include reporting, escalation, troubleshooting and upgrading.
  • Partial Outsource Where you partially outsource one or more of your security functions to us. We take partial responsibility for the function, and this work takes place remotely. This can include aspects of design, implementation,  management of a platform or solution, reporting, escalation, troubleshooting and upgrading.

Our Managed Cyber Security Services can be tailored according to your exact needs and budget. We do not subscribe to a one size fits all approach. We have developed and refined an agile framework which focuses on the successful delivery and implementation of affordable security services to all sectors of the market. Customers who adopt our framework through our managed security services make noticeable progress towards a more mature security posture in very short timeframes. This is borne out in vastly improved coverage, policies, detection rates, correlation, deduplication, escalation processes, analysis, incident response and forensic capability, reporting and visibility.

Download as PDF

Forensics

Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Cognosec Services

Cognosec Services

Features

The process for performing digital forensics comprises the following basic phases: Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.

Description

Over the last decade, the number of crimes that involve computers has grown, spurring an increase in companies and products that aim to assist law enforcement in using computer-based evidence to determine the who, what, where, when, and how for crimes. As a result, computer and network forensics has evolved to assure proper presentation of computer crime evidentiary data into court. Forensic tools and techniques are most often thought of in the context of criminal investigations and computer security incident handlingóused to respond to an event by investigating suspect systems, gathering and preserving evidence, reconstructing events, and assessing the current state of an event. Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Specification

During a forensic investigation Cognosec will identifyi potential data source and acquire the data from the sources. Data acquisition will be performed using a three-step process:

  1. developing a plan to acquire the data
  2. acquiring the data
  3. verifying the integrity of the acquired data

After data has been collected, the next phase is to examine the data, which involves assessing and extracting the relevant pieces of information from the collected data. This phase may also involve bypassing or mitigating OS or application features that obscure data and code, such as data compression, encryption, and access control mechanisms. Once the relevant information has been extracted, Cognosec will study and analyze the data to draw conclusions from it and then prepare and present the information resulting from the analysis phase.

Download as PDF

Incident Response  

Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach.

Cognosec Services

Cognosec Services

Features

Cognosec can assist you with the following steps:

  1. Creating an incident response policy and plan
  2. Developing procedures for performing incident handling and reporting
  3. Setting guidelines for communicating with outside parties regarding incidents
  4. Establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies)
  5. Determining what services the incident response team should provide
  6. Training the incident response team

Description

Combating malicious software and events in your environment isn’t just a matter of implementing the right technological solutions. Effectively combating malicious activities is a solution that combines people, processes, and technology.

Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach. Cognosec’s Incident Response solution will also help establish new defenses, protecting your systems and data from future attacks

Specification

According to the SANS Institute, there are six steps to handling an incident most effectively:

Preparation: The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.

Identification: The response team is activated to decide whether a particular event is, in fact, a security incident. The team may contact the CERT Coordination Center, which tracks Internet security activity and has the most current information on viruses and worms.

Containment: The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.

Eradication: The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.

Recovery: Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence.

Lessons learned: The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.

Download as PDF

Network Protection

Cognosec’s Network Security service offers tailored defense systems such as Unified Threat Management (UTM) solutions.

Cognosec Services

Cognosec Services

Description

Developing a network with full-fledged security involves the implementation of many elements and need to be performed by experienced teams of specialists. Cognosec’s Network Security service offers tailored defense systems such as Unified Threat Management (UTM) solutions. UTM is the evolution of the traditional firewall and is an all-inclusive security product able to perform multiple security functions within one single appliance such as network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, and data leakage prevention. The combination of automated scanning and manual search filtering provides you with an extremely efficient and effective way of protecting yourself against even the most pesky attackers.

Specifications

Network protection consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.

Download as PDF

Data Protection

We offer complete design, implementation, and customisation support for access-rights management systems and data leakage prevention solutions. This provides valuable information used for detecting unauthorised access events and any possible data leakages

Cognosec Services

Cognosec Services

Features

Cognosec can assist you while implementing the correct architecture to protect your data.

Network DLP

Typically a software or hardware solution that is installed at network egress points near the perimeter. It analyzes network traffic to detect sensitive data that is being sent in violation of information security policies.

Endpoint DLP

Such systems run on end-user workstations or servers in the organization. Like network-based systems, endpoint-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users.

Data identification

DLP solutions include a number of techniques for identifying confidential or sensitive information. Sometimes confused with discovery, data identification is a process by which organizations use a DLP technology to determine what to look for (in motion, at rest, or in use).

Data leakage detection

Sometimes a data distributor gives sensitive data to a set of third parties. Some time later, some of the data is found in an unauthorized place (e.g., on the web or on a user’s laptop). The distributor must then investigate if data leaked from one or more of the third parties, or if it was independently gathered by other means.[8]

Data at-rest

“Data at rest”” specifically refers to old archived information that is stored on either a client PC hard drive, on a network storage drive or remote file server, or even data stored on a backup system, such as a tape or CD media. This information is of great concern to businesses and government institutions simply because the longer data is left unused in storage, the more likely it might be retrieved by unauthorized individuals outside the Network.[9] In order to protect this phase of data, systems use methods such as access control and data encryption.[1]

Data in-use

“Data in use” refers to active data stored in databases that the user is currently interacting with. DLP systems that protect data in-use may monitor and flag certain unauthorized activities.

Data in-motion

“Data in motion” is data that is currently traversing through a network to an endpoint destination. These networks can be internal or external. DLP systems that protect data in-motion monitor sensitive data that is being sent over a network through various communication channels such as email or IM

Description

The protection of sensitive data such as passwords, payment information, financial data, or intellectual property needs to a priority for organisations. With the establishment of security regulations such as the PCI DSS, HIPAA, and the EU Data Protection Directive, systems can be brought to a high standard of security, but the sheer number of threats targeting vital systems is dramatically increasing, so efforts towards protecting data should as well. Security breaches resulting in leaked data can become very costly to an organisation and to it’s clients should attackers get ahold of sensitive data. Cognosec can perform an assessment on the IT-infrastructure handling the data and can ensure that your sensitive data is properly managed . We offer complete design, implementation, and customisation support for access-rights management systems and data leakage prevention solutions. This provides valuable information used for detecting unauthorised access events and any possible data leakages

Specifications

The term data protection is used to describe both operational backup of data and disaster recovery/business continuity (BC/DR). A data protection strategy should include data lifecycle management (DLM), a process that automates the movement of critical data to online and offline storage and information lifecycle management (ILM), a comprehensive strategy for valuing, cataloging and protecting information assets from application/user errors, malware/virus attacks, machine failure or facility outages/disruptions.

Download as PDF

Compliance Management     

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations.

Cognosec Services

Cognosec Services

Features

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls] This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources

Description

Cognosec’s extensive experience and expertise in the Governance, Risk, and Compliance (GRC) sector has proven invaluable to countless organizations expecting to meet internal and external requirements in preparation for receiving certification. Cognosec’s independent and objective assessment on the policies and processes fulfills four major roles:

  • Prepares you for the challenging process of certification.
  • Avoids the potentially severe financial loss you may suffer for being incompliant with external regulations
  • Prioritizes the corrective measures in order of maximum efficiency and effectiveness to your business processes.
  • Ensures your regulators, customers, and shareholders that proper due diligence measures have been taken.

Our specialists will work side by side with the compliance, security, and risk officer in the design and improvement of company frameworks, guidelines, and processes.

Download as PDF

Information Systems Audit   

An information technology audit, or information systems (IS) audit, is an examination of the management controls for IT infrastructure and a complete review of the security of computer systems.

Cognosec Services

Cognosec Services

Features

The frequency of an IS audit will sometimes be mandated by a regulator, but for any organisation managing or processing personal or financial information – whatever its sector or size – annual audits are the absolute minimum. Regular audits are essential to keep pace with changes to IT infrastructure and systems – and with changes in the risk landscape.

Description

An information technology audit, or information systems (IS) audit, is an examination of the management controls for IT infrastructure and a complete review of the security of computer systems. It determines if information systems are safeguarding assets, maintaining data integrity and operating effectively to achieve an organisation’s goals. Normally required by regulators or legislators, they can be based on many different frameworks, such as ISO 27001, COBIT and HIPAA, or one of the many industry-specific security standards. However, they all serve the same purpose: to provide assurance that the necessary controls have been put in place and the risks of a data breach reduced to an acceptable level.

Specification

Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system’s activity. Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions. Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development. Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing. Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

Download as PDF

Application Security Assessment

The Application Security assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components.

Cognosec Services

Cognosec Services

Features

Business-critical applications that are ‘interfaces’ for external stakeholders should always be assessed before being distributed – or changed or upgraded. And it’s hard to over-estimate the importance of regular reviews for these applications: what might have been state-of-the-art security a year ago can now be an entry point for a hacker.

Description

An application security assessment is a much more detailed penetration test, focusing on one specific application and checking that the necessary controls to protect information are in place. It is carried out by an experienced analyst, usually using a combination of open source and commercial automated utilities. The assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components. Our analysts use logical errors in the application, as well as coding errors, to gain entry. We also look at what would happen if vulnerabilities were exploited, and advise on how they could be fixed.

Specification

Application Security Testing

Our testing approach is supported by a set of automated tools that not only identify common application vulnerabilities but also reveal business logic flaws that could be misused by attackers. In addition to these automated tests that cover a majority of common security flaws, we use conventional black box penetration testing techniques, which can be combined with a review of the applications critical source code to increase depth and optimize efficiency.

Source Code Inspection

A deep analysis of the application’s source code will be undertaken, identifying core weaknesses. Vulnerabilities will be assessed, prioritising them based on their severity and probability of exploitation.

Application Security Architecture

The fundamental design and logic of your application architecture will be assessed including its surrounding business environment. The number of ways in which an application can be written and developed is incalculable and therefore, to ensure maximum security potential, best-practice standards need to be upheld.

Application Security Controls

Merely optimising your application security architecture is often not enough; security controls also need to be put into place to fully secure an application. The integrity and effectiveness of controls such as authentication & session management, authorisation, cryptography & key management, data input validation techniques, and transport layer protection mechanisms will be reviewed to maximise your application’s level of security.

Download as PDF

PCI GAP Assessment

Cognosec’s PCI Gap Assessment is available for both remote and onsite activities. To create the most accurate assessment possible, it also includes interviewing system architects, systems administrators, testing personnel, and support staff.

Cognosec Services

Cognosec Services

Features

The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that store, process and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data. If you store, process or transmit credit card data you are subject to this standard. Cognosec is a Qualified Security Assessor (QSA) and as a QSA we are authorised to help your company obtain and maintain PCI DSS compliance. Cognosec GmbH can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer –creating a rounded and comprehensive compliance package. Cognosec is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors. As Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.  Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. We are authorised to help your company obtain and maintain PCI DSS compliance.

Description

A PCI DSS Gap Assessment is an analysis on the differences between  an entity’s present security standards and policies and the twelve requirements of PCI DSS. The variances, or “gaps”, are then determined and can be corrected with PCI Remediation. If you have been asked to comply with the PCI DSS by a card brand, an issuing or acquiring bank, a business partner, or a customer who requires it as part of a due diligence exercise, Cognosec can help you. Cognosec’s PCI Gap Assessment is available for both remote and onsite activities. To create the most accurate assessment possible, it also includes interviewing system architects, systems administrators, testing personnel, and support staff.

Specification

Most companies have established security standards and procedures in place, but as the world is conforming on one standard, a reassessment is necessary. A PCI DSS Gap Assessment is an analysis on the differences between established security standards and those demanded by the PCI SSC. The variances, or “gaps”, are then determined and corrected. Our process includes interviewing system architects, systems administrators, testing personnel, support staff and others to gather the most information possible – aiding the subsequent analysis and generation of the final PCI DSS Gap Analysis report. Many companies already have security standards and procedures in place, but as the world is conforming to one standard, a re-assessment is often necessary. A PCI Gap Assessment is an analysis on the variances between established security standards and those required by the PCI SSC for PCI certification.

Download as PDF

Industrial Control Systems (ICS) Security Assessment

ICS implementations are vulnerable primarily to local threats because many of their components are in physically secured areas and the components are not connected to IT networks or systems.

Cognosec Services

Cognosec Services

Features

As the threats to ICS increase – due, in part, to increased geopolitical risks – so the need to protect them increases. In today’s climate, ICS security is an urgent priority. Weaknesses in the security of industrial control systems (ICS) – systems that relate to critical infrastructure such as power, water and transport – and their interfaces with other IT infrastructure can significantly derail businesses and economies. Possible incidents an ICS may face include the following:

  • Blocked or delayed flow of information through ICS networks, which could disrupt ICS operation
  • Unauthorized changes to instructions, commands, or alarm thresholds, which could damage, disable, or shut down equipment, create environmental impacts, and/or endanger human life
  • Inaccurate information sent to system operators, either to disguise unauthorized changes, or to cause the operators to initiate inappropriate actions, which could have various negative effects
  • ICS software or configuration settings modified, or ICS software infected with malware, which could have various negative effects
  • Interference with the operation of safety systems, which could endanger human life.

Description

ICS implementations are vulnerable primarily to local threats because many of their components are in physically secured areas and the components are not connected to IT networks or systems. However, the trend toward integrating ICS systems with IT networks provides significantly less isolation for ICS from the outside world than predecessor systems, creating a greater need to secure these systems from remote, external threats. Also, the increasing use of wireless networking places ICS implementations at greater risk from adversaries who are in relatively close physical proximity but do not have direct physical access to the equipment. Threats to control systems can come from numerous sources, including hostile governments, terrorist groups, disgruntled employees, malicious intruders, complexities, accidents, natural disasters as well as malicious or accidental actions by insiders. Our assessments identify these weaknesses – and recommend solutions. We combine specific tests with traditional penetration testing methods to cover all components and types of infrastructure. These technical tests can be accompanied by architectural and process security reviews.

Specifications

Our auditors will assure that:

  • Logical access to the ICS network and network activity are restricted.
  • Physical access to the ICS network and devices are restricted.
  • Individual ICS components are protected from exploitation.
  • Functionality during adverse conditions can be maintained.
  • The system can be restored after an incident
Download as PDF

Vulnerability Assessment

Cognosec performs regularly scheduled scans (monthly or quarterly), as well as ad hoc scans when needed, that concludes with a final ASV Report containing every threat discovery and an evaluation thereof.

Cognosec Services

Cognosec Services

Features

Vulnerability assessment should be a continuous process for every organisation exposed to the Internet. We offer vulnerability scanning as a subscription service on a monthly (recommended) or a quarterly basis. (Since it’s a semi-automated process, it requires minimum effort from the customer.)

Description

A vulnerability assessment identifies, quantifies and prioritises (or ranks) the vulnerabilities in a system, using both system and application vulnerability scans. System vulnerabilities normally exist because of exploitable programming errors in either the operating system or the hardware, and vendors normally release patches when these errors are made public. Patching hundreds or thousands of systems is a tedious business, though, and can sometimes disable functioning applications. Consequently, it is often resisted by IT departments. Vulnerability scans are semi-automated processes that can check whether patches or updates have been installed, bugs removed and systems securely configured. They report everything found. Our auditors then carefully review the results to sift out false positive and check whether a vulnerability exists – and whether action needs to be taken.

Specification

Cognosec performs regularly scheduled scans (monthly or quarterly), as well as ad hoc scans when needed, that concludes with a final ASV Report containing every threat discovery and an evaluation thereof. Cognosec’s scanning solutions test and report on all of the following systems:

  • Firewalls & Routers
  • Operating Systems
  • Database Servers
  • Web Servers
  • Application Servers
  • Common Web Scripts
  • Built-in Accounts
  • DNS Servers
  • Mail Servers
  • Web & Other Applications
  • Common Services
  • Wireless Access Points
  • Backdoors
  • SSL/TLS
  • Remote Access
  • Point-of-sale (POS) Software
Download as PDF