Managed Cybersecurity Services

Managed Cybersecurity Services

Cognosec Managed Cybersecurity Services

WHY do I need Managed Cybersecurity Services?

Managed cybersecurity services (MCS) provide access to the specialist skills and knowledge needed for cyber resilience.

They mean organizations can prevent, detect and respond effectively to adverse ‘cyber events’ – even when they lack the necessary resources in-house.

Crucially, they mitigate the risks of:

  • Data loss and theft
  • Extortion and fraud
  • Lost revenues and reputational damage
  • Legal liabilities and fines

Often an important part of IT governance, they’ll help ensure continuity of service –and keep your intellectual property and data assets safe.

WHAT Managed Cybersecurity Services does Cognosec offer?

The short answer …

Five core services:

  • Data Security
  • Network Security
  • Gateway Security
  • Managed Compliance & SIEM Services
  • Incident Response, Business Continuity & Cyber Forensics

The longer answer …

Full services; flexible services.

Our teams of security experts carry out gap analyses, design, implement and manage solutions, and co-ordinate reporting, escalation and remediation. They take a ‘total’ and long-term approach, and they get to see the bigger picture of IT security in your organization.

What’s more, they’re able to adapt the way they work to clients’ needs – thanks to the flexible service options we offer.

We can provide MCS remotely and onsite, as hybrid cloud services, and as ‘personnel augmentation’ services, whereby you ‘in-source’ a member (or members) of our team either full- or part-time.

You can outsource one or more of your security functions – or part of one or more of them – to us.

There’s also the option of retainers that guarantee a fixed number of hours of our time and of subscription services.

We work with clients with as few as 25 and as many as 80,000 users, and we have extensive experience of both the private and public sector and a wide range of industries. We know that no two organizations are exactly the same – and our SLAs (Service Level Agreements) reflect that.

Partnership and a bespoke approach are key to all five of our core services, which are described in turn below.

Data Security

WHAT is it?

Data security protects your intellectual property or information ‘assets’. It’s achieved by combining various technologies at specific points on a network and configuring them so they work ‘optimally’ and cohesively together.

Our data-security services reflect your digital ‘footprint’ and the way your staff use and access data, and usually involve full- or part-time management of the technologies described in the glossary (at the end of this section) – in any combination.

Note that they cover data in the broadest possible sense – including databases and ‘inside’ information you wouldn’t want leaked to competitors.

WHY do I need a Managed Data Security Service?

Hackers and cyber criminals are getting cleverer, and smartphones, tablets, laptops, cloud computing and increased use of the Internet are making it harder for IT departments to control risks.

Our data security services redress the balance. They transfer a bit of power back into your hands.

Some of them – for example, encryption – will be required by regulators. Others will simply make practical and financial sense.

WHEN do I need it?

This varies by specific ‘sub service’. Secure code reviews and application security testing, for example, will need to be carried out whenever a company produces its own software or releases an upgrade or bug fix. Cloud application control, encryption and database security, on the other hand, are continuous processes.

Distributed Denial of Service (DDoS) protection is required full-time: prolonged DDoS attacks can cost millions in lost revenue and cause serious damage to reputations.

Network Security

WHAT is it?

Network security prevents attacks and interception attempts at the point where individual servers, applications and data storage areas are connected together.

It involves the use of a number of tools:

  • Host-based Intrusion Prevention Systems (HIPS) for servers
  • Perimeter-facing and internal-facing firewalls
  • Web Application Firewall (WAF) Services
  • Network Access Control (NAC)
  • Network Intrusion Prevention Systems (NIPS)
  • Network-based Data Loss/Leakage Prevention (NDLP) Services
  • Distribution Denial of Service (DDoS) Protection & Mitigation Services

It’s important to emphasize that not all clients need all of these. There’s no ‘standard’ or default approach: you can ‘cherry pick’ from the list, according to your needs. 

WHY do I need a Managed Network Security Service?

The rapid adoption of cloud services and smart apps is making network security more difficult and complex.

In addition, there are increasing demands from regulators and law-makers to protect your network effectively. The Payment Card Industry Data Security Standard (PCI DSS), privacy laws and data protection acts require all companies to implement effective DLP management – and those who fail to comply can face stiff fines and, sometimes, prison sentences.

External management reduces the pressures – for both Internet service providers and end-users.

WHEN do I need it?

Many attacks take place at the network level, so network security is always needed. We work for our clients full-time, giving them the assurance of constant protection.

Gateway Security

WHAT is it?

Gateway security protects users from the multiple threats at modern web and email gateways on all devices – from smartphones to laptops and desktop computers. It makes business-critical web and email services safer, reducing the risks of today’s increasingly connected world.

We cover both web and email security, and provide:

  • Hybrid cloud mail and web gateway services incorporating cloud application control
  • Integration with Data Loss/Leakage Prevention (DLP) Services
  • Application-aware content filtering
  • Advanced ‘zero-day’ threat detection capability with global threat intelligence feeds
  • Enhanced management of Office 365 and Gmail

WHY do I need a Managed Gateway Security Service?

Gateway security is becoming more difficult as mobile and BYOD platforms and cloud-based email services further blur the boundaries between organizations and the virtual world.

Modern web and email gateways handle huge volumes of digital traffic and need constantly to update their malware, adware, URL reputation services and anti-spam engines. The risks can be exaggerated, but they’re real – and they have to be effectively managed.

WHEN do I need it?

Web and email gateway security is a continual process. For this reason, we provide it as a subscription service.

Managed Compliance & SIEM Services

WHAT are they?

Compliance management and security information and event management (SIEM) services divide into two distinct (but similar) parts. The first is for organizations required to monitor their systems against standards and regulations such as PCI DSS, Sarbanes–Oxley, HIPAA, COBIT, and Basel II, and report their compliance. The second provides a reliable picture of the state of IT security through the use of tools that correlate, aggregate, store and analyze security logs.

Both are integral to good IT governance. Compliance management ensures organizations meet legal and regulatory requirements; SIEM services create a system to identify problems quickly and carry out forensic tests to allow the right action to be taken.

WHY do I need them?

Outsourcing compliance management can provide peace of mind for organizations that lack a dedicated compliance function or have particularly complex needs and, perhaps, are bound by many different laws and regulations.

Internal SIEM systems can be costly to set up and run, requiring constant maintenance and ‘fine-tuning’: external help (provided either onsite or through outsourcing) can make practical and financial sense.

WHEN do I need them?

Organizations will typically need to report their compliance annually – and monitor it regularly. SIEM services should be ongoing.

Incident Response, Business Continuity & Cyber Forensics

WHAT are they?

Incident response, business continuity and cyber forensics are closely related, inter-dependent, services. The first and the third, in fact, are necessary for the second.

Incident response includes remediation activities and disaster-recovery operations in the event of a security breach or cyber attack.

Cyber forensics is the process of investigating the incident so that relevant safeguards can be put in place – and, in some case, legal proceedings begun – to avoid the same thing happening again.

WHY do I need them?

These services protect critical infrastructure against natural and ‘man-made’ threats and so help ensure the stability of local and national economies and of towns, cities and countries. They are designed primarily for industries such as banking and finance, retail, transport and utilities, and for public-sector organizations such as health trusts, the military, the police and local authorities.

WHEN do I need them?

Anyone who owns or operates critical infrastructure or a critical public service will need to be able to access incident response and forensic services on a full-time basis. There always needs to be ‘back up’ in place.

Remember: all five core services described above are ‘end-to-end’, covering everything from gap analyses and initial identification of problems to upgrades and troubleshooting. They’re designed to ensure you’re never on you’re own when trying to make your systems, your data – and your future – more secure.

WHY Cognosec?

Seven good reasons…

  1. We have designed Managed Cybersecurity Services for government agencies and a wide range of industries, including finance and banking, online gaming, media and entertainment, healthcare, mining and construction, utilities, travel and transport.
  1. Our security experts and consultants have knowledge and skills that can’t always be sourced in-house.
  1. We follow the guidelines of the Framework for Improving Critical Infrastructure Cybersecurity developed by the US government agency’s National Institute of Standards and Technology, the most respected security standards organization in the world, in 2014.
  1. We have a proven track record as a Trusted Security Adviser (TSA), and we put integrity and good service first.
  1. Certified to ISO 27001, the international standard for ISMS (Information Security Management Systems) ourselves, we have won numerous accreditations and awards, and have been an Intel world partner for security services specialization since 2015.
  1. ‘Thought leaders’ in our industry, we regularly contribute to research, and have a proven record of innovation.
  1. More than all this… We take a ‘bespoke’ approach, tailoring our services to help our clients make the right decisions and the right investments. Our experts have experience as both providers and clients – they understand what it’s like to be on the customer’s side of the fence, and the need to balance (often competing) spending priorities.

Data-security glossary

The tools we use and how they work

Anti-malware – protects against viruses, worms, Trojan horses, ransomware and ‘zero-day’ threats (attacks that exploit unreported weaknesses and give developers ‘zero’ time to release patches); can be installed on smartphones and tablets as well as desktop computers.

 

Application control/whitelist – locks down files on a computer so that they can’t be changed by viruses or hackers.

 

Browser control – guides computer users to avoid risky Internet sites and downloads and/or blocks certain sites completely.

 

Cloud Application Control – protects devices and users against malicious hidden processes within an app or the browser that connects to the Internet or a private cloud; monitors how applications are being used by employees and ‘catches’ downloads that might pose security risks or put additional pressure on systems and networks.

 

Containerization – wipes business-related information when an employee leaves the organization; segregates personal data and apps from business data and apps.

 

Database activity monitoring – monitors all database activity and detects attempts to exploit known vulnerabilities as well as common threat ‘vectors’; provides virtual patches for newly discovered vulnerabilities.

 

Database vulnerability scanning – finds all databases on a network, checks that patches are up-to-date, scans for weaknesses, classifies threats by priority level, and provides fix scripts and recommendations from a centralized security console.

 

Data loss/leakage prevention (DLP) – strategies and software products that prevent sensitive data being transmitted to the wrong people.

 

Desktop firewall – a ‘border control’ that only allows designated traffic to pass in and out of a computer.

 

Device control – prevents unauthorized USB, wireless, infrared and Bluetooth devices from connecting to endpoints, BYOD devices or networks.

 

Distributed Denial of Service (DDoS) protection – protects organizations from attackers who flood systems to force them to crash, and then demand fees for the return of ‘normal’ service.

 

Hard disk or file and folder encryption – makes cardholder information, IP, financial information, internal communications, etc, unreadable without the proper controls so deters thieves.

 

Host-intrusion prevention system (HIPS) – protects computers against malicious hidden processes; adds an important extra layer of protection.

 

Multi-factor authentication – asks the computer or smart device user to authenticate themselves through a combination of methods, rather than just a password that can be stolen or hacked.

 

Proprietary Application Security Testing – comprehensive testing (including code reviews) for applications that companies have developed themselves.

 

Remote device wipe – wipes devices remotely in the event of loss or theft.

5 – Recover

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Products

Web Application Firewall (WAF)

Enterprise-class Web Application Firewall.

Zenedge

Zenedge

Features

  • Ability to meet appliance PCI DSS requirements
  • Protection against all OWASP Top 10 and / or PCI DSS Requirement 6.5
  • Ability to allow, alert or block web application input based on rules
  • Prevent data leakage or cardholder information
  • Enforce both whitelisting and blacklisting
  • Inspect all web page content, e.g. HTML, DHTML, CSS over HTTP/HTTPS
  • Inspect web services messages, e.g SOAP and XML
  • Defend against direct threats to the Web Application Firewall
  • Support SSL or TLS termination

Description

Zenedge Web Application Firewall (WAF) service is a PCI DSS Compliant robust solution and can be utilized for our customers to comply with PCI DSS by making Requirement 6.6 easy and stress-free for your team. PCI requirement6.6 was designed to directly address the threat against Ecommerce web applications and in general applications capturing credit card numbers. A Web Application Firewall wil not only provide an extra layer of protection against software vulnerabilities that may be inadvertenltly created by the web development tem, but also any inherent software vulnerabilities that may be built into the vendor web application itself, especially zero-day vulnerabilities where the vendor does not have a patch released yet. As a bonus, it’s all that’s required to satisfy PCI DSS 6.6.

Specification

Cloud based, Network Layers 3,4,7. Can do website vulnerability assessments, have template for presenting results.

Download as PDF

Cybersecurity Awareness Training

Popcorn

Popcorn

Features

  • Award-winning Popcorn content is guaranteed to amuse, engage and be remembered
  • Single-sign-on with Microsoft Azure means no more forgotten passwords
  • Cloud platform works on any device, and any network. No infrastructure required
  • Course content and scope can be customised per user or department

Description

A picture is worth a thousand words and we believe a good story is worth a thousand training sessions. We create stories that apply key learning points to the working environment; they explain potential threats, as well as how and why policies need to be complied with and what the expected behaviour should be. Key messages in our stories are based on industry best practice and include elements of security frameworks such as ISO 27001, industry standards such as PCI DSS (Payment Card Industry Data Security Standard) and regulations such as Privacy laws (PPI).

Specifications

Cloud requires no real infrastructure other than connectivity and no vimeo blocking on devices accessing the site

Links

Secure coding – Course Catalogue Something Phishy – Course Catalogue  Compliance Training – Course Catalogue

Download as PDF

Web Gateway

McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture.

Intel Security

Intel Security

Features

  • Common criteria EAL2+ and FIPS 140-2 Level 2 certified
  • Available in multiple hardware models and as a virtual machine supporting VMware and Microsoft Hyper-V
  • Integrated with complementary Intel® Security solutions including McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange
  • Rated number one anti-malware in a secure web gateway (AV-TEST)

Description

McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture. For user-initiated web requests, McAfee Web Gateway  first enforces an organization’s Internet use policy. For all allowed traffic, it then uses local and global techniques to analyze the nature and intent of all content and active code entering the network via the requested web pages, providing immediate protection against malware and other hidden threats. And, unlike basic packet inspection techniques, McAfee Web Gateway can examine SSL traffic to provide in-depth protection against malicious code or control applications that have been hidden through encryption.

Links

Data Sheet 

Solution Brief 

Product Guide 

Best practices 

Case Study

ExpertCenter 

Review

Download as PDF

VirusScan Enterprise (VSE)

McAfee VirusScan Enterprise combines antivirus, antispyware, firewall, and intrusion prevention technologies to proactively detect and remove malware.

Intel Security

Intel Security

Features

  • Protect your files from viruses, worms, rootkits, Trojans, and other threats.
  • Proactive protection against new and unknown buffer-overflow exploits that target vulnerabilities in Microsoft applications.
  • The worldwide presence of McAfee Labs enables McAfee VirusScan Enterprise to leverage protection across file, network, web, message, and vulnerability data.
  • The McAfee ePolicy Orchestrator® (McAfee ePO™) management platform provides centralized deployment, policy configuration and enforcement, and detailed, customizable reporting.
  • Easily configure policies to manage and remove quarantined items.
  • Supports users who are using Microsoft Outlook or Lotus Notes.

Description

McAfee VirusScan Enterprise combines antivirus, antispyware, firewall, and intrusion prevention technologies to proactively detect and remove malware. It reduces the cost of managing outbreak responses, stops zero-day threats, and mitigates the window of vulnerability—the time between the discovery of a vulnerability and when fixes are deployed. Plus, with McAfee VirusScan Enterprise, you have the flexibility to detect and block malware based on your business needs: on access, on demand, or on a schedule.

Specification

Workstation

  • Windows 10
  • Windows 10 for Embedded Systems
  • Windows 8.1
  • Windows 8
  • Windows 7
  • Windows 7 Professional for Embedded Systems
  • Windows 7 Ultimate for Embedded Systems
  • Windows Vista
  • Windows Vista Business for Embedded Systems
  • Windows Vista Ultimate for Embedded Systems
  • Windows XP SP3
  • Windows XP Professional for Embedded Systems 32-bit
  • Windows XP Tablet PC Edition SP2
  • Windows Embedded for Point of Service (WEPOS)

Server

  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Small Business Server 2011
  • Windows Embedded Standard 2009
  • Windows Embedded Point of Service 1.1 SP3
  • Windows Embedded Point of Service Ready 2009
  • Windows Server 2008 R2
  • Windows Server 2008 SP2: Standard, Enterprise, Datacenter, Foundation, Web, HPC
  • Windows Small Business Server 2008 SP2
  • Windows Server 2003 R2 SP2
  • Windows Server 2003 SP2
  • Windows Small Business Server 2003 R2 SP2
  • Windows Small Business Server 2003 SP2
  • Citrix Xen Guest
  • Citrix XenApp 5.0, 5.6, 6.0, 6.5, 7.5, 7.6

Links

Data Sheet 

Product Guide 

Best practices 

Case Study

ExpertCenter 

Download as PDF

Threat Intelligence Exchange (TIE)  

McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time.

Intel Security

Intel Security

Features

Adaptive threat protection closes the gap from encounter to containment for advanced targeted attacks from days, weeks, and months down to milliseconds.

Collaborative threat intelligence is built out of global intelligence data sources combined with local threat intelligence gathering.

You get immediate visibility into the presence of advanced targeted attacks in your organization.

Relevant security intelligence is shared in real time among endpoint, gateway, network, and data center security solutions.

You are empowered to make decisions on never-before-seen files, based on endpoint context (file, process, and environmental attributes) blended with collective threat intelligence.

Integration is simplified through the McAfee Data Exchange Layer. Implementation and operational costs are reduced by connecting together Intel Security and non-Intel Security security solutions to operationalize your threat intelligence in real time.

Description

McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time. Combining imported global threat information with locally collected intelligence and sharing it instantly, allows your security solutions to operate as one, exchanging and acting on shared intelligence. McAfee Threat Intelligence Exchange narrows the gap from encounter to containment from days, weeks, and months down to milliseconds.

Specifications

McAfee Threat Intelligence Exchange consists of the following components:

  • McAfee Threat Intelligence Exchange Server 1.2.0
  • McAfee Data Exchange Layer Client 1.1.0
  • McAfee Threat Intelligence Exchange Module 1.0.1 for VirusScan Enterprise

Additional requirements for McAfee Threat Intelligence Exchange include:

McAfee Endpoint Protection

  • McAfee VirusScan Enterprise 8.8, Patch 4 with Hotfix 929019, Patch 5
  • McAfee Endpoint Security 10.1 or later

McAfee Security Management

  • McAfee ePolicy Orchestrator 5.1.1

Virtualization Infrastructure

  • VMWare vSphere 5.1.0 with ESXi 5.1 or later

Links

Data Sheet

Solution Brief 

Product Guide 1.3.0

Bank Case Study  

ExpertCenter  

Product Home Page

POC Guide

Download as PDF

MOVE Antivirus

Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV.

Intel Security

Intel Security

Features

McAfee MOVE AntiVirus for Virtual Servers

  • McAfee MOVE AntiVirus:
      • Multiplatform deployment
      • Agentless deployment
      • McAfee Data Center Connector for vSphere
      • McAfee ePO software

McAfee MOVE AntiVirus for Virtual Desktops

      • McAfee MOVE AntiVirus:
        • Multiplatform deployment
        • Agentless deployment
      • McAfee Data Center Connector for vSphere
      • McAfee Host Intrusion Prevention System
      • McAfee SiteAdvisor® Enterprise
      • Memory Protection, and Web Application Protection
      • McAfee ePO software

Description

Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV.

It removes the need to install an anti-virus application on every virtual machine (VM) by offloading all scanning to a dedicated security virtual machine (SVM) so that customers get the protection they need without sacrificing performance.

McAfee MOVE AntiVirus supports agentless deployment for VMware NSX and VMware vCNS and multi-platform deployment for all major hypervisors.

Links

Data Sheet
Solution Brief
Product Guide
Case Study
ExpertCenter

Download as PDF

Enterprise Security Manager (SIEM)

Intel Security

Intel Security

Features

Add-ons:

McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.

McAfee Application Data Monitor – monitor all the way to the application layer to detect fraud, data loss, and advanced threats. This SIEM tool supports accurate analysis of real application use, while enforcing policies and detecting malicious, covert traffic.

McAfee Database Event Monitor for SIEM – complete audit trail of all database activities, including queries, results, authentication activity, and privilege escalations, widening your visibility into who’s accessing your data and why.

McAfee Event Receiver – Collect up to tens of thousands of events per second with a single receiver.

McAfee Enterprise Log Manager – Reduce compliance costs with automated log collection, storage, and management. Collect, compress, sign, and store all original events with a clear audit trail of activity that can’t be repudiated.

McAfee Global Threat Intelligence for Enterprise Security Manager – Constantly updated threat intelligence feed that broadens situational awareness by enabling rapid discovery of events involving communications with suspicious or malicious IPs.

Description

A high-performance security information and event management (SIEM) solution brings event, threat, and risk data together to provide security intelligence, rapid incident response, seamless log management, and compliance reporting—delivering the context required for adaptive security risk management.

Specifications

Supported devices

System requirements

Processor

  • P4 class (not Celeron) or higher (Mobile/Xeon/Core2,Corei3/5/7)
  • AMD AM2 class or higher (Turion64/Athlon64/Opteron64,A4/6/8)
  • RAM — 1.5 GB

Windows operating system

  • Windows 2000
  • Windows XP
  • Windows 2003 Server
  • Windows Vista
  • Windows 2008 Server
  • Windows Server 2012
  • Windows 7
  • Windows 8
  • Windows 8.1

Browsers

  • Internet Explorer 9 or later
  • Mozilla Firefox 9 or later
  • Google Chrome 33 or later

Flash Player

  • Version 11.2.x.x or later

Virtual Machine requirements

  • Processor — 8-core 64-bit, Dual Core2/Nehalem, or higher or AMD Dual Athlon64/Dual Opteron64 or higher
  • RAM — Depends on the model (4 GB or more)
  • Disk space — Depends on the model (250 GB or more)
  • ESM features use pop-up windows when uploading or downloading files. Disable the pop-up blocker for your ESM.
  • ESXi 5.0 or later
  • The minimum requirement is 250 GB unless the VM purchased has more. See the specifications for your VM product.

Links

Data Sheet
Solution Brief
Product Guide 9.6
Insurance Case Study  

Download as PDF

ePolicy Orchestrator  

A single console for all your security management.  The most advanced, extensible, and scalable centralized security management software in the industry.

Intel Security

Intel Security

Features

Guided configuration, automated work stream, and predefined dashboards make getting started a snap.

Tag-based policy assignment precisely targets assignment of predefined security profiles to systems based on their business role or at-risk status.

Task catalog and automated management capabilities streamline administrative processes and reduce overhead.

A single web interface aligns security processes for maximum visibility, while a single agent reduces the risk of endpoint conflicts. Scale for enterprise deployments

Enterprise-class architecture supports hundreds of thousands of devices on a single server.

Supports complex and heterogeneous IT environments.

Enterprise reporting across on-premises and Securityas-a-Service (SaaS) security information.

Description

A single console for all your security management.  The most advanced, extensible, and scalable centralized security management software in the industry.  Get a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks.  Simplify security operations with streamlined workflows for proven efficiencies. Flexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.

Leverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.

Links

Data Sheet 

Data Sheet (Cloud) 

Solution Brief

Product Guide 5.3
Product Guide (Cloud)
Best practices
Case Study
ExpertCenter 

Download as PDF

Active Response

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response.

Intel Security

Intel Security

Description

Designed to monitor, control and alert when endpoints are compromised.

An endpoint detection and response tool for advanced threats.

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response. McAfee Active Response is a leading innovation in finding and responding to advanced threats. As a key part of an integrated security architecture, it offers continuous visibility and powerful insights into your endpoints, so you can identify breaches faster and gain more control over the threat defense lifecycle. McAfee Active Response gives you the tools you need to correct security issues faster in the way that makes the most sense for your business. Key features include:

Collectors: Find and visualize data from systems.

Triggers and persistent collectors: Continuously monitor critical events or state change with one set of instructions.

Reactions: Get pre-configured and customizable actions when triggered, so you can target and eliminate threats.

Centralized management with McAfee ePolicy Orchestrator: Use a single console for comprehensive security management and automation.

Specification

Supported client operating systems

  • CentOS 6.5, 32-bit
  • RedHat 6.5, 32-bit
  • Microsoft Windows
    • Windows 8.0, Base, 32-bit, and 64-bit
    • Windows 8.1, Base, U1; 32-bit and 64-bit
    • Windows 2012, Server Base, R2; U1; 64-bit
    • Windows 2008 R2 Enterprise, SP1, 64-bit
    • Windows 2008 R2 Standard, SP1, 64-bit
    • Windows 7 Enterprise, up to SP1; 32-bit and 64-bit
    • Windows 7 Professional, up to SP1; 32-bit and 64-bit

 

Links

Data Sheet
Solution Brief
Product Guide
ExpertCenter

Download as PDF

Services

Social Engineering Assessment  

Our Social Engineering Assessments test how easy employees are to manipulate, and they take a variety of forms – from USB-stick ‘drops’ to sophisticated phishing emails. We will try to be as smart as a hacker or cyber criminal will be, even posing as technicians or systems administrators to fool employees.

Cognosec Services

Cognosec Services

Features

Assessment of your social engineering risks can be an add-on to penetration testing or a separate initiative to increase employee awareness. Either way, it should be a serious consideration for any organisation. Lack of awareness among employees can potentially be more dangerous for an organisation than outdated systems. While breaking into an IT system might take weeks or months, a simple call takes just a few minutes, an email even less. Beside than the fact that Information Systems are becoming increasingly complex, one of the key reasons that Social Engineering is so heavily utilized is its low cost to benefit ratio. It can be much faster to simply pick up a phone, pretend to be someone else and ask for a password than it would be to scour source code for any small weakness in IT systems. Targeted individuals do not usually suspect that they are or could be a victim of social engineering, yet the impact of divulging even small, seemingly meaningless pieces of information can be disastrous. This data can be accumulated and used to assume identities of employees and fish for even more valuable information by phone and email, gain access to buildings and restricted areas, plant rogue network devices and continuously monitor data traffic.

Description

Social engineering, in the context of information security, refers to manipulating people into divulging confidential information – or performing acts that put an organisation’s data assets at risk. It differs from a traditional ‘con’ in that it is often one of many steps in a more complex fraud scheme, but, like a traditional con, it exploits human curiosity and gullibility and the natural desire to please or co-operate with others. Our Social Engineering Assessments test how easy employees are to manipulate, and they take a variety of forms – from USB-stick ‘drops’ to sophisticated phishing emails. We will try to be as smart as a hacker or cyber criminal will be, even posing as technicians or systems administrators to fool employees. The assessments have an important role to play in raising awareness – and can help convert employees from potential victims into first responders who spot and report attempted attacks.

Specifications

Cognosec’s Social Engineering is a vital element of a complete penetration test. Once the scope of the testing and accompanying success criteria’s have been determined, our experts will perform any number of social engineering tactics to try and gain access to defined in-scope systems. Cognosec will only perform these tests in areas that have been agreed upon contractually. Any in-scope data extracted or handled during the process will be securely deleted.

Download as PDF

Penetration Testing

The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment.

Cognosec Services

Cognosec Services

Features

Penetration testing is recommended annually, and in the event of major changes to your infrastructure. It is essential for companies holding intellectual property, information linked to personal identities, or financial information such as credit card data – and is often mandated by regulators. Penetration testing will help:

  • Prevent severe financial losses that could arise due to unreliable infrastructure or fraud
  • Provide the necessary proof of due diligence for regulators, customers, and shareholders
  • Protect the brand from the dreadful loss of reputation

Description

Penetration testing is a crucial element in securing your IT systems. Our team of experts can simulate an attack on multiple levels to determine whether sensitive data is at risk. The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment. The assessment identifies weaknesses and vulnerabilities and quantifies the severity thereof – providing the information needed to address and control the threats.

Specifications

Penetration testing is a ‘mock’ or staged attack to identify vulnerabilities in information systems. Our testers, ‘white hat hackers’, put themselves in the position of someone determined to gain access to resources without knowledge of usernames, passwords and other normal means. Like a hacker or cyber criminal, they try every trick in the book, every possible plan of attack. They find the ways applications could be modified, and confidential information such as price lists or customer databases stolen or subverted. They then provide a report – explaining how they ‘broke in’ and how an organisation can avoid it happening ‘for real’.

Download as PDF