Managed Forensics & Analytics
In the event of a security breach, you need to act promptly to limit the damage.
Managed Forensics & Analytics from Cognosec help identify the perpetrators and provide evidence that can be used in legal proceedings – or to prove you’ve acted responsibly and taken reasonable security measures.
They also uncover weaknesses or ‘fatal flaws’ in software, hardware and networks and enable fast and effective remedial action.
What is Managed Forensics & Analytics?
Data breaches should not, of course, be accepted as an inevitable fact of life: safeguards should always be put in place to prevent them. The reality, however, is that not all risks can be eliminated – all of the time – and that the probability of attempted or successful attacks is quite high.
When a breach happens, and you and your customers are the victims of an attack, you need to be prepared – and to act promptly to mitigate the reputational damage.
Managed forensics and analytics will help identify perpetrators and their methods and provide evidence that can be used in legal proceedings – or prove you’ve acted responsibly and taken reasonable security measures.
Importantly, they will also uncover weaknesses or ‘fatal flaws’ in software, hardware and networks – and enable fast and effective remedial action.
1 – Identify
Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
2 – Protect
Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services
3 – Detect
Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
4 – Respond
Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Vendor Risk Manager (GRC)
The Vendor Risk Manager enables organizations to adopt a comprehensive approach to vendor risk that completely addresses their risk and compliance demands.
- Rate and classify vendors using simple classification assessment
- Dynamically assign applicable controls based on vendor classification
- Automatically generate assessment questionnaire based on applicable controls
- Enforce different assessment requirements and frequencies by vendor criticality
- Delegate administration of vendor survey responders to vendor key contacts
- Enable ad-hoc delegation of assessment questions and streamline aggregation of responses
- Reduce vendor training and support requirements with intuitive web based assessment interface
- Measure and report compliance by vendor criticality, by region, or by business unit
- Provide a single repository for all vendor compliance and risk related documents, including policy and control, evidence and supporting document, exceptions and approvals, contracts and service agreements
- Collaborate with vendors on remediation of identified gaps and monitor resolution status
The RiskVision Vendor Risk Manager provides the scalability and flexibility to create a repeatable and sustainable vendor risk and compliance management program. Built on the RiskVision integrated Governance, Risk, and Compliance (GRC) platform, RiskVision,
Vendor Risk Manager enables organizations to adopt a comprehensive approach to vendor risk that completely addresses their risk and compliance demands. With RiskVision, organizations can quickly measure current vendor risk against any standard, regulation or corporate policy, identify gaps, track remediation eorts, and confidently report on compliance. RiskVision Vendor Risk Manager dramatically reduces the time and cost associated with managing vendor risk programs while improving the ability to accurately calculate risk exposure and properly manage risks within acceptable tolerance levels. By centralizing data, automating manual activities and enabling continuous processes, companies can consistently apply controls, gain better visibility into vendor related risk, make more informed decisions, and demonstrate vendor compliance in real-time.
RiskVision Risk Manager is easy to use, deploy, and maintain so that organizations can quickly realize time to value. RiskVision enables a proactive and intelligent approach to vendor risk management by centrally managing vendor information, controls, risk, to easily map their existing vendor assessment processes. Once controls are tested, and view of vendor risk across the organization.
Centralization of data allows organizations to maintain a holistic view of their vendor risk assessment programs. RiskVision Vendor Risk Manager provides a central repository for all vendor contact details, contracts, risk, and compliance related information. Frameworks, controls, risk, evidence, and results are stored on a single searchable platform to provide current and up-to-date vendor information to company stakeholders.
NetClean provides intelligence solutions to detect, block and analyse digital media to create a safer society.
ProActive can detect child sexual abuse material on everything from USB flash drives and hard disks to email and Internet traffic.
Specifically to find child pornography on computers (work).
NetClean provides intelligence solutions to detect, block and analyse digital media to create a safer society. It is the leading developer of technical solutions to fight child sexual abuse material. Its solutions are being used worldwide by multinational companies, government agencies, internet service providers, and law enforcement professionals.
- Uses only police identified child pornography images, no false positives.
- Can be Network and/or Endpoint solution.
- Agent is compatible with Microsoft Windows, Linux and Mac OS X
- Can block and/or issue an alert in the event of an incident
- Handles both real-time scans and scheduled scans
- Configuration control via the NetClean Management Server
- Automatic updates
- No end-user interaction
- Network Agent is easily integrated with your proxy server via ICAP and conducts real-time scans in HTTP traffic in search of illicit images and video files.
- Can block and/or issue an alert in the event of an incident
- Appliance is a hardware agent that conducts real-time searches in network traffic in order to identify illicit images and video files but without compromising performance or causing delays.
- Can block and/or issue an alert in the event of an incident
- Handles unencrypted TCP- and UDP-based network protocols
- Supports network speeds of up to 1 Gb/s
- Supports installation inline or as a network tap
- Built-in hardware redundancy
- Configuration and control via the NetClean Management Server
AD eDiscovery® finds and collects needed data from the broadest range of structured and unstructured data sources of any single platform on the market.
- Schedule large audits of computers, network shares, and data repositories on or off the network.
- Locate and collect key documents for analysis.
- Apply a wide array of complex visualization, data analytics, and document review tools to quickly identify and produce key documents and prepare for a case.
With an integrated, end-to-end platform covering every phase of e-discovery, corporate teams can efficiently and seamlessly conduct enterprise-wide search, targeted collection, systemized preservation, litigation hold, processing, data assessment and complete legal review, providing the reliability, predictability and efficiency required to enable your team to:
- Mitigate Corporate Risk. Limit handoffs between vendors and technologies with a single, secure end-to-end solution and protect against spoliation, data loss and theft.
- Ensure Compliance. Make sure data preservation needs are systematic and defensible in accordance with US and international preservation requirements for litigation, and governmental regulatory requirements.
- Improve Response Efficiency. Rapidly access, capture and analyze information across a broad range of repositories and targets by leveraging mature and broadly adopted, forensic grade technology.
- Lower Overall Cost. Process all potentially relevant information, structured and unstructured, inside and outside the enterprise with a single integrated solution.
AD eDiscovery® finds and collects needed data from the broadest range of structured and unstructured data sources of any single platform on the market. Using user-friendly, work flow-driven templates, AD eDiscovery performs “agentless” collections from:
- Microsoft® Office 365 (email & calendar)
- Google Drive • GmailTM corporate/administrator
- Microsoft® Exchange 2003/2007/2010/2013
- Microsoft SharePoint® 2003/2007/2010/2013
- Oracle® URM • Druva
- CMIS (Any data source that uses the CMIS standard)
- IBM® Domino® • Cloud, web-based email (IMAP & POP)
- Symantec® Enterprise VaultTM (journal/archive/files)
- EMC® Documentum®
- Xerox® DocuShare®
- FileNet® repositories
- Livelink®(OpenText®) repositories
- WebCrawler (Web 1.0)
Forensics Tool Kit (FTK)
Reduce case investigative times by reviewing data and identifying relevant evidence, all in one centralized location.
Forensics Tool Kits (FTK) database-driven, enterprise-class architecture allows you to handle massive data sets, as it provides stability and processing speeds not possible with other tools. It provides built-in data visualization and explicit image detection technology to quickly discern and report the most relevant material in your investigation. FTK’s interoperability with all AccessData’s solutions, allows you to correlate massive data sets from different sources, such as, computer hard-drives, mobile devices, network data, internet storage and more. This capability makes FTK the only digital investigation solution capable to reduce case investigative times by allowing you to review data and identify relevant evidence, all in one centralized location.
Forensic Tool Kit (FTK) is a court-cited digital investigations platform built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so filtering and searching is faster than with any other product. This means you can “zero-in” on the relevant evidence quickly, dramatically increasing your analysis speed. Furthermore, because of its architecture, FTK can be setup for distributed processing and incorporate web-based case management and collaborative analysis.FTK is an award-winning, court-cited digital investigations solution built for speed, stability and ease of use. It quickly locates evidence and forensically collects and analyzes any digital device or system producing, transmitting or storing data by using a single application from multiple devices. Known for its intuitive interface, email analysis, customizable data views, processing speeds and stability, FTK also lays the framework so your solution can grow with your organization’s needs for a smooth expansion.
In todays connected world, Web & Email Services are critical business tools. Your company has to protect it’s users from multiple internet borne threat vectors at all times on all their devices, from smartphones to laptops and desktop computers.
We provide a full service offering from consulting, gap analysis, architecture & design, implementation and management of:
- Hybrid Cloud mail and web gateway services incorporating Cloud application control
- Integration with Data Loss/Leakage Prevention (DLP) Services
- Application Aware Content Filtering Capability
- Advanced Zero Day Threat Detection Capability with Global Threat Intelligence Feeds
- Enhanced management of Office365 and Gmail (Granular Security Features that appear in our Portal making these platforms safer to use)
In todays connected world, Web & Email Services are critical business tools. Your company has to protect it’s users from multiple internet borne threat vectors at all times on all their devices, from smartphones to laptops and desktop computers. The widespread use of mobile and BYOD platforms has resulted in a vanishing perimeter. Modern web & email gateways have become increasingly complex to configure and manage. They handle huge volumes of digital traffic and need to constantly update their malware, adware, URL reputation services and anti-spam engines. The high adoption of cloud-based email services, like Office365 and Gmail, coupled with an upsurge in mail-borne cyber attacks incorporating ransomware has brought renewed focus to effective web and email security. We provide a thought leadership together with niche services in this domain for any size of business. Hybrid or Cloud-based solutions – seamlessly implemented & managed for you by our Gateway Security Team. This is a subscription service.
Data Security describes how your business protects it’s Intellectual Property or “Crown Jewels”.
The service would typically involve full or part-time management of some or all of the following technologies:
- Browser Control
- Endpoint Encryption
- Host Based Intrusion Prevention
- Database Security
- Host-based Data Loss/Leakage Prevention (DLP)
- Cloud Application Controls & BYOD
Data Security describes how your business protects it’s Intellectual Property or “Crown Jewels”. Data Security is achieved by combining various technologies at specific points on a network and configuring these to work together according to security best practice. Every company’s network will differ slightly from others, so it is important to architect the solution before implementing it. We provide a full service from consulting, gap analysis, architecture & design, implementation and management.
Remote Managed Services imply the virtual presence of our people on your premises. Our staff work remotely either as technical consultants or subject matter experts, or may perform specific operational security tasks for your company, depending on your requirements and the type of service you require. Our Remote Managed Cyber Security Service options are:
- Retainers, where a fixed amount of hours are purchased, bundled with an SLA for a guaranteed response.
- Full Outsource Where you fully outsource one or more of your security functions to us. We take full responsibility for the function from end to end, (this can include design, implementation, which would take place on site. Once implementation has been completed, we will remotely perform the daily management of the platform and / or the chosen solutions. This would typically include reporting, escalation, troubleshooting and upgrading.
- Partial Outsource Where you partially outsource one or more of your security functions to us. We take partial responsibility for the function, and this work takes place remotely. This can include aspects of design, implementation, management of a platform or solution, reporting, escalation, troubleshooting and upgrading.
Our Managed Cyber Security Services can be tailored according to your exact needs and budget. We do not subscribe to a one size fits all approach. We have developed and refined an agile framework which focuses on the successful delivery and implementation of affordable security services to all sectors of the market. Customers who adopt our framework through our managed security services make noticeable progress towards a more mature security posture in very short timeframes. This is borne out in vastly improved coverage, policies, detection rates, correlation, deduplication, escalation processes, analysis, incident response and forensic capability, reporting and visibility.
Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
The process for performing digital forensics comprises the following basic phases: Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.
Over the last decade, the number of crimes that involve computers has grown, spurring an increase in companies and products that aim to assist law enforcement in using computer-based evidence to determine the who, what, where, when, and how for crimes. As a result, computer and network forensics has evolved to assure proper presentation of computer crime evidentiary data into court. Forensic tools and techniques are most often thought of in the context of criminal investigations and computer security incident handlingóused to respond to an event by investigating suspect systems, gathering and preserving evidence, reconstructing events, and assessing the current state of an event. Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
During a forensic investigation Cognosec will identifyi potential data source and acquire the data from the sources. Data acquisition will be performed using a three-step process:
- developing a plan to acquire the data
- acquiring the data
- verifying the integrity of the acquired data
After data has been collected, the next phase is to examine the data, which involves assessing and extracting the relevant pieces of information from the collected data. This phase may also involve bypassing or mitigating OS or application features that obscure data and code, such as data compression, encryption, and access control mechanisms. Once the relevant information has been extracted, Cognosec will study and analyze the data to draw conclusions from it and then prepare and present the information resulting from the analysis phase.
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations.
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls] This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources
Cognosec’s extensive experience and expertise in the Governance, Risk, and Compliance (GRC) sector has proven invaluable to countless organizations expecting to meet internal and external requirements in preparation for receiving certification. Cognosec’s independent and objective assessment on the policies and processes fulfills four major roles:
- Prepares you for the challenging process of certification.
- Avoids the potentially severe financial loss you may suffer for being incompliant with external regulations
- Prioritizes the corrective measures in order of maximum efficiency and effectiveness to your business processes.
- Ensures your regulators, customers, and shareholders that proper due diligence measures have been taken.
Our specialists will work side by side with the compliance, security, and risk officer in the design and improvement of company frameworks, guidelines, and processes.
Application Security Assessment
The Application Security assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components.
Business-critical applications that are ‘interfaces’ for external stakeholders should always be assessed before being distributed – or changed or upgraded. And it’s hard to over-estimate the importance of regular reviews for these applications: what might have been state-of-the-art security a year ago can now be an entry point for a hacker.
An application security assessment is a much more detailed penetration test, focusing on one specific application and checking that the necessary controls to protect information are in place. It is carried out by an experienced analyst, usually using a combination of open source and commercial automated utilities. The assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components. Our analysts use logical errors in the application, as well as coding errors, to gain entry. We also look at what would happen if vulnerabilities were exploited, and advise on how they could be fixed.
Application Security Testing
Our testing approach is supported by a set of automated tools that not only identify common application vulnerabilities but also reveal business logic flaws that could be misused by attackers. In addition to these automated tests that cover a majority of common security flaws, we use conventional black box penetration testing techniques, which can be combined with a review of the applications critical source code to increase depth and optimize efficiency.
Source Code Inspection
A deep analysis of the application’s source code will be undertaken, identifying core weaknesses. Vulnerabilities will be assessed, prioritising them based on their severity and probability of exploitation.
Application Security Architecture
The fundamental design and logic of your application architecture will be assessed including its surrounding business environment. The number of ways in which an application can be written and developed is incalculable and therefore, to ensure maximum security potential, best-practice standards need to be upheld.
Application Security Controls
Merely optimising your application security architecture is often not enough; security controls also need to be put into place to fully secure an application. The integrity and effectiveness of controls such as authentication & session management, authorisation, cryptography & key management, data input validation techniques, and transport layer protection mechanisms will be reviewed to maximise your application’s level of security.