Filter page

Products

Web Application Firewall (WAF)

Enterprise-class Web Application Firewall.

Zenedge

Zenedge

Features

24X7 SOC Advanced BOT identification capabilities More than 30 POPs worldwide

Description

Enterprise-class Web Application Firewall.

Specification

Cloud based, Network Layers 3,4,7. Can do website vulnerability assessments, have template for presenting results.

Download as PDF

DDoS protection

Enterprise-class DDoS protection and Web Application Firewall.

Zenedge

Zenedge

Features

24X7 SOC

Advanced BOT identification capabilities

More than 30 POPs worldwide

Description

Enterprise-class DDoS protection and Web Application Firewall.

Specification

Cloud based, Network Layers 3,4,7.

Can do website vulnerability assessments, have template for presenting results.

Download as PDF

Governance, Risk & Compliance (GRC)

GRC is a discipline that aims to synchronize information and activity across governance, risk management and compliance in order to operate more efficiently, enable effective information sharing, more effectively report activities and avoid wasteful overlaps.

R-SAM

R-SAM

Features

Let’s keep this simple: Take whatever GRC use case you want, we don’t dictate what you can and can’t do. Start with our baseline configurations to get your solution up and running fast. Use drag-and-drop, self-serve tools that let users enhance these configurations to best meet their requirements.

  • Audit Management
  • Policy Management
  • Business Continuity
  • Regulatory Change
  • Compliance
  • Enterprise Risk Management
  • Exception Management
  • Incident management
  • Vendor Risk Management

Description

Built for Change

Most GRC platforms are outdated before they’re fully implemented. That’s because vendors usually ask for all requirements upfront and hardwire dependencies during the initial design. Not Rsam. Our platform can adapt to any change you throw its way. Your modules all draw from a single, centralized repository built in a relational architecture. That means you can make changes without fear of breaking dependencies.

Demonstrate Value Quickly

Deploy an out-of-the-box, turnkey baseline configuration that addresses your most urgent use case within 30 days and iterate from there. With Rsam, you can also easily customize the baseline to meet your own unique needs. Iterate each step of the way until you reach 100% of your requirements. This keeps your implementation manageable and moving forward.

Puts Control in Your Hands

Your GRC program is unique to your organization – and Rsam thinks it should stay that way. We give you control over what modules you want to implement and in what order. There is no custom coding or expensive rework if you change your mind. Rsam’s relational architecture leverages a central database so you can build new use cases at your own speed. You save time, resources and money.

Specification

Rsam can help you transform GRC from ugly to elegant in 30 days. We keep it simple. Start with your highest priority modules. Add on as you go with a spectrum of modules to meet the most demanding requirements. Whether you need to build an integrated Security Incident Response Platform (SIRP) or get a better handle on your Vulnerabilities, Rsam can help. Rsam’s modules facilitate proactive measures and controls to fill gaps, with comprehensive workflows that trigger fast response.

RiskVision

RiskVision

The Vendor Risk Manager enables organizations to adopt a comprehensive approach to vendor risk that completely addresses their risk and compliance demands.

Features

  • Rate and classify vendors using simple classification assessment
  • Dynamically assign applicable controls based on vendor classification
  • Automatically generate assessment questionnaire based on applicable controls
  • Enforce different assessment requirements and frequencies by vendor criticality
  • Delegate administration of vendor survey responders to vendor key contacts
  • Enable ad-hoc delegation of assessment questions and streamline aggregation of responses
  • Reduce vendor training and support requirements with intuitive web based assessment interface
  • Measure and report compliance by vendor criticality, by region, or by business unit
  • Provide a single repository for all vendor compliance and risk related documents, including policy and control, evidence and supporting document, exceptions and approvals, contracts and service agreements
  • Collaborate with vendors on remediation of identified gaps and monitor resolution status

Description

The RiskVision Vendor Risk Manager provides the scalability and flexibility to create a repeatable and sustainable vendor risk and compliance management program. Built on the RiskVision integrated Governance, Risk, and Compliance (GRC) platform, RiskVision,

Vendor Risk Manager enables organizations to adopt a comprehensive approach to vendor risk that completely addresses their risk and compliance demands. With RiskVision, organizations can quickly measure current vendor risk against any standard, regulation or corporate policy, identify gaps, track remediation eorts, and confidently report on compliance. RiskVision Vendor Risk Manager dramatically reduces the time and cost associated with managing vendor risk programs while improving the ability to accurately calculate risk exposure and properly manage risks within acceptable tolerance levels. By centralizing data, automating manual activities and enabling continuous processes, companies can consistently apply controls, gain better visibility into vendor related risk, make more informed decisions, and demonstrate vendor compliance in real-time.

Specification

RiskVision Risk Manager is easy to use, deploy, and maintain so that organizations can quickly realize time to value. RiskVision enables a proactive and intelligent approach to vendor risk management by centrally managing vendor information, controls, risk, to easily map their existing vendor assessment processes. Once controls are tested, and view of vendor risk across the organization.

Centralization of data allows organizations to maintain a holistic view of their vendor risk assessment programs. RiskVision Vendor Risk Manager provides a central repository for all vendor contact details, contracts, risk, and compliance related information. Frameworks, controls, risk, evidence, and results are stored on a single searchable platform to provide current and up-to-date vendor information to company stakeholders.

Links

Vendor Risk Manager

Corporate Brochure 

Platform

 

Download as PDF

Web Gateway

McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture.

McAfee

McAfee

Features

  • Common criteria EAL2+ and FIPS 140-2 Level 2 certified
  • Available in multiple hardware models and as a virtual machine supporting VMware and Microsoft Hyper-V
  • Integrated with complementary Intel® Security solutions including McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange
  • Rated number one anti-malware in a secure web gateway (AV-TEST)

Description

McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture. For user-initiated web requests, McAfee Web Gateway  first enforces an organization’s Internet use policy. For all allowed traffic, it then uses local and global techniques to analyze the nature and intent of all content and active code entering the network via the requested web pages, providing immediate protection against malware and other hidden threats. And, unlike basic packet inspection techniques, McAfee Web Gateway can examine SSL traffic to provide in-depth protection against malicious code or control applications that have been hidden through encryption.

Links

Data Sheet 

Solution Brief 

Product Guide 

Best practices 

Case Study

ExpertCenter 

Review

Download as PDF

VirusScan Enterprise (VSE)

McAfee VirusScan Enterprise combines antivirus, antispyware, firewall, and intrusion prevention technologies to proactively detect and remove malware.

McAfee

McAfee

Features

  • Protect your files from viruses, worms, rootkits, Trojans, and other threats.
  • Proactive protection against new and unknown buffer-overflow exploits that target vulnerabilities in Microsoft applications.
  • The worldwide presence of McAfee Labs enables McAfee VirusScan Enterprise to leverage protection across file, network, web, message, and vulnerability data.
  • The McAfee ePolicy Orchestrator® (McAfee ePO™) management platform provides centralized deployment, policy configuration and enforcement, and detailed, customizable reporting.
  • Easily configure policies to manage and remove quarantined items.
  • Supports users who are using Microsoft Outlook or Lotus Notes.

Description

McAfee VirusScan Enterprise combines antivirus, antispyware, firewall, and intrusion prevention technologies to proactively detect and remove malware. It reduces the cost of managing outbreak responses, stops zero-day threats, and mitigates the window of vulnerability—the time between the discovery of a vulnerability and when fixes are deployed. Plus, with McAfee VirusScan Enterprise, you have the flexibility to detect and block malware based on your business needs: on access, on demand, or on a schedule.

Specification

Workstation

  • Windows 10
  • Windows 10 for Embedded Systems
  • Windows 8.1
  • Windows 8
  • Windows 7
  • Windows 7 Professional for Embedded Systems
  • Windows 7 Ultimate for Embedded Systems
  • Windows Vista
  • Windows Vista Business for Embedded Systems
  • Windows Vista Ultimate for Embedded Systems
  • Windows XP SP3
  • Windows XP Professional for Embedded Systems 32-bit
  • Windows XP Tablet PC Edition SP2
  • Windows Embedded for Point of Service (WEPOS)

Server

  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Small Business Server 2011
  • Windows Embedded Standard 2009
  • Windows Embedded Point of Service 1.1 SP3
  • Windows Embedded Point of Service Ready 2009
  • Windows Server 2008 R2
  • Windows Server 2008 SP2: Standard, Enterprise, Datacenter, Foundation, Web, HPC
  • Windows Small Business Server 2008 SP2
  • Windows Server 2003 R2 SP2
  • Windows Server 2003 SP2
  • Windows Small Business Server 2003 R2 SP2
  • Windows Small Business Server 2003 SP2
  • Citrix Xen Guest
  • Citrix XenApp 5.0, 5.6, 6.0, 6.5, 7.5, 7.6

Links

Data Sheet 

Product Guide 

Best practices 

Case Study

ExpertCenter 

Download as PDF

Threat Intelligence Exchange (TIE)  

McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time.

McAfee

McAfee

Features

Adaptive threat protection closes the gap from encounter to containment for advanced targeted attacks from days, weeks, and months down to milliseconds.

Collaborative threat intelligence is built out of global intelligence data sources combined with local threat intelligence gathering.

You get immediate visibility into the presence of advanced targeted attacks in your organization.

Relevant security intelligence is shared in real time among endpoint, gateway, network, and data center security solutions.

You are empowered to make decisions on never-before-seen files, based on endpoint context (file, process, and environmental attributes) blended with collective threat intelligence.

Integration is simplified through the McAfee Data Exchange Layer. Implementation and operational costs are reduced by connecting together Intel Security and non-Intel Security security solutions to operationalize your threat intelligence in real time.

Description

McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time. Combining imported global threat information with locally collected intelligence and sharing it instantly, allows your security solutions to operate as one, exchanging and acting on shared intelligence. McAfee Threat Intelligence Exchange narrows the gap from encounter to containment from days, weeks, and months down to milliseconds.

Specifications

McAfee Threat Intelligence Exchange consists of the following components:

  • McAfee Threat Intelligence Exchange Server 1.2.0
  • McAfee Data Exchange Layer Client 1.1.0
  • McAfee Threat Intelligence Exchange Module 1.0.1 for VirusScan Enterprise

Additional requirements for McAfee Threat Intelligence Exchange include:

McAfee Endpoint Protection

  • McAfee VirusScan Enterprise 8.8, Patch 4 with Hotfix 929019, Patch 5
  • McAfee Endpoint Security 10.1 or later

McAfee Security Management

  • McAfee ePolicy Orchestrator 5.1.1

Virtualization Infrastructure

  • VMWare vSphere 5.1.0 with ESXi 5.1 or later

Links

Data Sheet

Solution Brief 

Product Guide 1.3.0

Bank Case Study  

ExpertCenter  

Product Home Page

POC Guide

Download as PDF

SiteAdvisor Enterprise (SAE)

Using an intuitive color-coded rating system, McAfee SiteAdvisor Enterprise identifies websites that contain malware or other threats such as spyware or phishing scams, alerting you before you click.

McAfee

McAfee

Features

  • Inform end users about the dangers of searching or surfing the Internet.
  • When you search with Google, Yahoo!, MSN, AOL, or Ask.com, a safety rating appears next to each search result.
  • Our color-coded rating system lets users know which websites are safe and which are risky.
  • McAfee SiteAdvisor Enterprise software allows for advanced customization to authorize or block websites based on overall site ratings or threat factors.
  • Use the McAfee Web Filtering for Endpoint module to monitor, control, and report on users’ web surfing to ensure compliance and increase employee productivity.
  • With McAfee ePolicy Orchestrator®  (McAfee ePO™) management console, McAfee SiteAdvisor Enterprise solutions are easy to deploy, manage, and report on across your entire organization.

Description

Keep your business safe without limiting Internet access.

Using an intuitive color-coded rating system, McAfee SiteAdvisor Enterprise identifies websites that contain malware or other threats such as spyware or phishing scams, alerting you before you click.

Get always up-to-date alerts. McAfee Global Threat Intelligence continually scans the Internet with intelligent bots and virtual computers to uncover websites that contain malware.

Gain insight from our email and download tests that inform you if a site contains suspicious links or affiliations to harmful sites.

Ensure policy compliance by authorising or blocking websites, and implementing additional protection for remote users.

Links

Data Sheet 

 Solution Brief

Product Guide 

Best practices 

 ExpertCenter 

 

Download as PDF

Network Security Platform (NSP)

McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network.

McAfee

McAfee

Features

Unparalleled Advanced Threat prevention

  • Signature-less, advanced malware analysis
  • Inline Browser and JavaScript emulation
  • Advanced botnet and malware callback detection
  • Behavior-based analysis and DDoS protection
  • Integration with McAfee Advanced Threat Defense

Security Connected

  • Real-time threat sharing with McAfee Threat Intelligence Exchange (TIE)
  • Endpoint context via ePolicy Orchestrator® (McAfee ePO™)
  • Endpoint process correlation via Endpoint Intelligence Agent
  • Data Sharing and Quarantine with McAfee Enterprise Security Manager (SIEM)
  • Host Risk Analysis via McAfee Vulnerability Manager
  • Predictive malware detection via McAfee GTI

Description

McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network. Using advanced detection and emulation techniques, it moves beyond mere pattern matching to defend against stealthy attacks with extreme accuracy. This next-generation hardware platform scales to speeds of more than 40 GBPS with a single device to meet the needs of demanding networks. The Security Connected approach to security management streamlines security operations by combining real-time McAfee Global Threat Intelligence (McAfee GTI) feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks.

Links

Data Sheet

Solution Brief

Product Guide 

Administration Guide 

Case Study

Download as PDF

MOVE Antivirus

Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV.

McAfee

McAfee

Features

McAfee MOVE AntiVirus for Virtual Servers

  • McAfee MOVE AntiVirus:
      • Multiplatform deployment
      • Agentless deployment
      • McAfee Data Center Connector for vSphere
      • McAfee ePO software

McAfee MOVE AntiVirus for Virtual Desktops

      • McAfee MOVE AntiVirus:
        • Multiplatform deployment
        • Agentless deployment
      • McAfee Data Center Connector for vSphere
      • McAfee Host Intrusion Prevention System
      • McAfee SiteAdvisor® Enterprise
      • Memory Protection, and Web Application Protection
      • McAfee ePO software

Description

Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV.

It removes the need to install an anti-virus application on every virtual machine (VM) by offloading all scanning to a dedicated security virtual machine (SVM) so that customers get the protection they need without sacrificing performance.

McAfee MOVE AntiVirus supports agentless deployment for VMware NSX and VMware vCNS and multi-platform deployment for all major hypervisors.

Links

Data Sheet
Solution Brief
Product Guide
Case Study
ExpertCenter

Download as PDF

Endpoint Encryption

Gain control over your data by monitoring and regulating how employees use and transfer data via common channels.

McAfee

McAfee

Features

  • Gain control over your data by monitoring and regulating how employees use and transfer data via common channels, such as email, IM, printing, and USB drives—both in and away from the office.
  • Stop data loss initiated by sophisticated malware that hijacks sensitive and personal information.
  • Secure data when it’s stored on desktops, laptops, tablets, and in the cloud.
  • Manage Apple FileVault and Microsoft BitLocker native encryption on endpoints directly from McAfee ePO software.
  • Communicate with and take control of your endpoints at the hardware level, whether they are powered off, disabled, or encrypted, to halt deskside visits and endless help desk calls due to security incidents, outbreaks, or forgotten encryption passwords.
  • Prove compliance with advanced reporting and auditing capabilities; monitor events and generate detailed reports that show auditors and other stakeholders your compliance with internal and regulatory privacy requirements.

Description

All about endpoint encryption. Consists of:

  • Enterprise-Grade Drive Encryption
  • Removable Media, File and Folder, and Cloud Storage Encryption (FRP)
  • Management of Native Enctyption (MNE) – management of BtLocker (Windows) or FileVault (OS X) encryption, including reporting, managed within ePO.

These are separate products on the tech side.

Specifications

Varies per product, see data sheets.

Links

Data Sheet
Solution Brief 
Product Guide MNE 4.1 
Product Guide Drive Encryption 7.1
Product Guide FRP 5.0
Healthcare Case Study
ExpertCenter MNE
ExpertCenter FRP
ExpertCenter

Download as PDF

Intel Data Loss Prevention (DLP)

McAfee Data Loss Prevention (DLP) Endpoint 10.0 safeguards intellectual property and ensures compliance by protecting sensitive data such as PCI, PII, and PHI wherever it lives—on premises, in the cloud, or at the endpoints.

McAfee

McAfee

Features

Real-time exfiltration prevention: Integrated with McAfee Threat Intelligence Exchange and McAfee Data Exchange Layer for visibility and real-time monitoring. Advanced protection capabilities: Leverage fingerprinting, classification, and file tagging to secure sensitive, unstructured data, such as intellectual property and trade secrets. Centralized management: Natively integrated with McAfee® ePolicy Orchestrator® (McAfee ePO™) software to streamline policy and incident management. Compliance enforcement: Ensure compliance by addressing day-to-day end-user actions, such as emailing, cloud posting, downloading to removable media devices, and more. End-user education: Real-time feedback via educational popup helps shape corporate security awareness and culture.”

Description

McAfee Data Loss Prevention (DLP) Endpoint 10.0 safeguards intellectual property and ensures compliance by protecting sensitive data such as PCI, PII, and PHI wherever it lives—on premises, in the cloud, or at the endpoints. It helps you monitor and address day-to-day end-user risky actions such as emailing, web posting, printing, clipboards, screen captures, device control, uploading to the cloud, and more.

Specifications

Supported Platforms

  • Windows 7 SP1 or later, Enterprise and Business editions, 32-bit and 64-bit
  • Windows 8 and 8.1 or later Enterprise and Professional, 32-bit and 64-bit
  • Windows Server 2008 R2 and 2008 SP2 or later, 32-bit and 64-bit
  • Windows Server 2012 and 2012 R2 or later, 64-bit
  • OS X Mountain Lion 10.8.5
  • OS X Mavericks 10.9.5
  • OS X Yosemite 10.10

Supported Browsers

  • Internet Explorer version 8 to 11
  • Mozilla Firefox 34 or higher
  • Google Chrome 31 or higher
  • McAfee ePO Software and Agents
  • McAfee ePO software 4.6.9 and 5.1.1
  • McAfee Agent for Windows 4.8 Patch 2 and 5.0
  • McAfee Agent for Mac 4.6 Patch 3, 4.8 Patch 2, and 5.0

Links

Data Sheet Solution Brief – Office 365
Product Guide
Case Study
ExpertCenter

Download as PDF

Active Response

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response.

McAfee

McAfee

Description

Designed to monitor, control and alert when endpoints are compromised.

An endpoint detection and response tool for advanced threats.

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response. McAfee Active Response is a leading innovation in finding and responding to advanced threats. As a key part of an integrated security architecture, it offers continuous visibility and powerful insights into your endpoints, so you can identify breaches faster and gain more control over the threat defense lifecycle. McAfee Active Response gives you the tools you need to correct security issues faster in the way that makes the most sense for your business. Key features include:

Collectors: Find and visualize data from systems.

Triggers and persistent collectors: Continuously monitor critical events or state change with one set of instructions.

Reactions: Get pre-configured and customizable actions when triggered, so you can target and eliminate threats.

Centralized management with McAfee ePolicy Orchestrator: Use a single console for comprehensive security management and automation.

Specification

Supported client operating systems

  • CentOS 6.5, 32-bit
  • RedHat 6.5, 32-bit
  • Microsoft Windows
    • Windows 8.0, Base, 32-bit, and 64-bit
    • Windows 8.1, Base, U1; 32-bit and 64-bit
    • Windows 2012, Server Base, R2; U1; 64-bit
    • Windows 2008 R2 Enterprise, SP1, 64-bit
    • Windows 2008 R2 Standard, SP1, 64-bit
    • Windows 7 Enterprise, up to SP1; 32-bit and 64-bit
    • Windows 7 Professional, up to SP1; 32-bit and 64-bit

 

Links

Data Sheet
Solution Brief
Product Guide
ExpertCenter

Download as PDF

Next Gen Intrusion Detection & Protection System (IDS / IPS)

Detect and Prevent Advanced Targeted Attacks

eSentire

eSentire

Features

  • Always-On Full-Packet Capture
  • Whitelisted Executables
  • Endpoint Lock-Down/Quarantine
  • Automatic Signature-based Intrusion Detection and Prevention
  • IP Range Blocking (Geo-location blacklisting)
  • Whitelisting, Blacklisting and Custom Rules
  • Zero Network Latency
  • Decrypted SSL Traffic Analysis

Description

Detect and Prevent Advanced Targeted Attacks

Mid-sized organizations now represent 54%(1) of all cybersecurity breaches and what’s troubling is that you might not even be aware that you’re a prime target. These attacks are becoming more sophisticated and much harder to detect. Yet traditional cybersecurity technologies haven’t evolved at the same pace and as a result, fail to effectively protect you from today’s sophisticated attacks.

Now more than ever, your organization needs protection against more than just signature-based attacks. It needs holistic protection that’s also capable of defending against zero-day targeted attacks and advanced persistent threats (APTs). Network Interceptor protects against both known and unknown threats.

At the core of the Managed Detection and Response™ service is Network Interceptor, a next-gen IDS/IPS designed for mid-sized enterprise. It fuses robust threat intel to deliver real-time signature-based threat detection and prevention, while introducing the unique ability to identify unknown cyber threats through behaviour-based anomaly detection and attack pattern analysis.

With always-on full traffic capture, our team of highly skilled threat analysts get the full picture they need to hunt, investigate, identify and escalate unique threats in real-time, always. Completely customizable to your specific business context and policies, Network Interceptor is redefining cyber protection for mid-sized organizations in the face of today’s constantly evolving cyber threat landscape.

Links

Datasheet

Download as PDF

Data Loss Protection (DLP)

Primary focus is Data Loss Prevention, but also includes Application whitelisting and Data discovery.

Digital Guardian

Digital Guardian

Features

  • Advanced Threat Protection
    • Advanced threat detection, incident response and prevention that ensures security travels with the data
  • Data Loss Prevention
    • Everything you need to stop sensitive data from getting out of your organization
  • Data Visibility & Control
    • Out-of-the-box data visibility and device control
  • Can deploy on prem or in cloud

Description

Primary focus is DLP, but also includes Application whitelisting and Data discovery.  Considered easier to implement than competition, and very useful forensics tool. Digital Guardian for Data Loss Prevention (DLP) gives you everything you need – the deepest visibility, the fine-grained control and the industry’s broadest data loss protection coverage – to stop sensitive data from getting out of your organization.  Digital Guardian for Data Loss Prevention is consistently a leader in the Gartner Magic Quadrant for Context-Aware Data Loss Prevention (DLP).

Specification

Agents for Windows, Mac, Linux, virtual.

Links

Datasheet
Manufacturing Case Study
Case Study

Download as PDF

Multi Factor Authentication

SMS PASSCODE offers flexible policy-driven administration and protects multiple systems on a global scale. The solution seamlessly integrates to both remote access systems and cloud applications.

CensorNet

CensorNet

Features

  • More Factors Working to Your Advantage
  • Real-Time and Session-Specific
  • Advanced Attack Protection
  • High Passcode Security
  • Unmatched Reliability
  • Status Feedback
  • Flash SMS
  • MemoPasscodesTM
  • Location Aware Message Dispatching

Description

SMS PASSCODE is easy to install, deploy and manage. The platform offers  flexible policy-driven administration and protects multiple systems on a global scale. The solution seamlessly integrates to both remote access systems and cloud applications. The SMS PASSCODE platform allows you to get up and running in less than an hour. Run plug-and-play installation of the SMS PASSCODE software, setup the preferred dispatch mechanism(s), and the system is ready for use. Rollout involves no software deployment on user devices and practical training of the user group is not needed. SMS PASSCODE comes with one-click integration to Active Directory and LDAP Directories. No schema changes or extensions are required.

Specification

RADIUS VPN/SSL VPN Clients Check Point
 Cisco ASA 
Netscaler Gateway & Citrix Access Gateway (CAG)
 Juniper
 Microsoft Forefront (UAG)/Direct Access
Barracuda SSL VPN and NG rewalls
 VMware Horizon View
 Microsoft SharePoint Portal Server 1
Any other RADIUS client supporting challenge/response Palo Alto
F5 BIG-IP
NCP VPN Microsoft TMG Server & Websites

Support for Microsoft TMG published websites:

  • Outlook Web Access 2003 / 2007 / 2010 / 2013
  • Remote Desktop Web Access 
(Windows Server 2008 R2 / 2012 R2)
  • Microsoft SharePoint Portal Server
  • IIS websites using Basic or Integrated Windows 
Authentication
  • Any website not requiring Authentication Delegation 
Citrix Web Interface
  • Microsoft AD FS Protection
  • AD FS 2.0 plug-in for multi-factor authentication
  • AD FS 3.0 multi-factor authentication adapter

Transparent support for multi-factor authentication when:

  • Accessing Cloud Applications such as Saleforce.com, Microsoft Of ce 365, Google Apps etc. (AD FS 2.0/3.0)
  • Accessing websites published through the Microsoft Web
  • Application Proxy (AD FS 3.0), such as SharePoint and Outlook Web Access
  • Approving devices during workplace joins (AD FS 3.0)
  • Internet Information Services (IIS) Websites

Support for the following types of websites:

  • Outlook Web Access 2007 / 2010 / 2013
  • Remote Desktop Web Access
  • Windows Server 2008 R2 / 2012 R2)
Websites using Basic / Integrated Windows Authentication
  • Windows Logon, Remote Desktop Services

Support for the following Servers and Services:

  • Remote Desktop Services (RDP Connections)
  • Windows Servers 2008 R2 / 2012 / 2012 R2
  • Windows 7, Windows 8, Windows 8.1 and Windows 10
  • VMware Virtual Desktop Portal & Client Access

Links

Evaluation Checklist  
Beginners Guide   

Download as PDF

Unified Security Service

Censornet USS enables you to monitor and control Web, Email and Cloud Application use to provide complete security for your organisation from one dashboard.

CensorNet

CensorNet

Features

  • Cloud Application Visibility
  • Cloud Application Control
  • Safe anywhere on any device
  • Safe Web Access
  • Email Security
  • Safe from Malware
  • Analytics across email, web and applications
  • Fast and Unobtrusive

Description

Censornet USS enables you to monitor and control Web, Email and Cloud Application use to provide complete security for your organisation from one dashboard. You can protect your employees, whether in the office or mobile, against cyber-attacks, and accidental or malicious leaks of sensitive data. Keeping your organisation safe from from the risks associated with the rapid growth in cloud applications, and the emergence of Shadow IT. USS is a comprehensive cyber security service that combines modules for the security, monitoring and control of web, email and cloud application across your network in one dashboard and logging service, meaning that common policies can be easily applied and incidents tracked across different media. USS provides the security and control of an on-premise or end point component with the flexibility and mobility of a cloud service. It is the next generation in Email and Web security with Cloud Application Control giving you the power to extend web access policies to Bring Your Own Device initiatives and to monitor and control Shadow IT.

Specification

  • Software for Networks
  • Available as a downloadable software, CensorNet’s Cloud Gateway software can be deployed on a virtual server or physical server in less than 30 minutes to extend security policies to the entire network
  • Agent Software for Roaming Users or Standalone Devices
  • Microsoft Windows agent that enforces policies on the device. Tamper proof and simple to deploy either with an install wizard or scripted via Active Directory Group Policy. Mac OS X version will be available soon.
  • Secure Browser for iOS
  • A secure browser app for iOS6 and above provides an alternative to Safari which extends the web access controls to the mobile device
  • Scalable
  • Highly optimised for large networks, the solution takes advantage of multiple processors, all available RAM and has a 64-bit architecture
  • Deployment Modes
  • Agent software, Direct proxy (set by group policy, WPAD or manually), or gateway mode for guest, BYOD or non-domain devices
  • WPAD Support
  • Automatic creation of Web Proxy Automatic Discovery (WPAD) file based on network configuration
  • BYOD Captive Portal
  • The Captive Portal allows existing users or guests to adopt BYOD and log in from those devices with valid user credentials e.g. Active Directory
Download as PDF

Host Intrusion Prevention System (HIPS)

McAfee® Host Intrusion Prevention for Server delivers specialized web and database server protection to maintain system uptime and business continuity.

McAfee

McAfee

Features

  • Enforce the broadest IPS and zero-day threat protection coverage across all levels: network, application, and execution.
  • Reduce time and costs with one powerful, unified console for deployment, management, reporting, and auditing of events, policies, and agents.
  • Patch endpoints less frequently and with less urgency.
  • Manage compliance with easy-to-understand actionable views, workflow, event monitoring, and reporting for prompt and proper investigation and forensics.

Description

McAfee® Host Intrusion Prevention for Server delivers specialized web and database server protection to maintain system uptime and business continuity along with the industry’s only dynamic and stateful firewall to shield against advanced threats and malicious traffic. In addition, it also provides signature and behavioral intrusion prevention system (IPS) protection. McAfee Host Intrusion Prevention for Server reduces patching frequency and urgency, preserves business continuity and employee productivity, protects data confidentiality, and simplifies regulatory compliance.

Download as PDF

Application Control

McAfee Application Control prevents zero-day and APT attacks by blocking execution of unauthorized applications.

McAfee

McAfee

Features

  • Protect against zero-day and APTs without signature updates.
  • Uses McAfee Global Threat Intelligence and McAfee Threat Intelligence Exchange to provide global and local reputation of files and applications.
  • Strengthen security and lower ownership costs with dynamic whitelisting that automatically accepts new software added through your trusted channels.
  • Efficiently control application access with McAfee® ePolicy Orchestrator® (McAfee ePO™) software, a centralized platform for management of McAfee security solutions.
  • Reduce patch cycles through secure whitelisting and advanced memory protection.
  • Keep systems current with the latest patches using trusted updaters.
  • Enforce controls on connected or disconnected servers, virtual machines, endpoints, fixed devices such as point-of-sale terminals, and legacy systems such as Microsoft Windows XP.
  • Allow new applications based on application rating or self-approval for improved business continuity.
  • Maintain user productivity and server performance with a low-overhead solution.
  • Easily protect legacy systems and modern technology investments.

Description

McAfee Application Control prevents zero-day and APT attacks by blocking execution of unauthorized applications. Using our inventory feature, you can easily find and manage application-related files. It groups binaries (EXEs, DLLs, drivers, and scripts) across your enterprise by application and vendor, displays them in an intuitive, hierarchical format, and intelligently classifies them as well-known, unknown, and known-bad applications. Using whitelisting, you can prevent attacks from unknown malware by allowing only known good whitelisted applications to run. Works with GTI, TIE and ATD.

 Supported platforms

  • Microsoft Windows (32-bit and 64-bit)
  • Embedded: XPE, 7E, WEPOS, POSReady 2009, WES 2009, 8, 8.1 Industry, 10
  • Server: 2008, 2008 R2, 2012, 2012 R2
  • Desktop: NT, 2000, XP, Vista, 7, 8, 8.1, 10 Linux
  • Red Hat/CentOS 5, 6, 7
  • SUSE/openSUSE 10, 11
  • Oracle Enterprise Linux 5, 6, 7
  • Ubuntu 12.04

Links

Data Sheet
Solution Brief
Product Guide
Potentially Unwanted Programs
Case Study – Cemex
ExpertCenter

Download as PDF

Services

Gateway Security

In todays connected world, Web & Email Services are critical business tools. Your company has to protect it’s users from multiple internet borne threat vectors at all times on all their devices, from smartphones to laptops and desktop computers.

Cognosec Services

Cognosec Services

Features

We provide a full service offering from consulting, gap analysis, architecture & design, implementation and management of:

  • Hybrid Cloud mail and web gateway services incorporating Cloud application control
  • Integration with Data Loss/Leakage Prevention (DLP) Services
  • Application Aware Content Filtering Capability
  • Advanced Zero Day Threat Detection Capability with Global Threat Intelligence Feeds
  • Enhanced management of Office365 and Gmail (Granular Security Features that appear in our Portal making these platforms safer to use)

Description

In todays connected world, Web & Email Services are critical business tools. Your company has to protect it’s users from multiple internet borne threat vectors at all times on all their devices, from smartphones to laptops and desktop computers. The widespread use of mobile and BYOD platforms has resulted in a vanishing perimeter. Modern web & email gateways have become increasingly complex to configure and manage. They handle huge volumes of digital traffic and need to constantly update their malware, adware, URL reputation services and anti-spam engines. The high adoption of cloud-based email services, like Office365 and Gmail, coupled with an upsurge in mail-borne cyber attacks incorporating ransomware has brought renewed focus to effective web and email security. We provide a thought leadership together with niche services in this domain for any size of business. Hybrid or Cloud-based solutions – seamlessly implemented & managed for you by our Gateway Security Team. This is a subscription service.

Download as PDF

Network Security

Network Security components keep your network safe.

Cognosec Services

Cognosec Services

Features

Network Security refers to the security components which reside at the network layer of the business. The network layer connects the individual computers servers, applications and data storage areas together. Many attacks and interception attempts take place at this level, so it is a critical area to protect. The rapid adoption rate of cloud services and smart apps is becoming increasingly complex to manage, for both businesses and individuals in their own capacity. We provide a full service offering for any size of business from 25 users to 80,000 users, ranging from consulting, gap analysis, architecture & design, implementation and management of:

  • Host-based Intrusion Prevention Services HIPS) – For Servers
  • Perimeter facing and Internal facing Firewalls
  • Web Application Firewall Services
  • Network Access Control (NAC)
  • Network Intrusion Prevention (NIPS) Services

Description

Network Security components keep your network safe and include some or all of the following, depending on your requirements:

Firewalls (FW) – These are network devices that operate like border controls – only allowing the traffic you want to pass in and out of your company.

Web Application Firewalls (WAF) – These are similar to firewalls but designed to protect public websites. They only allow specific web traffic through in either direction to protect sensitive or confidential information often held in databases linked behind the website. WAFs are Essential for eCommerce businesses, who need public facing websites that facilitate payments.

Network Intrusion Prevention Services (NIPS) – protects against malicious hidden processes and hacking using devices on the network. These devices process large volumes of traffic and generate many lines of  log data, which have to be managed properly to deliver proper value.

Network Access Control (NAC) – This technology prevents unauthorized (or “Rogue”) devices from joining your network. When a device does not meet your security policies or standards it should not be able to access your network.

Network Data Loss/Leakage Prevention (NDLP) – is a technology which utilizes policies on a computer that helps prevent sensitive data from being transmitted to the wrong people, both inside and outside the company.

Distributed Denial of Service (DDoS) Services –DDoS attacks have evolved into complex and overwhelming security challenges. The attacks target the transport and network layers of a communication system and flood network interfaces with traffic, causing inability to respond to legitimate traffic. This impacts your ability to conduct business using the network or internet, causing financial loss.

By choosing the correct managed cybersecurity services provider, all technologies can be deployed, configured and managed from a central console, but have to be properly tuned and managed to deliver ROI to the End User.

All reporting, remediation and escalation activities coordinated centrally.

Download as PDF

Data Security

Data Security describes how your business protects it’s Intellectual Property or “Crown Jewels”.

Cognosec Services

Cognosec Services

Features

The service would typically involve full or part-time management of some or all of the following technologies:

  • Antimalware
  • Browser Control
  • Endpoint Encryption
  • Host Based Intrusion Prevention
  • Database Security
  • Host-based Data Loss/Leakage Prevention (DLP)
  • Cloud Application Controls & BYOD

Description

Data Security describes how your business protects it’s Intellectual Property or “Crown Jewels”. Data Security is achieved by combining various technologies at specific points on a network and configuring these to work together according to security best practice. Every company’s network will differ slightly from others, so it is important to architect the solution before implementing it. We provide a full service from consulting, gap analysis, architecture & design, implementation and management.

Specification

Remote Managed Services imply the virtual presence of our people on your premises. Our staff work remotely either as technical consultants or subject matter experts, or may perform specific operational security tasks for your company, depending on your requirements and the type of service you require. Our Remote Managed Cyber Security Service options are:

  • Retainers, where a fixed amount of hours are purchased, bundled with an SLA for a guaranteed response.
  • Full Outsource Where you fully outsource one or more of your security functions to us. We take full responsibility for the function from end to end, (this can include design, implementation, which would take place on site. Once implementation has been completed, we will remotely perform the daily management of the platform and / or the chosen solutions. This would typically include reporting, escalation, troubleshooting and upgrading.
  • Partial Outsource Where you partially outsource one or more of your security functions to us. We take partial responsibility for the function, and this work takes place remotely. This can include aspects of design, implementation,  management of a platform or solution, reporting, escalation, troubleshooting and upgrading.

Our Managed Cyber Security Services can be tailored according to your exact needs and budget. We do not subscribe to a one size fits all approach. We have developed and refined an agile framework which focuses on the successful delivery and implementation of affordable security services to all sectors of the market. Customers who adopt our framework through our managed security services make noticeable progress towards a more mature security posture in very short timeframes. This is borne out in vastly improved coverage, policies, detection rates, correlation, deduplication, escalation processes, analysis, incident response and forensic capability, reporting and visibility.

Download as PDF

Network Protection

Cognosec’s Network Security service offers tailored defense systems such as Unified Threat Management (UTM) solutions.

Cognosec Services

Cognosec Services

Description

Developing a network with full-fledged security involves the implementation of many elements and need to be performed by experienced teams of specialists. Cognosec’s Network Security service offers tailored defense systems such as Unified Threat Management (UTM) solutions. UTM is the evolution of the traditional firewall and is an all-inclusive security product able to perform multiple security functions within one single appliance such as network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, and data leakage prevention. The combination of automated scanning and manual search filtering provides you with an extremely efficient and effective way of protecting yourself against even the most pesky attackers.

Specifications

Network protection consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.

Download as PDF

Data Protection

We offer complete design, implementation, and customisation support for access-rights management systems and data leakage prevention solutions. This provides valuable information used for detecting unauthorised access events and any possible data leakages

Cognosec Services

Cognosec Services

Features

Cognosec can assist you while implementing the correct architecture to protect your data.

Network DLP

Typically a software or hardware solution that is installed at network egress points near the perimeter. It analyzes network traffic to detect sensitive data that is being sent in violation of information security policies.

Endpoint DLP

Such systems run on end-user workstations or servers in the organization. Like network-based systems, endpoint-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users.

Data identification

DLP solutions include a number of techniques for identifying confidential or sensitive information. Sometimes confused with discovery, data identification is a process by which organizations use a DLP technology to determine what to look for (in motion, at rest, or in use).

Data leakage detection

Sometimes a data distributor gives sensitive data to a set of third parties. Some time later, some of the data is found in an unauthorized place (e.g., on the web or on a user’s laptop). The distributor must then investigate if data leaked from one or more of the third parties, or if it was independently gathered by other means.[8]

Data at-rest

“Data at rest”” specifically refers to old archived information that is stored on either a client PC hard drive, on a network storage drive or remote file server, or even data stored on a backup system, such as a tape or CD media. This information is of great concern to businesses and government institutions simply because the longer data is left unused in storage, the more likely it might be retrieved by unauthorized individuals outside the Network.[9] In order to protect this phase of data, systems use methods such as access control and data encryption.[1]

Data in-use

“Data in use” refers to active data stored in databases that the user is currently interacting with. DLP systems that protect data in-use may monitor and flag certain unauthorized activities.

Data in-motion

“Data in motion” is data that is currently traversing through a network to an endpoint destination. These networks can be internal or external. DLP systems that protect data in-motion monitor sensitive data that is being sent over a network through various communication channels such as email or IM

Description

The protection of sensitive data such as passwords, payment information, financial data, or intellectual property needs to a priority for organisations. With the establishment of security regulations such as the PCI DSS, HIPAA, and the EU Data Protection Directive, systems can be brought to a high standard of security, but the sheer number of threats targeting vital systems is dramatically increasing, so efforts towards protecting data should as well. Security breaches resulting in leaked data can become very costly to an organisation and to it’s clients should attackers get ahold of sensitive data. Cognosec can perform an assessment on the IT-infrastructure handling the data and can ensure that your sensitive data is properly managed . We offer complete design, implementation, and customisation support for access-rights management systems and data leakage prevention solutions. This provides valuable information used for detecting unauthorised access events and any possible data leakages

Specifications

The term data protection is used to describe both operational backup of data and disaster recovery/business continuity (BC/DR). A data protection strategy should include data lifecycle management (DLM), a process that automates the movement of critical data to online and offline storage and information lifecycle management (ILM), a comprehensive strategy for valuing, cataloging and protecting information assets from application/user errors, malware/virus attacks, machine failure or facility outages/disruptions.

Download as PDF

ISMS Advisory

Cognosec will provide you with an independent and holistic evaluation of your organization’s tasks and activities used for planning, implementing, controlling, and monitoring organizational information security activities.

Cognosec Services

Cognosec Services

Features

As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment. The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls. The Do phase involves implementing and operating the controls. The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS. In the Act phase, changes are made where necessary to bring the ISMS back to peak performance

Description

No matter how big or small an organization is, having a well-established Information Security Management System (ISMS) is necessary. Data and information systems need to be kept secure, therefore every facet of your system needs to be taken into consideration. You are only as strong as your weakest link after all. Cognosec will provide you with an independent and holistic evaluation of your organization’s tasks and activities used for planning, implementing, controlling, and monitoring organizational information security activities. Security frameworks can be designed and tailored to your requirements. Cognosec covers everything you need throughout the establishment, development, and maintenance of your new ISMS including the implementation of state-of-the-art GRC solutions, enabling you to automatically map your organization’s business policy framework to industry best-practice frameworks.

Specification

The development of an ISMS framework based on ISO/IEC 27001:2005 entails the following six steps:

  1. Definition of security policy
  2. Definition of ISMS scope
  3. Risk assessment (as part of risk management)
  4. Risk management
  5. Selection of appropriate controls
  6. Statement of applicability
Download as PDF

Information Systems Audit   

An information technology audit, or information systems (IS) audit, is an examination of the management controls for IT infrastructure and a complete review of the security of computer systems.

Cognosec Services

Cognosec Services

Features

The frequency of an IS audit will sometimes be mandated by a regulator, but for any organisation managing or processing personal or financial information – whatever its sector or size – annual audits are the absolute minimum. Regular audits are essential to keep pace with changes to IT infrastructure and systems – and with changes in the risk landscape.

Description

An information technology audit, or information systems (IS) audit, is an examination of the management controls for IT infrastructure and a complete review of the security of computer systems. It determines if information systems are safeguarding assets, maintaining data integrity and operating effectively to achieve an organisation’s goals. Normally required by regulators or legislators, they can be based on many different frameworks, such as ISO 27001, COBIT and HIPAA, or one of the many industry-specific security standards. However, they all serve the same purpose: to provide assurance that the necessary controls have been put in place and the risks of a data breach reduced to an acceptable level.

Specification

Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system’s activity. Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions. Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development. Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing. Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

Download as PDF

Social Engineering Assessment  

Our Social Engineering Assessments test how easy employees are to manipulate, and they take a variety of forms – from USB-stick ‘drops’ to sophisticated phishing emails. We will try to be as smart as a hacker or cyber criminal will be, even posing as technicians or systems administrators to fool employees.

Cognosec Services

Cognosec Services

Features

Assessment of your social engineering risks can be an add-on to penetration testing or a separate initiative to increase employee awareness. Either way, it should be a serious consideration for any organisation. Lack of awareness among employees can potentially be more dangerous for an organisation than outdated systems. While breaking into an IT system might take weeks or months, a simple call takes just a few minutes, an email even less. Beside than the fact that Information Systems are becoming increasingly complex, one of the key reasons that Social Engineering is so heavily utilized is its low cost to benefit ratio. It can be much faster to simply pick up a phone, pretend to be someone else and ask for a password than it would be to scour source code for any small weakness in IT systems. Targeted individuals do not usually suspect that they are or could be a victim of social engineering, yet the impact of divulging even small, seemingly meaningless pieces of information can be disastrous. This data can be accumulated and used to assume identities of employees and fish for even more valuable information by phone and email, gain access to buildings and restricted areas, plant rogue network devices and continuously monitor data traffic.

Description

Social engineering, in the context of information security, refers to manipulating people into divulging confidential information – or performing acts that put an organisation’s data assets at risk. It differs from a traditional ‘con’ in that it is often one of many steps in a more complex fraud scheme, but, like a traditional con, it exploits human curiosity and gullibility and the natural desire to please or co-operate with others. Our Social Engineering Assessments test how easy employees are to manipulate, and they take a variety of forms – from USB-stick ‘drops’ to sophisticated phishing emails. We will try to be as smart as a hacker or cyber criminal will be, even posing as technicians or systems administrators to fool employees. The assessments have an important role to play in raising awareness – and can help convert employees from potential victims into first responders who spot and report attempted attacks.

Specifications

Cognosec’s Social Engineering is a vital element of a complete penetration test. Once the scope of the testing and accompanying success criteria’s have been determined, our experts will perform any number of social engineering tactics to try and gain access to defined in-scope systems. Cognosec will only perform these tests in areas that have been agreed upon contractually. Any in-scope data extracted or handled during the process will be securely deleted.

Download as PDF

Application Security Assessment

The Application Security assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components.

Cognosec Services

Cognosec Services

Features

Business-critical applications that are ‘interfaces’ for external stakeholders should always be assessed before being distributed – or changed or upgraded. And it’s hard to over-estimate the importance of regular reviews for these applications: what might have been state-of-the-art security a year ago can now be an entry point for a hacker.

Description

An application security assessment is a much more detailed penetration test, focusing on one specific application and checking that the necessary controls to protect information are in place. It is carried out by an experienced analyst, usually using a combination of open source and commercial automated utilities. The assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components. Our analysts use logical errors in the application, as well as coding errors, to gain entry. We also look at what would happen if vulnerabilities were exploited, and advise on how they could be fixed.

Specification

Application Security Testing

Our testing approach is supported by a set of automated tools that not only identify common application vulnerabilities but also reveal business logic flaws that could be misused by attackers. In addition to these automated tests that cover a majority of common security flaws, we use conventional black box penetration testing techniques, which can be combined with a review of the applications critical source code to increase depth and optimize efficiency.

Source Code Inspection

A deep analysis of the application’s source code will be undertaken, identifying core weaknesses. Vulnerabilities will be assessed, prioritising them based on their severity and probability of exploitation.

Application Security Architecture

The fundamental design and logic of your application architecture will be assessed including its surrounding business environment. The number of ways in which an application can be written and developed is incalculable and therefore, to ensure maximum security potential, best-practice standards need to be upheld.

Application Security Controls

Merely optimising your application security architecture is often not enough; security controls also need to be put into place to fully secure an application. The integrity and effectiveness of controls such as authentication & session management, authorisation, cryptography & key management, data input validation techniques, and transport layer protection mechanisms will be reviewed to maximise your application’s level of security.

Download as PDF

Penetration Testing

The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment.

Cognosec Services

Cognosec Services

Features

Penetration testing is recommended annually, and in the event of major changes to your infrastructure. It is essential for companies holding intellectual property, information linked to personal identities, or financial information such as credit card data – and is often mandated by regulators. Penetration testing will help:

  • Prevent severe financial losses that could arise due to unreliable infrastructure or fraud
  • Provide the necessary proof of due diligence for regulators, customers, and shareholders
  • Protect the brand from the dreadful loss of reputation

Description

Penetration testing is a crucial element in securing your IT systems. Our team of experts can simulate an attack on multiple levels to determine whether sensitive data is at risk. The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment. The assessment identifies weaknesses and vulnerabilities and quantifies the severity thereof – providing the information needed to address and control the threats.

Specifications

Penetration testing is a ‘mock’ or staged attack to identify vulnerabilities in information systems. Our testers, ‘white hat hackers’, put themselves in the position of someone determined to gain access to resources without knowledge of usernames, passwords and other normal means. Like a hacker or cyber criminal, they try every trick in the book, every possible plan of attack. They find the ways applications could be modified, and confidential information such as price lists or customer databases stolen or subverted. They then provide a report – explaining how they ‘broke in’ and how an organisation can avoid it happening ‘for real’.

Download as PDF

PCI DSS SAQ

Cognosec offers professional guidance to small-to-medium sized businesses in achieving PCI compliance and completing the Self-Assessment Questionnaire.

Cognosec Services

Cognosec Services

Features

The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that store, process and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data. If you store, process or transmit credit card data you are subject to this standard. Cognosec is a Qualified Security Assessor (QSA) and as a QSA we are authorised to help your company obtain and maintain PCI DSS compliance. Cognosec GmbH can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer –creating a rounded and comprehensive compliance package. Cognosec is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors. As Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.  Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. We are authorised to help your company obtain and maintain PCI DSS compliance.

Description

All business that store, process or transmit payment cardholder data must be PCI Compliant. As a Qualified Security Assessor (QSA), Cognosec offers professional guidance to small-to-medium sized businesses in achieving compliance and completing the Self-Assessment Questionnaire. The PCI DSS self-assessment questionnaires (SAQs) are validation for merchants and service providers self-evaluating their compliance with PCI DSS.  Organizations can either undergo their own PCI DSS assessments, or  a QSA company can conduct PCI DSS assessment and underwrite their SAQs.

Specification

There are different versions of the SAQ to meet different merchant environments. As a Qualified Security Assessor (QSA) we are able to provide PCI DSS SAQ assessment to organizations seek professional guidance in achieving compliance and completing the following Self-Assessment Questionnaires. SAQ A is intended for merchants that accept only card-not-present transactions (that is, e-commerce, mail order or telephone order), and that outsource all their cardholder data functions to PCI DSS compliant service providers. SAQ A would never apply to face-to-face merchants. SAQ B is for those merchants who process cardholder data using only imprint machines or using only dial-out terminals. SAQ C-VT is for merchants using only web-based virtual payment terminals, where cardholder data is manually entered into a secure website from a single system. SAQ C is for merchants with dedicated payment application systems segmented from all other systems, and connected to the Internet for the purposes of transaction processing. SAQ P2PE-HW is for merchants using a validated P2PE solution that is listed on the PCI SSC website. SAQ D is for all other SAQ-eligible merchants that do not fall into any of the other SAQ categories, and for any service providers defined by a payment brand as eligible to complete the SAQ.

Download as PDF

PCI Security Awareness Programme 

The Cognosec Security Awareness Program is designed to help you raise the level of understanding of how important security is today, and to help you push responsibility throughout the company.

Cognosec Services

Cognosec Services

Features

Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.

Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package.

We are authorised to help your company obtain and maintain PCI DSS compliance.

Description

It is imperative that any individual capable of accessing information technology resources understands the value of the information resources and their responsibility of keeping those resources safe from abuse. To address PCI DSS requirements 12.5 and 12.6, which refer to the distribution of security polices throughout the company and the existence of a formal security program, Cognosec offers full support in the development of security policies and security awareness programs.

The Cognosec Security Awareness Program is designed to help you raise the level of understanding of how important security is today, and to help you push responsibility throughout the company.

Specification

The Cognosec 360 Security Awareness Program is designed to help you raise the level of understanding of how important security is today and help you push responsibility throughout your organisation. Our highly international staff have decades of experience in IT Security, having worked directly with the major card brands, acquirers as well as merchants and payment service providers. The Cognosec Team fully understands the kind of risk and pressure our clients go through to reach their IT security, compliance and governance objectives.Cognosec’s 2-Day workshop, delivered by a QSA, has three components:

  1. A management training session for senior managers, HR executives and CxOs.
  2. An end-user security awareness training session – including a test of the material.
  3. A session analysing the company polices and ad- dressing any gaps. On completion of the workshop, Cognosec will help you build a sustainable security awareness program into the company.
Download as PDF

PCI Remediation

We provide individual services for implementing missing elements of an organisation’s security policies to match those of the PCI DSS. Variances between the PCI DSS Standard and an organisation’s currently established policies and practices detected in the gap assessment need to be addressed.

Cognosec Services

Cognosec Services

Features

The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that store, process and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data. If you store, process or transmit credit card data you are subject to this standard. Cognosec is a Qualified Security Assessor (QSA) and as a QSA we are authorised to help your company obtain and maintain PCI DSS compliance. Cognosec GmbH can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer –creating a rounded and comprehensive compliance package. Cognosec is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors. As Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.  Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. We are authorised to help your company obtain and maintain PCI DSS compliance.

Description

PCI Remediation is a follow on from a PCI DSS Gap Assessment and involves remediating those requirements of PCI DSS in which you are not compliant. We provide individual services for implementing missing elements of an organisation’s security policies to match those of the PCI DSS. Variances between the PCI DSS Standard and an organisation’s currently established policies and practices detected in the gap assessment need to be addressed. PCI DSS compliance is achieved when solutions and sound policies are implemented that fully address and satisfy PCI DSS. Variances between the PCI DSS and an organisation’s currently established policies and practices detected in the gap assessment need to be addressed. Any entity that accepts payment card transactions must be compliant with all 12 elements of the PCI Data Security Standard. Cognosec provides individual services for implementing missing elements of an organisation’s security policies to match that of the PCI DSS.

Specification

All organisations that store, process and/or transmit cardholder data must be compliant with PCI DSS 12 requirements.  PCI Remediation is basically identifying and fixing the “not in place” items to be remediated of PCI DSS. If items are discovered to be not in place in the organization, the QSA provides as much detail as needed to explain the remediation actions and the timeline for compliance and the organization perform the remediation activities. PCI Remediation is basically identifying and fixing the 12 elements of PCI DSS in which you are not compliant. Cognosec provides individual services for implementing missing elements of an organisation’s security policies to match that of the PCI DSS. Variances between the PCI DSS and an organisation’s currently established policies and practices detected in the gap assessment need to be addressed. Remediation recovery is achieved when solutions and sound policies are implemented that fully address and satisfy the compliance requirements. AS a QSA company, we provide both workshops and individual services for implementing missing elements of an organisation’s security policies to match that of the PCI DSS. – Cognosec offers workshops to dive deep into the data security standard – allowing you to select the right technologies and architecture to attain and maintain the PCI DSS. – Cognosec helps you complete the gaps in your documentation and review the policies, procedures, and processes of your business. – As an ASV, Cognosec is able to perform external vulnerability scans in accordance with PCI DSS requirement 11.2. These scans provide a consistent outlook over an organisation’s security posture – identifying the potential threats to their IT system. – Cognosec offers Penetration Testing of a PCI DSS Scoped Environment and Internal Penetration Testing of a PCI DSS Scoped Environment – Cardholder Data Discovery

Download as PDF

PCI GAP Assessment

Cognosec’s PCI Gap Assessment is available for both remote and onsite activities. To create the most accurate assessment possible, it also includes interviewing system architects, systems administrators, testing personnel, and support staff.

Cognosec Services

Cognosec Services

Features

The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that store, process and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data. If you store, process or transmit credit card data you are subject to this standard. Cognosec is a Qualified Security Assessor (QSA) and as a QSA we are authorised to help your company obtain and maintain PCI DSS compliance. Cognosec GmbH can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer –creating a rounded and comprehensive compliance package. Cognosec is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors. As Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.  Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. We are authorised to help your company obtain and maintain PCI DSS compliance.

Description

A PCI DSS Gap Assessment is an analysis on the differences between  an entity’s present security standards and policies and the twelve requirements of PCI DSS. The variances, or “gaps”, are then determined and can be corrected with PCI Remediation. If you have been asked to comply with the PCI DSS by a card brand, an issuing or acquiring bank, a business partner, or a customer who requires it as part of a due diligence exercise, Cognosec can help you. Cognosec’s PCI Gap Assessment is available for both remote and onsite activities. To create the most accurate assessment possible, it also includes interviewing system architects, systems administrators, testing personnel, and support staff.

Specification

Most companies have established security standards and procedures in place, but as the world is conforming on one standard, a reassessment is necessary. A PCI DSS Gap Assessment is an analysis on the differences between established security standards and those demanded by the PCI SSC. The variances, or “gaps”, are then determined and corrected. Our process includes interviewing system architects, systems administrators, testing personnel, support staff and others to gather the most information possible – aiding the subsequent analysis and generation of the final PCI DSS Gap Analysis report. Many companies already have security standards and procedures in place, but as the world is conforming to one standard, a re-assessment is often necessary. A PCI Gap Assessment is an analysis on the variances between established security standards and those required by the PCI SSC for PCI certification.

Download as PDF

PCI ASV Security Scan 

We are a Certified Approved Scanning Vendor ASV and provide vulnerability scanning services in accordance with PCI DSS.

Cognosec Services

Cognosec Services

Features

Security vulnerabilities of Internet facing systems can potentially have severe, wide-reaching implications for your organisation. Cognosec’s certified ASV Scans will identify weaknesses and vulnerabilities as well as quantify their severity – allowing them to be managed efficiently and effectively. Cognosec is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors. As Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.  Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. We are authorised to help your company obtain and maintain PCI DSS compliance.

Description

An Approved Scanning Vendor (ASV) is an organization with a set of security services and tools to validate adherence to the external scanning requirement of PCI DSS Requirement 11.2.2. We are a Certified ASV and provide vulnerability scanning services in accordance with PCI DSS. Vulnerability scan results provide valuable information that supports efficient patch management and other security measures that improve protection against Internet attacks. Any organisation who wants to maintain their PCI compliance, who wants to know what their weaknesses and vulnerabilities are, and who wants to prevent financial and reputational loss has to conduct ASV scans.

Specification

Cognosec’s Approved Scanning Vendor scans identifies weaknesses and vulnerabilities as well as quantifies their severity – allowing them to be managed efficiently and effectively. This means that an organisation:

  • Fulfils the PCI DSS Requirement 11.2 for quarterly vulnerability scans performed by an ASV.
  • Provides proof of due diligence to regulators, customers and shareholders.
  • Prevents financial loss through fraud or unreliable infrastructure.
  • Protects your brand against the loss of reputation.

Cognosec performs regularly scheduled scans (monthly or quarterly), as well as ad hoc scans – producing and delivering an ASV Report containing every discovery and an evaluation thereof. Security matters covered range from authentication, authorisation and misconfiguration issues to information disclosure and obsolete software version concerns.

What is included in a scan?

Cognosec’s Scanning Solutions test and report on:

  • Firewalls & Routers
  • Operating Systems
  • Database Servers
  • Web Servers
  • Application Servers
  • Common Web Scripts
  • Built-in Accounts
  • DNS Servers
  • Mail Servers
  • Web & Other Applications
  • Common Services
  • Wireless Access Points
  • Backdoors
  • SSL/TLS
  • Remote Access
  • Point-of-sale (POS) Software
Download as PDF

PCI QSA Onsite Assessment

Cognosec’s PCI On-site Assessment is a systematic evaluation of an organisations level of compliance to the Payment Card Industry Data Security Standard (PCI DSS), which needs to be performed during the securitisation process and at regular intervals.

Cognosec Services

Cognosec Services

Features

The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that store, process and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data. If you store, process or transmit credit card data you are subject to this standard.

Cognosec is a Qualified Security Assessor (QSA) and as a QSA we are authorised to help your company obtain and maintain PCI DSS compliance. Cognosec GmbH can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer –creating a rounded and comprehensive compliance package.

Cognosec is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors.

As Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.  Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. We are authorised to help your company obtain and maintain PCI DSS compliance.

Cognosec’s PCI On-site Assessment is a systematic evaluation of an organisations level of compliance to the Payment Card Industry Data Security Standard (PCI DSS), which needs to be performed during the securitisation process and at regular intervals. As a Qualified Security Assessor (QSA) we are able to perform an evaluation which covers all twelve requirements of the PCI DSS standard.  A multitude of facets including: technical sampling of in-scope systems, staff interviews and a final policy review – are included, confirming that suitable measures have been taken and that appropriate policies have been put into place. Upon completion of the PCI On-site Assessment, a Report on Compliance (ROC) will be drafted in a format that is acceptable for submission to relevant card brands.

Specification

“As a Qualified Security Assessor (QSA), Cognosec offers the highest quality and smoothest assessment possible. The evaluation will cover a multitude of facets including: technical sampling of in-scope systems, staff interviews and a final policy review – confirming that the suitable measures have been taken and that appropriate policies have been put into place. Upon completion of the PCI On-site Assessment, a Report on Compliance (ROC) will be drafted and will be ready to be submitted to relevant card brands.

There are 5 PCI DSS phases to the Cognosec PCI methodology. Four of them are audit processes and one of them is a half yearly customer review.

  1. Initial Gap Analysis and Onsite Audit
  2. Evaluation of gathered Evidence and Remediation
  3. Report and Review
  4. Project closeout
  5. Half Yearly Review

– For PCI Level 1 Service Providers, to maintain PCI compliance, a PCI On-site Assessment needs to take place absolutely no later than four months (six months is recommended) before the expiration of a PCI certificate, as specified by the card brand listings.

– For PCI Level 1 Merchants, to maintain PCI compliance, a PCI On-site Assessment needs to take place at least four months before the initial PCI compliance date mandated by an acquirer, or four months before the initial re-certification.

Client related activities related to Payment Card Industry Data Security Standard (PCI DSS) are

  1. Validate the scope of the assessment
  2. Contract Drafted & Signed
  3. Onsite Audit Preparation Phase

– Scheduling Phase

– Client Hub Created in Secured OwnCloud

– Client Data Upload to Secured Owncloud

– Policies and Procedures Excel File completed

  1. Conduct PCI Data Security Standard assessments

– Verify all technical information given by merchant or service provider

– Be onsite for the duration of any relevant assessment procedure

– Review the work product that supports the assessment procedures

– Adhere to the PCI DSS Requirements and Security Assessment Procedures

– Select representative samples of business facilities and system components where sampling is employed

–  Evaluate compensating controls (if any)

  1. Produce the final Report on Compliance
  2. Produce the Compliance Certificate
  3. Submit Validation Documents to Card Brands
  4. Client Feedbacks & Testimonials

 

Download as PDF

Industrial Control Systems (ICS) Security Assessment

ICS implementations are vulnerable primarily to local threats because many of their components are in physically secured areas and the components are not connected to IT networks or systems.

Cognosec Services

Cognosec Services

Features

As the threats to ICS increase – due, in part, to increased geopolitical risks – so the need to protect them increases. In today’s climate, ICS security is an urgent priority. Weaknesses in the security of industrial control systems (ICS) – systems that relate to critical infrastructure such as power, water and transport – and their interfaces with other IT infrastructure can significantly derail businesses and economies. Possible incidents an ICS may face include the following:

  • Blocked or delayed flow of information through ICS networks, which could disrupt ICS operation
  • Unauthorized changes to instructions, commands, or alarm thresholds, which could damage, disable, or shut down equipment, create environmental impacts, and/or endanger human life
  • Inaccurate information sent to system operators, either to disguise unauthorized changes, or to cause the operators to initiate inappropriate actions, which could have various negative effects
  • ICS software or configuration settings modified, or ICS software infected with malware, which could have various negative effects
  • Interference with the operation of safety systems, which could endanger human life.

Description

ICS implementations are vulnerable primarily to local threats because many of their components are in physically secured areas and the components are not connected to IT networks or systems. However, the trend toward integrating ICS systems with IT networks provides significantly less isolation for ICS from the outside world than predecessor systems, creating a greater need to secure these systems from remote, external threats. Also, the increasing use of wireless networking places ICS implementations at greater risk from adversaries who are in relatively close physical proximity but do not have direct physical access to the equipment. Threats to control systems can come from numerous sources, including hostile governments, terrorist groups, disgruntled employees, malicious intruders, complexities, accidents, natural disasters as well as malicious or accidental actions by insiders. Our assessments identify these weaknesses – and recommend solutions. We combine specific tests with traditional penetration testing methods to cover all components and types of infrastructure. These technical tests can be accompanied by architectural and process security reviews.

Specifications

Our auditors will assure that:

  • Logical access to the ICS network and network activity are restricted.
  • Physical access to the ICS network and devices are restricted.
  • Individual ICS components are protected from exploitation.
  • Functionality during adverse conditions can be maintained.
  • The system can be restored after an incident
Download as PDF

Vulnerability Assessment

Cognosec performs regularly scheduled scans (monthly or quarterly), as well as ad hoc scans when needed, that concludes with a final ASV Report containing every threat discovery and an evaluation thereof.

Cognosec Services

Cognosec Services

Features

Vulnerability assessment should be a continuous process for every organisation exposed to the Internet. We offer vulnerability scanning as a subscription service on a monthly (recommended) or a quarterly basis. (Since it’s a semi-automated process, it requires minimum effort from the customer.)

Description

A vulnerability assessment identifies, quantifies and prioritises (or ranks) the vulnerabilities in a system, using both system and application vulnerability scans. System vulnerabilities normally exist because of exploitable programming errors in either the operating system or the hardware, and vendors normally release patches when these errors are made public. Patching hundreds or thousands of systems is a tedious business, though, and can sometimes disable functioning applications. Consequently, it is often resisted by IT departments. Vulnerability scans are semi-automated processes that can check whether patches or updates have been installed, bugs removed and systems securely configured. They report everything found. Our auditors then carefully review the results to sift out false positive and check whether a vulnerability exists – and whether action needs to be taken.

Specification

Cognosec performs regularly scheduled scans (monthly or quarterly), as well as ad hoc scans when needed, that concludes with a final ASV Report containing every threat discovery and an evaluation thereof. Cognosec’s scanning solutions test and report on all of the following systems:

  • Firewalls & Routers
  • Operating Systems
  • Database Servers
  • Web Servers
  • Application Servers
  • Common Web Scripts
  • Built-in Accounts
  • DNS Servers
  • Mail Servers
  • Web & Other Applications
  • Common Services
  • Wireless Access Points
  • Backdoors
  • SSL/TLS
  • Remote Access
  • Point-of-sale (POS) Software
Download as PDF

Cognosec SAQ Portal

We’ve developed an online portal that make compliance and acquirer-merchant communication easier.

Cognosec Services

Cognosec Services

A fast and effective compliance tool

If you’re a card acquirer (typically, a bank or other financial institution), you’ll need to take steps to ensure merchants (entities that accept it) comply with the 12 requirements of PCI DSS. If you’re a merchant or service provider (for example, a data centre, sales agent or remittance processing company) handling smaller numbers of transactions, you’ll need to prove your compliance through a Self-Assessment Questionnaire (SAQ).

We’ve developed an online portal that can help in either case – and make compliance and acquirer-merchant communication easier.

It’s a simple electronic tool, and it allows merchants to download the PCI SAQs, sign them and send them to acquirers, and acquirers to use the information to create reports for card providers.

Importantly, we can see all the data, and offer support for both acquirers and merchants. We even provide electronic certificates.

Our portal is the fast-track to compliance.

Download as PDF