Filter page

Products

Cybersecurity Awareness Training

A picture is worth a thousand words and we believe a good story is worth a thousand training sessions.

Popcorn

Popcorn

Features

  • Award-winning Popcorn content is guaranteed to amuse, engage and be remembered
  • Single-sign-on with Microsoft Azure means no more forgotten passwords
  • Cloud platform works on any device, and any network. No infrastructure required
  • Course content and scope can be customised per user or department

Description

A picture is worth a thousand words and we believe a good story is worth a thousand training sessions. We create stories that apply key learning points to the working environment; they explain potential threats, as well as how and why policies need to be complied with and what the expected behaviour should be. Key messages in our stories are based on industry best practice and include elements of security frameworks such as ISO 27001, industry standards such as PCI DSS (Payment Card Industry Data Security Standard) and regulations such as Privacy laws (PPI).

Specifications

Cloud requires no real infrastructure other than connectivity and no vimeo blocking on devices accessing the site

Links

Secure coding – Course Catalogue Something Phishy – Course Catalogue  Compliance Training – Course Catalogue

Download as PDF

SiteAdvisor Enterprise (SAE)

Using an intuitive color-coded rating system, McAfee SiteAdvisor Enterprise identifies websites that contain malware or other threats such as spyware or phishing scams, alerting you before you click.

McAfee

McAfee

Features

  • Inform end users about the dangers of searching or surfing the Internet.
  • When you search with Google, Yahoo!, MSN, AOL, or Ask.com, a safety rating appears next to each search result.
  • Our color-coded rating system lets users know which websites are safe and which are risky.
  • McAfee SiteAdvisor Enterprise software allows for advanced customization to authorize or block websites based on overall site ratings or threat factors.
  • Use the McAfee Web Filtering for Endpoint module to monitor, control, and report on users’ web surfing to ensure compliance and increase employee productivity.
  • With McAfee ePolicy Orchestrator®  (McAfee ePO™) management console, McAfee SiteAdvisor Enterprise solutions are easy to deploy, manage, and report on across your entire organization.

Description

Keep your business safe without limiting Internet access.

Using an intuitive color-coded rating system, McAfee SiteAdvisor Enterprise identifies websites that contain malware or other threats such as spyware or phishing scams, alerting you before you click.

Get always up-to-date alerts. McAfee Global Threat Intelligence continually scans the Internet with intelligent bots and virtual computers to uncover websites that contain malware.

Gain insight from our email and download tests that inform you if a site contains suspicious links or affiliations to harmful sites.

Ensure policy compliance by authorising or blocking websites, and implementing additional protection for remote users.

Links

Data Sheet 

 Solution Brief

Product Guide 

Best practices 

 ExpertCenter 

 

Download as PDF

Network Security Platform (NSP)

McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network.

McAfee

McAfee

Features

Unparalleled Advanced Threat prevention

  • Signature-less, advanced malware analysis
  • Inline Browser and JavaScript emulation
  • Advanced botnet and malware callback detection
  • Behavior-based analysis and DDoS protection
  • Integration with McAfee Advanced Threat Defense

Security Connected

  • Real-time threat sharing with McAfee Threat Intelligence Exchange (TIE)
  • Endpoint context via ePolicy Orchestrator® (McAfee ePO™)
  • Endpoint process correlation via Endpoint Intelligence Agent
  • Data Sharing and Quarantine with McAfee Enterprise Security Manager (SIEM)
  • Host Risk Analysis via McAfee Vulnerability Manager
  • Predictive malware detection via McAfee GTI

Description

McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network. Using advanced detection and emulation techniques, it moves beyond mere pattern matching to defend against stealthy attacks with extreme accuracy. This next-generation hardware platform scales to speeds of more than 40 GBPS with a single device to meet the needs of demanding networks. The Security Connected approach to security management streamlines security operations by combining real-time McAfee Global Threat Intelligence (McAfee GTI) feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks.

Links

Data Sheet

Solution Brief

Product Guide 

Administration Guide 

Case Study

Download as PDF

MOVE Antivirus

Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV.

McAfee

McAfee

Features

McAfee MOVE AntiVirus for Virtual Servers

  • McAfee MOVE AntiVirus:
      • Multiplatform deployment
      • Agentless deployment
      • McAfee Data Center Connector for vSphere
      • McAfee ePO software

McAfee MOVE AntiVirus for Virtual Desktops

      • McAfee MOVE AntiVirus:
        • Multiplatform deployment
        • Agentless deployment
      • McAfee Data Center Connector for vSphere
      • McAfee Host Intrusion Prevention System
      • McAfee SiteAdvisor® Enterprise
      • Memory Protection, and Web Application Protection
      • McAfee ePO software

Description

Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV.

It removes the need to install an anti-virus application on every virtual machine (VM) by offloading all scanning to a dedicated security virtual machine (SVM) so that customers get the protection they need without sacrificing performance.

McAfee MOVE AntiVirus supports agentless deployment for VMware NSX and VMware vCNS and multi-platform deployment for all major hypervisors.

Links

Data Sheet
Solution Brief
Product Guide
Case Study
ExpertCenter

Download as PDF

Intel Data Loss Prevention (DLP)

McAfee Data Loss Prevention (DLP) Endpoint 10.0 safeguards intellectual property and ensures compliance by protecting sensitive data such as PCI, PII, and PHI wherever it lives—on premises, in the cloud, or at the endpoints.

McAfee

McAfee

Features

Real-time exfiltration prevention: Integrated with McAfee Threat Intelligence Exchange and McAfee Data Exchange Layer for visibility and real-time monitoring. Advanced protection capabilities: Leverage fingerprinting, classification, and file tagging to secure sensitive, unstructured data, such as intellectual property and trade secrets. Centralized management: Natively integrated with McAfee® ePolicy Orchestrator® (McAfee ePO™) software to streamline policy and incident management. Compliance enforcement: Ensure compliance by addressing day-to-day end-user actions, such as emailing, cloud posting, downloading to removable media devices, and more. End-user education: Real-time feedback via educational popup helps shape corporate security awareness and culture.”

Description

McAfee Data Loss Prevention (DLP) Endpoint 10.0 safeguards intellectual property and ensures compliance by protecting sensitive data such as PCI, PII, and PHI wherever it lives—on premises, in the cloud, or at the endpoints. It helps you monitor and address day-to-day end-user risky actions such as emailing, web posting, printing, clipboards, screen captures, device control, uploading to the cloud, and more.

Specifications

Supported Platforms

  • Windows 7 SP1 or later, Enterprise and Business editions, 32-bit and 64-bit
  • Windows 8 and 8.1 or later Enterprise and Professional, 32-bit and 64-bit
  • Windows Server 2008 R2 and 2008 SP2 or later, 32-bit and 64-bit
  • Windows Server 2012 and 2012 R2 or later, 64-bit
  • OS X Mountain Lion 10.8.5
  • OS X Mavericks 10.9.5
  • OS X Yosemite 10.10

Supported Browsers

  • Internet Explorer version 8 to 11
  • Mozilla Firefox 34 or higher
  • Google Chrome 31 or higher
  • McAfee ePO Software and Agents
  • McAfee ePO software 4.6.9 and 5.1.1
  • McAfee Agent for Windows 4.8 Patch 2 and 5.0
  • McAfee Agent for Mac 4.6 Patch 3, 4.8 Patch 2, and 5.0

Links

Data Sheet Solution Brief – Office 365
Product Guide
Case Study
ExpertCenter

Download as PDF

Active Response

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response.

McAfee

McAfee

Description

Designed to monitor, control and alert when endpoints are compromised.

An endpoint detection and response tool for advanced threats.

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response. McAfee Active Response is a leading innovation in finding and responding to advanced threats. As a key part of an integrated security architecture, it offers continuous visibility and powerful insights into your endpoints, so you can identify breaches faster and gain more control over the threat defense lifecycle. McAfee Active Response gives you the tools you need to correct security issues faster in the way that makes the most sense for your business. Key features include:

Collectors: Find and visualize data from systems.

Triggers and persistent collectors: Continuously monitor critical events or state change with one set of instructions.

Reactions: Get pre-configured and customizable actions when triggered, so you can target and eliminate threats.

Centralized management with McAfee ePolicy Orchestrator: Use a single console for comprehensive security management and automation.

Specification

Supported client operating systems

  • CentOS 6.5, 32-bit
  • RedHat 6.5, 32-bit
  • Microsoft Windows
    • Windows 8.0, Base, 32-bit, and 64-bit
    • Windows 8.1, Base, U1; 32-bit and 64-bit
    • Windows 2012, Server Base, R2; U1; 64-bit
    • Windows 2008 R2 Enterprise, SP1, 64-bit
    • Windows 2008 R2 Standard, SP1, 64-bit
    • Windows 7 Enterprise, up to SP1; 32-bit and 64-bit
    • Windows 7 Professional, up to SP1; 32-bit and 64-bit

 

Links

Data Sheet
Solution Brief
Product Guide
ExpertCenter

Download as PDF

Patch & Remediation

The Everbridge Platform is Globally Local by using optimized routing, message localization, regulatory compliance and application localization.

Everbridge

Everbridge

Features

Fast and Reliable – The Everbridge Platform is resilient using multiple data centers at all times.

Globally Local – The Everbridge platfom sends notifications to over 200 countries and territories.

Secure – Everbridge protects your data with: SAFETY Act Designation and Certification, FedRAMP Compliance, FISMA Authorization & Accreditation, SSAE-16 SOC 2 & 3 Compliance, EU/US Safe Harbor Compliance

Location Aware – Getting notifications to people affected by an incident is one of the most important facets of successful critical communication.

Easy Integration – Everbridge Open offers an extensive suite of RESTful APIs that can be used to trigger notifications or create and update contact information from an internal system.

Description

Everbridge is a Critical Communications Platform.

We provide enterprise software applications to automate the delivery of critical information to help keep people safe and business running.

The Everbridge Platform is resilient using multiple data centers at all times This provides the resiliency and redundancy to lower the risk of degradation and cascading failures.

The Everbridge Platform is Globally Local by using optimized routing, message localization, regulatory compliance and application localization.

Your security is our top priority. The Security, Everbridge Privacy and Website Cookie Policies are designed to assist you in understanding how we collect, use and safeguard the information you provide.

Getting notifications to the people affected by an incident is one of the most important facets of successful critical communication. Everbridge continues to innovate in making our platform location aware so you can reach the right people.

Everbridge Open offers an extensive suite of RESTful APIs that can be used to trigger notifications or create and update contact information from an internal system. Our Everbridge Open API’s two-way capabilities allow third-party systems to create powerful closed-loop integrations with our platform.

 

Specifications

Safety Connection
Mass Notification
Incident Management
IT Alerting
Secure Mobile Communication
Community Engagement
Free Online Learning

Links

Read more

Download as PDF

Firewall / Next Generation Firewall

Check Point provides customers of all sizes with the latest data and network security protection in an integrated next generation firewall platform, reducing complexity and lowering the total cost of ownership.

Checkpoint

Checkpoint

Features

  • Comprehensive Threat Prevention
  • Prevent Known and Zero Day Threats
  • GAIA – A Unified Secure Operation System
  • Virtualisation
  • Measurement of Security Appliances

Description

Check Point provides customers of all sizes with the latest data and network security protection in an integrated next generation firewall platform, reducing complexity and lowering the total cost of ownership. Whether you need next-generation security for your data centre, enterprise, small business or home office, Check Point has a solution for you.

Links

Check Point Appliances Brochure  
Emerging Security Challenges in Carrier-Class Firewalls
Appliance Comparison Chart
Real-World Performance Testing

Download as PDF

eDiscovery

AD eDiscovery® finds and collects needed data from the broadest range of structured and unstructured data sources of any single platform on the market.

Access Data

Access Data

Features

  • Schedule large audits of computers, network shares, and data repositories on or off the network.
  • Locate and collect key documents for analysis.
  • Apply a wide array of complex visualization, data analytics, and document review tools to quickly identify and produce key documents and prepare for a case.

Description

With an integrated, end-to-end platform covering every phase of e-discovery, corporate teams can efficiently and seamlessly conduct enterprise-wide search, targeted collection, systemized preservation, litigation hold, processing, data assessment and complete legal review, providing the reliability, predictability and efficiency required to enable your team to:

  • Mitigate Corporate Risk. Limit handoffs between vendors and technologies with a single, secure end-to-end solution and protect against spoliation, data loss and theft.
  • Ensure Compliance. Make sure data preservation needs are systematic and defensible in accordance with US and international preservation requirements for litigation, and governmental regulatory requirements.
  • Improve Response Efficiency. Rapidly access, capture and analyze information across a broad range of repositories and targets by leveraging mature and broadly adopted, forensic grade technology.
  • Lower Overall Cost. Process all potentially relevant information, structured and unstructured, inside and outside the enterprise with a single integrated solution.

Specification

AD eDiscovery® finds and collects needed data from the broadest range of structured and unstructured data sources of any single platform on the market. Using user-friendly, work flow-driven templates, AD eDiscovery performs “agentless” collections from:

  • Microsoft® Office 365 (email & calendar)
  • Google Drive • GmailTM corporate/administrator
  • Microsoft® Exchange 2003/2007/2010/2013
  • Microsoft SharePoint® 2003/2007/2010/2013
  • Oracle® URM • Druva
  • CMIS (Any data source that uses the CMIS standard)
  • IBM® Domino® • Cloud, web-based email (IMAP & POP)
  • Symantec® Enterprise VaultTM (journal/archive/files)
  • EMC® Documentum®
  • Xerox® DocuShare®
  • FileNet® repositories
  • Livelink®(OpenText®) repositories
  • WebCrawler (Web 1.0)
  • Box
Download as PDF

Forensics Tool Kit (FTK)

Reduce case investigative times by reviewing data and identifying relevant evidence, all in one centralized location.

Access Data

Access Data

Features

Forensics Tool Kits (FTK) database-driven, enterprise-class architecture allows you to handle massive data sets, as it provides stability and processing speeds not possible with other tools. It provides built-in data visualization and explicit image detection technology to quickly discern and report the most relevant material in your investigation. FTK’s interoperability with all AccessData’s solutions, allows you to correlate massive data sets from different sources, such as, computer hard-drives, mobile devices, network data, internet storage and more. This capability makes FTK the only digital investigation solution capable to reduce case investigative times by allowing you to review data and identify relevant evidence, all in one centralized location.

Description

Forensic Tool Kit (FTK) is a court-cited digital investigations platform built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so filtering and searching is faster than with any other product. This means you can “zero-in” on the relevant evidence quickly, dramatically increasing your analysis speed. Furthermore, because of its architecture, FTK can be setup for distributed processing and incorporate web-based case management and collaborative analysis.FTK is an award-winning, court-cited digital investigations solution built for speed, stability and ease of use. It quickly locates evidence and forensically collects and analyzes any digital device or system producing, transmitting or storing data by using a single application from multiple devices. Known for its intuitive interface, email analysis, customizable data views, processing speeds and stability, FTK also lays the framework so your solution can grow with your organization’s needs for a smooth expansion.

Download as PDF

Services

Compliance & SIEM Services

Security Incident and Event Management (SIEM) tools analyze & provide a consolidated view of the overall security posture in the organization.

Cognosec Services

Cognosec Services

Features

We provide a full service offering from consulting, gap analysis, technology choice, architecture & design, implementation and management of:

  • Managed Compliance Services (eg. Monitoring and reporting based on specific PCI-DSS or SOX requirements)
  • On premise SIEM implementations
  • Hybrid SIEM implementations
  • Cloud based SIEM implementations

Description

Security Incident and Event Management (SIEM) tools are used to collect, correlate, aggregate and store security logs from servers, network devices, DLP Systems, security devices, databases and Access Control Systems (any device that can provide a log file with a security context) on a network. They analyze & provide a consolidated view of the overall security posture in the organization. These systems allow security professionals to quickly identify suspected breaches & malware incidents in near real time and to conduct forensic investigations using historical data. SIEM systems can be enormously expensive and require a high level of skill to run. They require constant tuning and maintenance so it makes sense for many businesses to outsource to experts.

Specification

We provide bespoke managed compliance services for customers who are required to monitor and report on the compliancy of their systems, against certain standards and regulations such as PCI, Sarbanes – Oxley, HIPPA, COBIT, ISO, BASEL II, FISMA, GLBA, NERC, but who wish to outsource this function.

Managed Compliancy Services are:

  • Managed PCI Compliance
  • Managed IPS Reporting Service for Sarbanes – Oxley
  • Penetration Testing for compliance
  • Security Awareness training for compliance
  • Venerability Scanning Services for compliance
  • Gap assessments and configuration analysis of security tool sets
Download as PDF

Forensics

Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Cognosec Services

Cognosec Services

Features

The process for performing digital forensics comprises the following basic phases: Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.

Description

Over the last decade, the number of crimes that involve computers has grown, spurring an increase in companies and products that aim to assist law enforcement in using computer-based evidence to determine the who, what, where, when, and how for crimes. As a result, computer and network forensics has evolved to assure proper presentation of computer crime evidentiary data into court. Forensic tools and techniques are most often thought of in the context of criminal investigations and computer security incident handlingóused to respond to an event by investigating suspect systems, gathering and preserving evidence, reconstructing events, and assessing the current state of an event. Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Specification

During a forensic investigation Cognosec will identifyi potential data source and acquire the data from the sources. Data acquisition will be performed using a three-step process:

  1. developing a plan to acquire the data
  2. acquiring the data
  3. verifying the integrity of the acquired data

After data has been collected, the next phase is to examine the data, which involves assessing and extracting the relevant pieces of information from the collected data. This phase may also involve bypassing or mitigating OS or application features that obscure data and code, such as data compression, encryption, and access control mechanisms. Once the relevant information has been extracted, Cognosec will study and analyze the data to draw conclusions from it and then prepare and present the information resulting from the analysis phase.

Download as PDF

Compliance Management     

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations.

Cognosec Services

Cognosec Services

Features

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls] This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources

Description

Cognosec’s extensive experience and expertise in the Governance, Risk, and Compliance (GRC) sector has proven invaluable to countless organizations expecting to meet internal and external requirements in preparation for receiving certification. Cognosec’s independent and objective assessment on the policies and processes fulfills four major roles:

  • Prepares you for the challenging process of certification.
  • Avoids the potentially severe financial loss you may suffer for being incompliant with external regulations
  • Prioritizes the corrective measures in order of maximum efficiency and effectiveness to your business processes.
  • Ensures your regulators, customers, and shareholders that proper due diligence measures have been taken.

Our specialists will work side by side with the compliance, security, and risk officer in the design and improvement of company frameworks, guidelines, and processes.

Download as PDF

IT Risk Management

One of the most important aspects of any security engagement is the execution of a thorough risk assessment.

Cognosec Services

Cognosec Services

Features

Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions. This process is not unique to the IT environment; indeed it pervades decision-making in all areas of our daily lives

Description

One of the most important aspects of any security engagement is the execution of a thorough risk assessment. Cognosec’s best-in-class risk services are rooted in highly recognized frameworks such as the COSO, COBIT 5, ISO, and NIST, as well as industry best-practices. Procuring a risk assessment with allow an organization to make appropriate, risk-adjusted decisions working towards the achievement of their organizational objectives and the satiation of their stakeholders.

Specification

The NIST risk assessment methodology encompasses nine primary steps: Step 1 System Characterization Step 2 Threat Identification Step 3 Vulnerability Identification Step 4 Control Analysis Step 5 Likelihood Determination Step 6 Impact Analysis Step 7 Risk Determination Step 8 Control Recommendations Step 9 Results Documentation

Download as PDF

ISMS Advisory

Cognosec will provide you with an independent and holistic evaluation of your organization’s tasks and activities used for planning, implementing, controlling, and monitoring organizational information security activities.

Cognosec Services

Cognosec Services

Features

As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment. The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls. The Do phase involves implementing and operating the controls. The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS. In the Act phase, changes are made where necessary to bring the ISMS back to peak performance

Description

No matter how big or small an organization is, having a well-established Information Security Management System (ISMS) is necessary. Data and information systems need to be kept secure, therefore every facet of your system needs to be taken into consideration. You are only as strong as your weakest link after all. Cognosec will provide you with an independent and holistic evaluation of your organization’s tasks and activities used for planning, implementing, controlling, and monitoring organizational information security activities. Security frameworks can be designed and tailored to your requirements. Cognosec covers everything you need throughout the establishment, development, and maintenance of your new ISMS including the implementation of state-of-the-art GRC solutions, enabling you to automatically map your organization’s business policy framework to industry best-practice frameworks.

Specification

The development of an ISMS framework based on ISO/IEC 27001:2005 entails the following six steps:

  1. Definition of security policy
  2. Definition of ISMS scope
  3. Risk assessment (as part of risk management)
  4. Risk management
  5. Selection of appropriate controls
  6. Statement of applicability
Download as PDF

Information Systems Audit   

An information technology audit, or information systems (IS) audit, is an examination of the management controls for IT infrastructure and a complete review of the security of computer systems.

Cognosec Services

Cognosec Services

Features

The frequency of an IS audit will sometimes be mandated by a regulator, but for any organisation managing or processing personal or financial information – whatever its sector or size – annual audits are the absolute minimum. Regular audits are essential to keep pace with changes to IT infrastructure and systems – and with changes in the risk landscape.

Description

An information technology audit, or information systems (IS) audit, is an examination of the management controls for IT infrastructure and a complete review of the security of computer systems. It determines if information systems are safeguarding assets, maintaining data integrity and operating effectively to achieve an organisation’s goals. Normally required by regulators or legislators, they can be based on many different frameworks, such as ISO 27001, COBIT and HIPAA, or one of the many industry-specific security standards. However, they all serve the same purpose: to provide assurance that the necessary controls have been put in place and the risks of a data breach reduced to an acceptable level.

Specification

Systems and Applications: An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system’s activity. Information Processing Facilities: An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions. Systems Development: An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development. Management of IT and Enterprise Architecture: An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing. Client/Server, Telecommunications, Intranets, and Extranets: An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

Download as PDF

Social Engineering Assessment  

Our Social Engineering Assessments test how easy employees are to manipulate, and they take a variety of forms – from USB-stick ‘drops’ to sophisticated phishing emails. We will try to be as smart as a hacker or cyber criminal will be, even posing as technicians or systems administrators to fool employees.

Cognosec Services

Cognosec Services

Features

Assessment of your social engineering risks can be an add-on to penetration testing or a separate initiative to increase employee awareness. Either way, it should be a serious consideration for any organisation. Lack of awareness among employees can potentially be more dangerous for an organisation than outdated systems. While breaking into an IT system might take weeks or months, a simple call takes just a few minutes, an email even less. Beside than the fact that Information Systems are becoming increasingly complex, one of the key reasons that Social Engineering is so heavily utilized is its low cost to benefit ratio. It can be much faster to simply pick up a phone, pretend to be someone else and ask for a password than it would be to scour source code for any small weakness in IT systems. Targeted individuals do not usually suspect that they are or could be a victim of social engineering, yet the impact of divulging even small, seemingly meaningless pieces of information can be disastrous. This data can be accumulated and used to assume identities of employees and fish for even more valuable information by phone and email, gain access to buildings and restricted areas, plant rogue network devices and continuously monitor data traffic.

Description

Social engineering, in the context of information security, refers to manipulating people into divulging confidential information – or performing acts that put an organisation’s data assets at risk. It differs from a traditional ‘con’ in that it is often one of many steps in a more complex fraud scheme, but, like a traditional con, it exploits human curiosity and gullibility and the natural desire to please or co-operate with others. Our Social Engineering Assessments test how easy employees are to manipulate, and they take a variety of forms – from USB-stick ‘drops’ to sophisticated phishing emails. We will try to be as smart as a hacker or cyber criminal will be, even posing as technicians or systems administrators to fool employees. The assessments have an important role to play in raising awareness – and can help convert employees from potential victims into first responders who spot and report attempted attacks.

Specifications

Cognosec’s Social Engineering is a vital element of a complete penetration test. Once the scope of the testing and accompanying success criteria’s have been determined, our experts will perform any number of social engineering tactics to try and gain access to defined in-scope systems. Cognosec will only perform these tests in areas that have been agreed upon contractually. Any in-scope data extracted or handled during the process will be securely deleted.

Download as PDF

Application Security Assessment

The Application Security assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components.

Cognosec Services

Cognosec Services

Features

Business-critical applications that are ‘interfaces’ for external stakeholders should always be assessed before being distributed – or changed or upgraded. And it’s hard to over-estimate the importance of regular reviews for these applications: what might have been state-of-the-art security a year ago can now be an entry point for a hacker.

Description

An application security assessment is a much more detailed penetration test, focusing on one specific application and checking that the necessary controls to protect information are in place. It is carried out by an experienced analyst, usually using a combination of open source and commercial automated utilities. The assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components. Our analysts use logical errors in the application, as well as coding errors, to gain entry. We also look at what would happen if vulnerabilities were exploited, and advise on how they could be fixed.

Specification

Application Security Testing

Our testing approach is supported by a set of automated tools that not only identify common application vulnerabilities but also reveal business logic flaws that could be misused by attackers. In addition to these automated tests that cover a majority of common security flaws, we use conventional black box penetration testing techniques, which can be combined with a review of the applications critical source code to increase depth and optimize efficiency.

Source Code Inspection

A deep analysis of the application’s source code will be undertaken, identifying core weaknesses. Vulnerabilities will be assessed, prioritising them based on their severity and probability of exploitation.

Application Security Architecture

The fundamental design and logic of your application architecture will be assessed including its surrounding business environment. The number of ways in which an application can be written and developed is incalculable and therefore, to ensure maximum security potential, best-practice standards need to be upheld.

Application Security Controls

Merely optimising your application security architecture is often not enough; security controls also need to be put into place to fully secure an application. The integrity and effectiveness of controls such as authentication & session management, authorisation, cryptography & key management, data input validation techniques, and transport layer protection mechanisms will be reviewed to maximise your application’s level of security.

Download as PDF

Penetration Testing

The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment.

Cognosec Services

Cognosec Services

Features

Penetration testing is recommended annually, and in the event of major changes to your infrastructure. It is essential for companies holding intellectual property, information linked to personal identities, or financial information such as credit card data – and is often mandated by regulators. Penetration testing will help:

  • Prevent severe financial losses that could arise due to unreliable infrastructure or fraud
  • Provide the necessary proof of due diligence for regulators, customers, and shareholders
  • Protect the brand from the dreadful loss of reputation

Description

Penetration testing is a crucial element in securing your IT systems. Our team of experts can simulate an attack on multiple levels to determine whether sensitive data is at risk. The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment. The assessment identifies weaknesses and vulnerabilities and quantifies the severity thereof – providing the information needed to address and control the threats.

Specifications

Penetration testing is a ‘mock’ or staged attack to identify vulnerabilities in information systems. Our testers, ‘white hat hackers’, put themselves in the position of someone determined to gain access to resources without knowledge of usernames, passwords and other normal means. Like a hacker or cyber criminal, they try every trick in the book, every possible plan of attack. They find the ways applications could be modified, and confidential information such as price lists or customer databases stolen or subverted. They then provide a report – explaining how they ‘broke in’ and how an organisation can avoid it happening ‘for real’.

Download as PDF

PCI ASV Security Scan 

We are a Certified Approved Scanning Vendor ASV and provide vulnerability scanning services in accordance with PCI DSS.

Cognosec Services

Cognosec Services

Features

Security vulnerabilities of Internet facing systems can potentially have severe, wide-reaching implications for your organisation. Cognosec’s certified ASV Scans will identify weaknesses and vulnerabilities as well as quantify their severity – allowing them to be managed efficiently and effectively. Cognosec is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors. As Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.  Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. We are authorised to help your company obtain and maintain PCI DSS compliance.

Description

An Approved Scanning Vendor (ASV) is an organization with a set of security services and tools to validate adherence to the external scanning requirement of PCI DSS Requirement 11.2.2. We are a Certified ASV and provide vulnerability scanning services in accordance with PCI DSS. Vulnerability scan results provide valuable information that supports efficient patch management and other security measures that improve protection against Internet attacks. Any organisation who wants to maintain their PCI compliance, who wants to know what their weaknesses and vulnerabilities are, and who wants to prevent financial and reputational loss has to conduct ASV scans.

Specification

Cognosec’s Approved Scanning Vendor scans identifies weaknesses and vulnerabilities as well as quantifies their severity – allowing them to be managed efficiently and effectively. This means that an organisation:

  • Fulfils the PCI DSS Requirement 11.2 for quarterly vulnerability scans performed by an ASV.
  • Provides proof of due diligence to regulators, customers and shareholders.
  • Prevents financial loss through fraud or unreliable infrastructure.
  • Protects your brand against the loss of reputation.

Cognosec performs regularly scheduled scans (monthly or quarterly), as well as ad hoc scans – producing and delivering an ASV Report containing every discovery and an evaluation thereof. Security matters covered range from authentication, authorisation and misconfiguration issues to information disclosure and obsolete software version concerns.

What is included in a scan?

Cognosec’s Scanning Solutions test and report on:

  • Firewalls & Routers
  • Operating Systems
  • Database Servers
  • Web Servers
  • Application Servers
  • Common Web Scripts
  • Built-in Accounts
  • DNS Servers
  • Mail Servers
  • Web & Other Applications
  • Common Services
  • Wireless Access Points
  • Backdoors
  • SSL/TLS
  • Remote Access
  • Point-of-sale (POS) Software
Download as PDF

Industrial Control Systems (ICS) Security Assessment

ICS implementations are vulnerable primarily to local threats because many of their components are in physically secured areas and the components are not connected to IT networks or systems.

Cognosec Services

Cognosec Services

Features

As the threats to ICS increase – due, in part, to increased geopolitical risks – so the need to protect them increases. In today’s climate, ICS security is an urgent priority. Weaknesses in the security of industrial control systems (ICS) – systems that relate to critical infrastructure such as power, water and transport – and their interfaces with other IT infrastructure can significantly derail businesses and economies. Possible incidents an ICS may face include the following:

  • Blocked or delayed flow of information through ICS networks, which could disrupt ICS operation
  • Unauthorized changes to instructions, commands, or alarm thresholds, which could damage, disable, or shut down equipment, create environmental impacts, and/or endanger human life
  • Inaccurate information sent to system operators, either to disguise unauthorized changes, or to cause the operators to initiate inappropriate actions, which could have various negative effects
  • ICS software or configuration settings modified, or ICS software infected with malware, which could have various negative effects
  • Interference with the operation of safety systems, which could endanger human life.

Description

ICS implementations are vulnerable primarily to local threats because many of their components are in physically secured areas and the components are not connected to IT networks or systems. However, the trend toward integrating ICS systems with IT networks provides significantly less isolation for ICS from the outside world than predecessor systems, creating a greater need to secure these systems from remote, external threats. Also, the increasing use of wireless networking places ICS implementations at greater risk from adversaries who are in relatively close physical proximity but do not have direct physical access to the equipment. Threats to control systems can come from numerous sources, including hostile governments, terrorist groups, disgruntled employees, malicious intruders, complexities, accidents, natural disasters as well as malicious or accidental actions by insiders. Our assessments identify these weaknesses – and recommend solutions. We combine specific tests with traditional penetration testing methods to cover all components and types of infrastructure. These technical tests can be accompanied by architectural and process security reviews.

Specifications

Our auditors will assure that:

  • Logical access to the ICS network and network activity are restricted.
  • Physical access to the ICS network and devices are restricted.
  • Individual ICS components are protected from exploitation.
  • Functionality during adverse conditions can be maintained.
  • The system can be restored after an incident
Download as PDF

Vulnerability Assessment

Cognosec performs regularly scheduled scans (monthly or quarterly), as well as ad hoc scans when needed, that concludes with a final ASV Report containing every threat discovery and an evaluation thereof.

Cognosec Services

Cognosec Services

Features

Vulnerability assessment should be a continuous process for every organisation exposed to the Internet. We offer vulnerability scanning as a subscription service on a monthly (recommended) or a quarterly basis. (Since it’s a semi-automated process, it requires minimum effort from the customer.)

Description

A vulnerability assessment identifies, quantifies and prioritises (or ranks) the vulnerabilities in a system, using both system and application vulnerability scans. System vulnerabilities normally exist because of exploitable programming errors in either the operating system or the hardware, and vendors normally release patches when these errors are made public. Patching hundreds or thousands of systems is a tedious business, though, and can sometimes disable functioning applications. Consequently, it is often resisted by IT departments. Vulnerability scans are semi-automated processes that can check whether patches or updates have been installed, bugs removed and systems securely configured. They report everything found. Our auditors then carefully review the results to sift out false positive and check whether a vulnerability exists – and whether action needs to be taken.

Specification

Cognosec performs regularly scheduled scans (monthly or quarterly), as well as ad hoc scans when needed, that concludes with a final ASV Report containing every threat discovery and an evaluation thereof. Cognosec’s scanning solutions test and report on all of the following systems:

  • Firewalls & Routers
  • Operating Systems
  • Database Servers
  • Web Servers
  • Application Servers
  • Common Web Scripts
  • Built-in Accounts
  • DNS Servers
  • Mail Servers
  • Web & Other Applications
  • Common Services
  • Wireless Access Points
  • Backdoors
  • SSL/TLS
  • Remote Access
  • Point-of-sale (POS) Software
Download as PDF