Network Security Platform (NSP)
McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network.
Unparalleled Advanced Threat prevention
- Signature-less, advanced malware analysis
- Advanced botnet and malware callback detection
- Behavior-based analysis and DDoS protection
- Integration with McAfee Advanced Threat Defense
- Real-time threat sharing with McAfee Threat Intelligence Exchange (TIE)
- Endpoint context via ePolicy Orchestrator® (McAfee ePO™)
- Endpoint process correlation via Endpoint Intelligence Agent
- Data Sharing and Quarantine with McAfee Enterprise Security Manager (SIEM)
- Host Risk Analysis via McAfee Vulnerability Manager
- Predictive malware detection via McAfee GTI
McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network. Using advanced detection and emulation techniques, it moves beyond mere pattern matching to defend against stealthy attacks with extreme accuracy. This next-generation hardware platform scales to speeds of more than 40 GBPS with a single device to meet the needs of demanding networks. The Security Connected approach to security management streamlines security operations by combining real-time McAfee Global Threat Intelligence (McAfee GTI) feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks.
Security Information & Event Management (SIEM)
McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.
McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.
McAfee Application Data Monitor – monitor all the way to the application layer to detect fraud, data loss, and advanced threats. This SIEM tool supports accurate analysis of real application use, while enforcing policies and detecting malicious, covert traffic.
McAfee Database Event Monitor for SIEM – complete audit trail of all database activities, including queries, results, authentication activity, and privilege escalations, widening your visibility into who’s accessing your data and why.
McAfee Event Receiver – Collect up to tens of thousands of events per second with a single receiver.
McAfee Enterprise Log Manager – Reduce compliance costs with automated log collection, storage, and management. Collect, compress, sign, and store all original events with a clear audit trail of activity that can’t be repudiated.
McAfee Global Threat Intelligence for Enterprise Security Manager – Constantly updated threat intelligence feed that broadens situational awareness by enabling rapid discovery of events involving communications with suspicious or malicious IPs.
A high-performance security information and event management (SIEM) solution brings event, threat, and risk data together to provide security intelligence, rapid incident response, seamless log management, and compliance reporting—delivering the context required for adaptive security risk management.
- P4 class (not Celeron) or higher (Mobile/Xeon/Core2,Corei3/5/7)
- AMD AM2 class or higher (Turion64/Athlon64/Opteron64,A4/6/8)
- RAM — 1.5 GB
Windows operating system
- Windows 2000
- Windows XP
- Windows 2003 Server
- Windows Vista
- Windows 2008 Server
- Windows Server 2012
- Windows 7
- Windows 8
- Windows 8.1
- Internet Explorer 9 or later
- Mozilla Firefox 9 or later
- Google Chrome 33 or later
- Version 11.2.x.x or later
Virtual Machine requirements
- Processor — 8-core 64-bit, Dual Core2/Nehalem, or higher or AMD Dual Athlon64/Dual Opteron64 or higher
- RAM — Depends on the model (4 GB or more)
- Disk space — Depends on the model (250 GB or more)
- ESM features use pop-up windows when uploading or downloading files. Disable the pop-up blocker for your ESM.
- ESXi 5.0 or later
- The minimum requirement is 250 GB unless the VM purchased has more. See the specifications for your VM product.
Unified Security Service
Censornet USS enables you to monitor and control Web, Email and Cloud Application use to provide complete security for your organisation from one dashboard.
- Cloud Application Visibility
- Cloud Application Control
- Safe anywhere on any device
- Safe Web Access
- Email Security
- Safe from Malware
- Analytics across email, web and applications
- Fast and Unobtrusive
Censornet USS enables you to monitor and control Web, Email and Cloud Application use to provide complete security for your organisation from one dashboard. You can protect your employees, whether in the office or mobile, against cyber-attacks, and accidental or malicious leaks of sensitive data. Keeping your organisation safe from from the risks associated with the rapid growth in cloud applications, and the emergence of Shadow IT. USS is a comprehensive cyber security service that combines modules for the security, monitoring and control of web, email and cloud application across your network in one dashboard and logging service, meaning that common policies can be easily applied and incidents tracked across different media. USS provides the security and control of an on-premise or end point component with the flexibility and mobility of a cloud service. It is the next generation in Email and Web security with Cloud Application Control giving you the power to extend web access policies to Bring Your Own Device initiatives and to monitor and control Shadow IT.
- Software for Networks
- Available as a downloadable software, CensorNet’s Cloud Gateway software can be deployed on a virtual server or physical server in less than 30 minutes to extend security policies to the entire network
- Agent Software for Roaming Users or Standalone Devices
- Microsoft Windows agent that enforces policies on the device. Tamper proof and simple to deploy either with an install wizard or scripted via Active Directory Group Policy. Mac OS X version will be available soon.
- Secure Browser for iOS
- A secure browser app for iOS6 and above provides an alternative to Safari which extends the web access controls to the mobile device
- Highly optimised for large networks, the solution takes advantage of multiple processors, all available RAM and has a 64-bit architecture
- Deployment Modes
- Agent software, Direct proxy (set by group policy, WPAD or manually), or gateway mode for guest, BYOD or non-domain devices
- WPAD Support
- Automatic creation of Web Proxy Automatic Discovery (WPAD) file based on network configuration
- BYOD Captive Portal
- The Captive Portal allows existing users or guests to adopt BYOD and log in from those devices with valid user credentials e.g. Active Directory
In todays connected world, Web & Email Services are critical business tools. Your company has to protect it’s users from multiple internet borne threat vectors at all times on all their devices, from smartphones to laptops and desktop computers.
We provide a full service offering from consulting, gap analysis, architecture & design, implementation and management of:
- Hybrid Cloud mail and web gateway services incorporating Cloud application control
- Integration with Data Loss/Leakage Prevention (DLP) Services
- Application Aware Content Filtering Capability
- Advanced Zero Day Threat Detection Capability with Global Threat Intelligence Feeds
- Enhanced management of Office365 and Gmail (Granular Security Features that appear in our Portal making these platforms safer to use)
In todays connected world, Web & Email Services are critical business tools. Your company has to protect it’s users from multiple internet borne threat vectors at all times on all their devices, from smartphones to laptops and desktop computers. The widespread use of mobile and BYOD platforms has resulted in a vanishing perimeter. Modern web & email gateways have become increasingly complex to configure and manage. They handle huge volumes of digital traffic and need to constantly update their malware, adware, URL reputation services and anti-spam engines. The high adoption of cloud-based email services, like Office365 and Gmail, coupled with an upsurge in mail-borne cyber attacks incorporating ransomware has brought renewed focus to effective web and email security. We provide a thought leadership together with niche services in this domain for any size of business. Hybrid or Cloud-based solutions – seamlessly implemented & managed for you by our Gateway Security Team. This is a subscription service.
Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach.
Cognosec can assist you with the following steps:
- Creating an incident response policy and plan
- Developing procedures for performing incident handling and reporting
- Setting guidelines for communicating with outside parties regarding incidents
- Establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies)
- Determining what services the incident response team should provide
- Training the incident response team
Combating malicious software and events in your environment isn’t just a matter of implementing the right technological solutions. Effectively combating malicious activities is a solution that combines people, processes, and technology.
Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach. Cognosec’s Incident Response solution will also help establish new defenses, protecting your systems and data from future attacks
According to the SANS Institute, there are six steps to handling an incident most effectively:
Preparation: The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.
Identification: The response team is activated to decide whether a particular event is, in fact, a security incident. The team may contact the CERT Coordination Center, which tracks Internet security activity and has the most current information on viruses and worms.
Containment: The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.
Eradication: The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.
Recovery: Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence.
Lessons learned: The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations.
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls] This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources
Cognosec’s extensive experience and expertise in the Governance, Risk, and Compliance (GRC) sector has proven invaluable to countless organizations expecting to meet internal and external requirements in preparation for receiving certification. Cognosec’s independent and objective assessment on the policies and processes fulfills four major roles:
- Prepares you for the challenging process of certification.
- Avoids the potentially severe financial loss you may suffer for being incompliant with external regulations
- Prioritizes the corrective measures in order of maximum efficiency and effectiveness to your business processes.
- Ensures your regulators, customers, and shareholders that proper due diligence measures have been taken.
Our specialists will work side by side with the compliance, security, and risk officer in the design and improvement of company frameworks, guidelines, and processes.
Application Security Assessment
The Application Security assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components.
Business-critical applications that are ‘interfaces’ for external stakeholders should always be assessed before being distributed – or changed or upgraded. And it’s hard to over-estimate the importance of regular reviews for these applications: what might have been state-of-the-art security a year ago can now be an entry point for a hacker.
An application security assessment is a much more detailed penetration test, focusing on one specific application and checking that the necessary controls to protect information are in place. It is carried out by an experienced analyst, usually using a combination of open source and commercial automated utilities. The assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components. Our analysts use logical errors in the application, as well as coding errors, to gain entry. We also look at what would happen if vulnerabilities were exploited, and advise on how they could be fixed.
Application Security Testing
Our testing approach is supported by a set of automated tools that not only identify common application vulnerabilities but also reveal business logic flaws that could be misused by attackers. In addition to these automated tests that cover a majority of common security flaws, we use conventional black box penetration testing techniques, which can be combined with a review of the applications critical source code to increase depth and optimize efficiency.
Source Code Inspection
A deep analysis of the application’s source code will be undertaken, identifying core weaknesses. Vulnerabilities will be assessed, prioritising them based on their severity and probability of exploitation.
Application Security Architecture
The fundamental design and logic of your application architecture will be assessed including its surrounding business environment. The number of ways in which an application can be written and developed is incalculable and therefore, to ensure maximum security potential, best-practice standards need to be upheld.
Application Security Controls
Merely optimising your application security architecture is often not enough; security controls also need to be put into place to fully secure an application. The integrity and effectiveness of controls such as authentication & session management, authorisation, cryptography & key management, data input validation techniques, and transport layer protection mechanisms will be reviewed to maximise your application’s level of security.
The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment.
Penetration testing is recommended annually, and in the event of major changes to your infrastructure. It is essential for companies holding intellectual property, information linked to personal identities, or financial information such as credit card data – and is often mandated by regulators. Penetration testing will help:
- Prevent severe financial losses that could arise due to unreliable infrastructure or fraud
- Provide the necessary proof of due diligence for regulators, customers, and shareholders
- Protect the brand from the dreadful loss of reputation
Penetration testing is a crucial element in securing your IT systems. Our team of experts can simulate an attack on multiple levels to determine whether sensitive data is at risk. The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment. The assessment identifies weaknesses and vulnerabilities and quantifies the severity thereof – providing the information needed to address and control the threats.
Penetration testing is a ‘mock’ or staged attack to identify vulnerabilities in information systems. Our testers, ‘white hat hackers’, put themselves in the position of someone determined to gain access to resources without knowledge of usernames, passwords and other normal means. Like a hacker or cyber criminal, they try every trick in the book, every possible plan of attack. They find the ways applications could be modified, and confidential information such as price lists or customer databases stolen or subverted. They then provide a report – explaining how they ‘broke in’ and how an organisation can avoid it happening ‘for real’.