Filter page

Products

Cybersecurity Awareness Training

A picture is worth a thousand words and we believe a good story is worth a thousand training sessions.

Popcorn

Popcorn

Features

  • Award-winning Popcorn content is guaranteed to amuse, engage and be remembered
  • Single-sign-on with Microsoft Azure means no more forgotten passwords
  • Cloud platform works on any device, and any network. No infrastructure required
  • Course content and scope can be customised per user or department

Description

A picture is worth a thousand words and we believe a good story is worth a thousand training sessions. We create stories that apply key learning points to the working environment; they explain potential threats, as well as how and why policies need to be complied with and what the expected behaviour should be. Key messages in our stories are based on industry best practice and include elements of security frameworks such as ISO 27001, industry standards such as PCI DSS (Payment Card Industry Data Security Standard) and regulations such as Privacy laws (PPI).

Specifications

Cloud requires no real infrastructure other than connectivity and no vimeo blocking on devices accessing the site

Links

Secure coding – Course Catalogue Something Phishy – Course Catalogue  Compliance Training – Course Catalogue

Download as PDF

Unified Security Service

Censornet USS enables you to monitor and control Web, Email and Cloud Application use to provide complete security for your organisation from one dashboard.

CensorNet

CensorNet

Features

  • Cloud Application Visibility
  • Cloud Application Control
  • Safe anywhere on any device
  • Safe Web Access
  • Email Security
  • Safe from Malware
  • Analytics across email, web and applications
  • Fast and Unobtrusive

Description

Censornet USS enables you to monitor and control Web, Email and Cloud Application use to provide complete security for your organisation from one dashboard. You can protect your employees, whether in the office or mobile, against cyber-attacks, and accidental or malicious leaks of sensitive data. Keeping your organisation safe from from the risks associated with the rapid growth in cloud applications, and the emergence of Shadow IT. USS is a comprehensive cyber security service that combines modules for the security, monitoring and control of web, email and cloud application across your network in one dashboard and logging service, meaning that common policies can be easily applied and incidents tracked across different media. USS provides the security and control of an on-premise or end point component with the flexibility and mobility of a cloud service. It is the next generation in Email and Web security with Cloud Application Control giving you the power to extend web access policies to Bring Your Own Device initiatives and to monitor and control Shadow IT.

Specification

  • Software for Networks
  • Available as a downloadable software, CensorNet’s Cloud Gateway software can be deployed on a virtual server or physical server in less than 30 minutes to extend security policies to the entire network
  • Agent Software for Roaming Users or Standalone Devices
  • Microsoft Windows agent that enforces policies on the device. Tamper proof and simple to deploy either with an install wizard or scripted via Active Directory Group Policy. Mac OS X version will be available soon.
  • Secure Browser for iOS
  • A secure browser app for iOS6 and above provides an alternative to Safari which extends the web access controls to the mobile device
  • Scalable
  • Highly optimised for large networks, the solution takes advantage of multiple processors, all available RAM and has a 64-bit architecture
  • Deployment Modes
  • Agent software, Direct proxy (set by group policy, WPAD or manually), or gateway mode for guest, BYOD or non-domain devices
  • WPAD Support
  • Automatic creation of Web Proxy Automatic Discovery (WPAD) file based on network configuration
  • BYOD Captive Portal
  • The Captive Portal allows existing users or guests to adopt BYOD and log in from those devices with valid user credentials e.g. Active Directory
Download as PDF

Services

Gateway Security

In todays connected world, Web & Email Services are critical business tools. Your company has to protect it’s users from multiple internet borne threat vectors at all times on all their devices, from smartphones to laptops and desktop computers.

Cognosec Services

Cognosec Services

Features

We provide a full service offering from consulting, gap analysis, architecture & design, implementation and management of:

  • Hybrid Cloud mail and web gateway services incorporating Cloud application control
  • Integration with Data Loss/Leakage Prevention (DLP) Services
  • Application Aware Content Filtering Capability
  • Advanced Zero Day Threat Detection Capability with Global Threat Intelligence Feeds
  • Enhanced management of Office365 and Gmail (Granular Security Features that appear in our Portal making these platforms safer to use)

Description

In todays connected world, Web & Email Services are critical business tools. Your company has to protect it’s users from multiple internet borne threat vectors at all times on all their devices, from smartphones to laptops and desktop computers. The widespread use of mobile and BYOD platforms has resulted in a vanishing perimeter. Modern web & email gateways have become increasingly complex to configure and manage. They handle huge volumes of digital traffic and need to constantly update their malware, adware, URL reputation services and anti-spam engines. The high adoption of cloud-based email services, like Office365 and Gmail, coupled with an upsurge in mail-borne cyber attacks incorporating ransomware has brought renewed focus to effective web and email security. We provide a thought leadership together with niche services in this domain for any size of business. Hybrid or Cloud-based solutions – seamlessly implemented & managed for you by our Gateway Security Team. This is a subscription service.

Download as PDF

Social Engineering Assessment  

Our Social Engineering Assessments test how easy employees are to manipulate, and they take a variety of forms – from USB-stick ‘drops’ to sophisticated phishing emails. We will try to be as smart as a hacker or cyber criminal will be, even posing as technicians or systems administrators to fool employees.

Cognosec Services

Cognosec Services

Features

Assessment of your social engineering risks can be an add-on to penetration testing or a separate initiative to increase employee awareness. Either way, it should be a serious consideration for any organisation. Lack of awareness among employees can potentially be more dangerous for an organisation than outdated systems. While breaking into an IT system might take weeks or months, a simple call takes just a few minutes, an email even less. Beside than the fact that Information Systems are becoming increasingly complex, one of the key reasons that Social Engineering is so heavily utilized is its low cost to benefit ratio. It can be much faster to simply pick up a phone, pretend to be someone else and ask for a password than it would be to scour source code for any small weakness in IT systems. Targeted individuals do not usually suspect that they are or could be a victim of social engineering, yet the impact of divulging even small, seemingly meaningless pieces of information can be disastrous. This data can be accumulated and used to assume identities of employees and fish for even more valuable information by phone and email, gain access to buildings and restricted areas, plant rogue network devices and continuously monitor data traffic.

Description

Social engineering, in the context of information security, refers to manipulating people into divulging confidential information – or performing acts that put an organisation’s data assets at risk. It differs from a traditional ‘con’ in that it is often one of many steps in a more complex fraud scheme, but, like a traditional con, it exploits human curiosity and gullibility and the natural desire to please or co-operate with others. Our Social Engineering Assessments test how easy employees are to manipulate, and they take a variety of forms – from USB-stick ‘drops’ to sophisticated phishing emails. We will try to be as smart as a hacker or cyber criminal will be, even posing as technicians or systems administrators to fool employees. The assessments have an important role to play in raising awareness – and can help convert employees from potential victims into first responders who spot and report attempted attacks.

Specifications

Cognosec’s Social Engineering is a vital element of a complete penetration test. Once the scope of the testing and accompanying success criteria’s have been determined, our experts will perform any number of social engineering tactics to try and gain access to defined in-scope systems. Cognosec will only perform these tests in areas that have been agreed upon contractually. Any in-scope data extracted or handled during the process will be securely deleted.

Download as PDF

Penetration Testing

The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment.

Cognosec Services

Cognosec Services

Features

Penetration testing is recommended annually, and in the event of major changes to your infrastructure. It is essential for companies holding intellectual property, information linked to personal identities, or financial information such as credit card data – and is often mandated by regulators. Penetration testing will help:

  • Prevent severe financial losses that could arise due to unreliable infrastructure or fraud
  • Provide the necessary proof of due diligence for regulators, customers, and shareholders
  • Protect the brand from the dreadful loss of reputation

Description

Penetration testing is a crucial element in securing your IT systems. Our team of experts can simulate an attack on multiple levels to determine whether sensitive data is at risk. The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment. The assessment identifies weaknesses and vulnerabilities and quantifies the severity thereof – providing the information needed to address and control the threats.

Specifications

Penetration testing is a ‘mock’ or staged attack to identify vulnerabilities in information systems. Our testers, ‘white hat hackers’, put themselves in the position of someone determined to gain access to resources without knowledge of usernames, passwords and other normal means. Like a hacker or cyber criminal, they try every trick in the book, every possible plan of attack. They find the ways applications could be modified, and confidential information such as price lists or customer databases stolen or subverted. They then provide a report – explaining how they ‘broke in’ and how an organisation can avoid it happening ‘for real’.

Download as PDF

PCI Security Awareness Programme 

The Cognosec Security Awareness Program is designed to help you raise the level of understanding of how important security is today, and to help you push responsibility throughout the company.

Cognosec Services

Cognosec Services

Features

Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.

Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package.

We are authorised to help your company obtain and maintain PCI DSS compliance.

Description

It is imperative that any individual capable of accessing information technology resources understands the value of the information resources and their responsibility of keeping those resources safe from abuse. To address PCI DSS requirements 12.5 and 12.6, which refer to the distribution of security polices throughout the company and the existence of a formal security program, Cognosec offers full support in the development of security policies and security awareness programs.

The Cognosec Security Awareness Program is designed to help you raise the level of understanding of how important security is today, and to help you push responsibility throughout the company.

Specification

The Cognosec 360 Security Awareness Program is designed to help you raise the level of understanding of how important security is today and help you push responsibility throughout your organisation. Our highly international staff have decades of experience in IT Security, having worked directly with the major card brands, acquirers as well as merchants and payment service providers. The Cognosec Team fully understands the kind of risk and pressure our clients go through to reach their IT security, compliance and governance objectives.Cognosec’s 2-Day workshop, delivered by a QSA, has three components:

  1. A management training session for senior managers, HR executives and CxOs.
  2. An end-user security awareness training session – including a test of the material.
  3. A session analysing the company polices and ad- dressing any gaps. On completion of the workshop, Cognosec will help you build a sustainable security awareness program into the company.
Download as PDF