Assurance Services

We’ll assess your cybersecurity risks across the three core organizational dimensions – technology, processes and people – and recommend solutions to improve cyber resilience.

WHY do I need Assurance Services?

The risk landscape is changing as technologies, cyber criminals and ‘hacktivisits’ become smarter, and the financial penalties for security failures increase. Our Assurance Services provide an ‘early warning system’ by testing for vulnerabilities in software and hardware.

They enable you to take action to prevent costly security breaches – and help you prove to shareholders and stakeholders you won’t put confidential or sensitive data at unnecessary risk.

WHAT Assurance Services do Cognosec offer?

The short answer: a comprehensive range. We look at risk across the three core dimensions of an organization: technology, processes, people.

We’ll take a ‘holistic’ approach – and we’ll recommend solutions to help you become cyber resilient.

The longer answer:

  • Penetration Testing
  • Application Security Assessment
  • Social Engineering Assessment
  • Vulnerability Assessment
  • Information Systems Audit
  • Industrial Control Systems (ICS) Security Assessment

Each of these services is briefly explained below.

Penetration Testing

WHAT is it?

A penetration test is a simulated attack to identify vulnerabilities in information systems. Our security experts, ‘white hat hackers’, put themselves in the position of someone determined to gain access to systems and data illicitly – for example, without knowledge of usernames and passwords.

Like a hacker or cyber criminal, they try every trick in the book, every possible plan of attack. They find the ways applications could be modified, and confidential information such as price lists or customer databases stolen or subverted. They then provide a report – explaining how they ‘broke in’ and how an organization can avoid it happening ‘for real’.

WHY do I need it?

A penetration test, carried out by a security expert, tells you whether your environment is secure.

WHEN do I need it?

Penetration testing is recommended annually, and in the event of major changes to your infrastructure.

It is essential for companies holding intellectual property, information linked to personal identities, or financial information such as credit card data – and is often mandated by regulators.

Application Security Assessment

WHAT is it?

An application security assessment can be compared with a penetration test, but it focuses on the application layer and goes much deeper.

It is carried out by a team of application security experts using a combination of automated tools and manual tests. The assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components.

Drawing on their own knowledge and experience, our analysts exploit logical errors in the application, as well as coding errors, to gain entry. They also consider the potential impact of any problems – and help you find ‘proportionate’ solutions.

WHY do I need it?

Much more detailed than a penetration test, an application security assessment provides extra assurance that critical applications are secure.

WHEN do I need it?

Business-critical applications that are ‘interfaces’ for external stakeholders should always be assessed before being distributed – or changed or upgraded.

It’s hard to over-estimate the importance of regular reviews for these applications: what might have been state-of-the-art security a year ago can now be an entry point for a hacker.

Social Engineering Assessment

WHAT is it?

Social engineering, in the context of information security, refers to manipulating people into divulging confidential information – or performing acts that put an organization’s data assets at risk. It differs from a traditional ‘con’ in that it is often one of many steps in a more complex fraud scheme, but, like a traditional con, it exploits human curiosity and gullibility and the natural desire to please or co-operate with others.

Our Social Engineering Assessments test how easy employees are to manipulate, and they take a variety of forms – from USB-stick ‘drops’ to sophisticated phishing emails.

We will act as hackers or cyber criminals, even posing as technicians or systems administrators to fool employees.

The assessments have an important role to play in raising awareness – and can help convert employees from potential victims into first responders who spot and report attempted attacks.

WHY do I need it?

A social engineering assessment focuses on the core dimension of people – and so is necessary to mitigate risk effectively.

WHEN do I need it?

Assessment of your social engineering risks can be an add-on to penetration testing or a separate initiative to increase employee awareness. Either way, it should be a serious consideration for any organization.

Lack of awareness among employees can potentially be more dangerous for an organization than outdated systems. While breaking into an IT system might take weeks or months, a simple call takes just a few minutes, an email even less.

Vulnerability Assessment

WHAT is it?

A vulnerability assessment identifies, quantifies and prioritizes (or ranks) the vulnerabilities in a system, using both system and application vulnerability scans.

System vulnerabilities normally exist because of exploitable programming errors in the operating system, and vendors normally release patches when these errors are made public. Patching hundreds or thousands of systems is a tedious business, though, and can sometimes disable functioning applications. Consequently, it is often resisted by IT departments.

Vulnerability scans are semi-automated processes that can check whether patches or updates have been installed, bugs removed and systems securely configured. They report everything found. Our auditors then carefully review the results to ‘sift out’ false positives, and check whether a vulnerability exists and action needs to be taken.

WHY do I need it?

Vulnerability scanning helps you identify systems that have not been updated properly or configured securely to prevent unauthorized access.

WHEN do I need it?

Vulnerability assessment should be a continuous process for every organization exposed to the Internet.

We offer vulnerability scanning as a subscription service, usually on a monthly (recommended) or a quarterly or weekly basis. Scans run automatically, and the results are sent by email.

Information Systems Audit

WHAT is it?

An information technology audit, or information systems (IS) audit, is an examination of the management controls for IT infrastructure and a complete review of the security of computer systems.

It determines whether information systems are safeguarding assets, maintaining data integrity and operating effectively to achieve an organization’s goals.

WHY do I need it?

Normally required by regulators and legislators, information systems audits can be based on many different frameworks, such as ISO 27001, COBIT and HIPAA, or one of the many industry-specific security standards. However, they all serve the same purpose: to provide assurance that the necessary controls have been put in place.

WHEN do I need it?

The frequency of an IS audit will sometimes be mandated by a regulator, but for any organization managing or processing personal or financial information – whatever its sector or size – annual audits are the absolute minimum.

Regular audits are essential to keep pace with changes to IT infrastructure and systems – and with changes in the risk landscape.

ICS Security Assessment

WHAT is it?

Our ICS Security Assessments identify weaknesses in the security of industry control systems (ICS) – systems that relate to critical infrastructure such as power, water and transport – and their interfaces with other IT infrastructure.

We combine specific tests with traditional penetration testing to cover all components and types of infrastructure. These technical tests can be accompanied by architectural and process security reviews.

WHY do I need it?

Traditionally, ICS systems could only be attacked by physical means. Connection to the Internet has changed all that: today, attackers can probe for weaknesses remotely and exploit them.

We can spot problems before an attacker does – and recommend solutions.

A vital part of critical infrastructure, ICS must be secured to ensure safety and continuous operation – and protect businesses and economies.

WHEN do I need it?

As the threats to ICS increase – due, in part, to increased geopolitical risks and the increased connectivity of the ‘Internet of Things’ – so the need to protect them increases.

Changes in ICS environments are not as frequent as in modern non-ICS environments. Nevertheless, a security assessment should be carried out regularly, ideally, once a year.

WHY Cognosec?

Seven good reasons…

  1. We have extensive experience across a wide-range of industries. We have conducted penetration tests that have helped customers identify entry points into online banking systems, telecom networks and other large-scale IT infrastructure.
  1. We apply the breadth of the knowledge we’ve gained through our experience to our clients’ specific circumstances and applications.
  1. We take a ‘holistic’ approach to social engineering risks, performing a variety of tests – and helping to educate employees.
  1. We help monitor the work of the IT department and check the ‘currency’ of information security management systems through detailed analysis of vulnerability scans.
  1. We benchmark systems and processes against recognized industry standards and best practice to provide a full IS audit.
  1. We understand the real-world threats and vulnerabilities that exist in technology and architecture and can help defend ICS against current and emerging cyber threats. We assess against well-known industry standards and guidance for securing ICS – for example, NIST SP 800-82.
  1. More than all this… We take a ‘bespoke’ approach, tailoring our services to help our clients make the right decisions and the right investments. Our experts have experience as both providers and clients – they understand what it’s like to be on the customer’s side of the fence, and the need to balance (often competing) spending priorities.

3 – Detect

Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

4 – Respond

Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

5 – Recover

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Products

Network Security Platform (NSP)

McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network.

McAfee

McAfee

Features

Unparalleled Advanced Threat prevention

  • Signature-less, advanced malware analysis
  • Inline Browser and JavaScript emulation
  • Advanced botnet and malware callback detection
  • Behavior-based analysis and DDoS protection
  • Integration with McAfee Advanced Threat Defense

Security Connected

  • Real-time threat sharing with McAfee Threat Intelligence Exchange (TIE)
  • Endpoint context via ePolicy Orchestrator® (McAfee ePO™)
  • Endpoint process correlation via Endpoint Intelligence Agent
  • Data Sharing and Quarantine with McAfee Enterprise Security Manager (SIEM)
  • Host Risk Analysis via McAfee Vulnerability Manager
  • Predictive malware detection via McAfee GTI

Description

McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network. Using advanced detection and emulation techniques, it moves beyond mere pattern matching to defend against stealthy attacks with extreme accuracy. This next-generation hardware platform scales to speeds of more than 40 GBPS with a single device to meet the needs of demanding networks. The Security Connected approach to security management streamlines security operations by combining real-time McAfee Global Threat Intelligence (McAfee GTI) feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks.

Links

Data Sheet

Solution Brief

Product Guide 

Administration Guide 

Case Study

Download as PDF

Security Information & Event Management (SIEM)

McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.

McAfee

McAfee

Features

Add-ons:

McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.

McAfee Application Data Monitor – monitor all the way to the application layer to detect fraud, data loss, and advanced threats. This SIEM tool supports accurate analysis of real application use, while enforcing policies and detecting malicious, covert traffic.

McAfee Database Event Monitor for SIEM – complete audit trail of all database activities, including queries, results, authentication activity, and privilege escalations, widening your visibility into who’s accessing your data and why.

McAfee Event Receiver – Collect up to tens of thousands of events per second with a single receiver.

McAfee Enterprise Log Manager – Reduce compliance costs with automated log collection, storage, and management. Collect, compress, sign, and store all original events with a clear audit trail of activity that can’t be repudiated.

McAfee Global Threat Intelligence for Enterprise Security Manager – Constantly updated threat intelligence feed that broadens situational awareness by enabling rapid discovery of events involving communications with suspicious or malicious IPs.

Description

A high-performance security information and event management (SIEM) solution brings event, threat, and risk data together to provide security intelligence, rapid incident response, seamless log management, and compliance reporting—delivering the context required for adaptive security risk management.

Specifications

Supported devices

System requirements

Processor

  • P4 class (not Celeron) or higher (Mobile/Xeon/Core2,Corei3/5/7)
  • AMD AM2 class or higher (Turion64/Athlon64/Opteron64,A4/6/8)
  • RAM — 1.5 GB

Windows operating system

  • Windows 2000
  • Windows XP
  • Windows 2003 Server
  • Windows Vista
  • Windows 2008 Server
  • Windows Server 2012
  • Windows 7
  • Windows 8
  • Windows 8.1

Browsers

  • Internet Explorer 9 or later
  • Mozilla Firefox 9 or later
  • Google Chrome 33 or later

Flash Player

  • Version 11.2.x.x or later

Virtual Machine requirements

  • Processor — 8-core 64-bit, Dual Core2/Nehalem, or higher or AMD Dual Athlon64/Dual Opteron64 or higher
  • RAM — Depends on the model (4 GB or more)
  • Disk space — Depends on the model (250 GB or more)
  • ESM features use pop-up windows when uploading or downloading files. Disable the pop-up blocker for your ESM.
  • ESXi 5.0 or later
  • The minimum requirement is 250 GB unless the VM purchased has more. See the specifications for your VM product.

Links

Data Sheet
Solution Brief
Product Guide 9.6
Insurance Case Study  

Download as PDF

Services

Incident Response  

Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach.

Cognosec Services

Cognosec Services

Features

Cognosec can assist you with the following steps:

  1. Creating an incident response policy and plan
  2. Developing procedures for performing incident handling and reporting
  3. Setting guidelines for communicating with outside parties regarding incidents
  4. Establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies)
  5. Determining what services the incident response team should provide
  6. Training the incident response team

Description

Combating malicious software and events in your environment isn’t just a matter of implementing the right technological solutions. Effectively combating malicious activities is a solution that combines people, processes, and technology.

Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach. Cognosec’s Incident Response solution will also help establish new defenses, protecting your systems and data from future attacks

Specification

According to the SANS Institute, there are six steps to handling an incident most effectively:

Preparation: The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.

Identification: The response team is activated to decide whether a particular event is, in fact, a security incident. The team may contact the CERT Coordination Center, which tracks Internet security activity and has the most current information on viruses and worms.

Containment: The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.

Eradication: The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.

Recovery: Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence.

Lessons learned: The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.

Download as PDF

Compliance Management     

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations.

Cognosec Services

Cognosec Services

Features

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organisations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls] This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources

Description

Cognosec’s extensive experience and expertise in the Governance, Risk, and Compliance (GRC) sector has proven invaluable to countless organizations expecting to meet internal and external requirements in preparation for receiving certification. Cognosec’s independent and objective assessment on the policies and processes fulfills four major roles:

  • Prepares you for the challenging process of certification.
  • Avoids the potentially severe financial loss you may suffer for being incompliant with external regulations
  • Prioritizes the corrective measures in order of maximum efficiency and effectiveness to your business processes.
  • Ensures your regulators, customers, and shareholders that proper due diligence measures have been taken.

Our specialists will work side by side with the compliance, security, and risk officer in the design and improvement of company frameworks, guidelines, and processes.

Download as PDF

Application Security Assessment

The Application Security assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components.

Cognosec Services

Cognosec Services

Features

Business-critical applications that are ‘interfaces’ for external stakeholders should always be assessed before being distributed – or changed or upgraded. And it’s hard to over-estimate the importance of regular reviews for these applications: what might have been state-of-the-art security a year ago can now be an entry point for a hacker.

Description

An application security assessment is a much more detailed penetration test, focusing on one specific application and checking that the necessary controls to protect information are in place. It is carried out by an experienced analyst, usually using a combination of open source and commercial automated utilities. The assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components. Our analysts use logical errors in the application, as well as coding errors, to gain entry. We also look at what would happen if vulnerabilities were exploited, and advise on how they could be fixed.

Specification

Application Security Testing

Our testing approach is supported by a set of automated tools that not only identify common application vulnerabilities but also reveal business logic flaws that could be misused by attackers. In addition to these automated tests that cover a majority of common security flaws, we use conventional black box penetration testing techniques, which can be combined with a review of the applications critical source code to increase depth and optimize efficiency.

Source Code Inspection

A deep analysis of the application’s source code will be undertaken, identifying core weaknesses. Vulnerabilities will be assessed, prioritising them based on their severity and probability of exploitation.

Application Security Architecture

The fundamental design and logic of your application architecture will be assessed including its surrounding business environment. The number of ways in which an application can be written and developed is incalculable and therefore, to ensure maximum security potential, best-practice standards need to be upheld.

Application Security Controls

Merely optimising your application security architecture is often not enough; security controls also need to be put into place to fully secure an application. The integrity and effectiveness of controls such as authentication & session management, authorisation, cryptography & key management, data input validation techniques, and transport layer protection mechanisms will be reviewed to maximise your application’s level of security.

Download as PDF

Penetration Testing

The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment.

Cognosec Services

Cognosec Services

Features

Penetration testing is recommended annually, and in the event of major changes to your infrastructure. It is essential for companies holding intellectual property, information linked to personal identities, or financial information such as credit card data – and is often mandated by regulators. Penetration testing will help:

  • Prevent severe financial losses that could arise due to unreliable infrastructure or fraud
  • Provide the necessary proof of due diligence for regulators, customers, and shareholders
  • Protect the brand from the dreadful loss of reputation

Description

Penetration testing is a crucial element in securing your IT systems. Our team of experts can simulate an attack on multiple levels to determine whether sensitive data is at risk. The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment. The assessment identifies weaknesses and vulnerabilities and quantifies the severity thereof – providing the information needed to address and control the threats.

Specifications

Penetration testing is a ‘mock’ or staged attack to identify vulnerabilities in information systems. Our testers, ‘white hat hackers’, put themselves in the position of someone determined to gain access to resources without knowledge of usernames, passwords and other normal means. Like a hacker or cyber criminal, they try every trick in the book, every possible plan of attack. They find the ways applications could be modified, and confidential information such as price lists or customer databases stolen or subverted. They then provide a report – explaining how they ‘broke in’ and how an organisation can avoid it happening ‘for real’.

Download as PDF