Aegify RSC Suite

• Reduced risk
• Unified/integrated approach
• Lower total cost of ownership
• Oversight ease
• Maximum security
• No compliance tradeoffs

The NEED

RISK management is not optional for healthcare, retail and financial organizations.
When SECURITY breaches happen, critical data is compromised, jobs are lost and profits disappear. Managing the regulatory maze is challenging. PCI, ISO and SANS 20 COMPLIANCE is best practice. HIPAA, GLBA and FISMA COMPLIANCE is the law. Risk, security and compliance (RSC) protection is complex and cumbersome. Until now. Discover the effective simplicity of a unified RSC solution. Discover Aegify.

• Aegify RSC Suite includes:
• Aegify Risk Manager
• Aegify Security Manager
• Aegify Compliance Manager
• Aegify Integrity Manager

UNIFIED APPROACH

For management ease and cost reduction, most healthcare providers and business associates prefer a unified Risk, Security and Compliance solution. Consider these diagnostic questions:

• Are you confident your vendors and business associates are compliant with all regulations?
• Are burdens of compliance forcing you to take calculated risks due to resource constraints?
• Do you have multiple siloed solutions that cause integration, management and financial headaches?
• If your answers are mostly “yes,” consider Aegify RSC Suite

Diagnose

Within hours, you will know:

• Your total organizational risk including your risk from each of your vendors and business associates
• Where your security threats lie
• What curative measures need to be undertaken
• Your compliance status with HIPAA, Meaningful Use, HITECH, PCI, ISO, SANS 20 and all other regulations and standards

Cure

Follow Aegify instructions to:

• Minimize organizational risk
• Close your risk, security and compliance gaps
• Comply with all applicable regulations and standards

Protect

24/7 continuous monitoring program will:

• Reduce all risk… today and tomorrow
• Diagnose and cure future security threats in real time
• Comply with all applicable current and future regulations

WHY AEGIFY?

Aegify was founded on a simple set of guiding principles:

• RSC services are too siloed, complicated and expensive
• The market needs a holistic RSC solution that diagnoses, cures and prevents future catastrophic events from occurring

Today, the Aegify Suite is a unique unified solution that operates at the intersection of security, compliance and risk management for healthcare, retail and financial organizations.

For those that don’t need a unified RSC Solution, each individual Aegify Manager product is a robust standalone solution.

Allure Security reduces data loss by analyzing risks associated with document access and sharing activities, inside and outside of an organization’s control. Their patented technology combines the power of beacons, threat intelligence and active defense to detect and respond to digital risks, better understand the scope of attacks and hold bad actors accountable. Fields of Appliance: Website Spoofing Allure Website Beacons detect a spoofed website as soon as it is viewed by the first visitor, which initiates the take down process immediately upon fraud being committed. Intelligence is then collected to quantify customer and brand impact, inform responses (i.e. notify impacted clients to reset passwords) and uncloak attackers. The spoofed website can also be flooded with decoy credentials until the site is taken down to devalue the information collected by the adversary, and Allure Decoy Documents are used to detect intrusions resulting from attacks. Cloud-Share Risk Allure continuously watch document activities in the cloud and use patented document beacons to track documents after they’ve been downloaded, copied or shared externally. We enrich all file activities with proprietary geofence insights and leverage unique model-based analytics to surface and mitigate risks that otherwise go undetected and unaddressed. Users can generate scheduled or on-demand risk reports, integrate with a SIEM to correlate findings, create custom email alerts based on specific criteria, and deploy decoy documents to foil and reveal hackers and leakers. Intrusions & Insiders Allure uses attacker behaviors and confidence to the advantage of investigators to narrow and eliminate suspects by planting or sharing alluring documents with beacons to see who takes the bait. Once documents are opened, investigators will receive proprietary geofence and telemetry insights. Attackers and leakers can be revealed by correlating Allure's insights with other available data, and attackers can be held accountable by sharing identifiable findings with company decision makers and/or law enforcement. What it provides?

• Third-Party Monitoring. Know when third parties mishandle or share files outside of policy
• Document Flow Analytics. Uncover file access and sharing patterns both inside and outside of an organization
• Breach & Leak Detection. Be alerted early in the attack cycle if sensitive files are compromised or exfiltrated
• Risk Reports. Schedule monthly reports or generate them on-demand
• Data Loss Forensics. Track data loss back to the source and hold culprits accountable
• Geo Location Enrichment. Enrich file logs with proprietary geo location insights

The AMT Technology Website

The AMT (Agentless anti-Malware Technology) is a new proprietary Minded Security technology for detection and management of malware software. AMT has been developed after years of study for detecting and managing in real time advanced banking malware for our customers online users. The core engine is a JavaScript Analyzer written by renowned JavaScript experts specialized in advanced JavaScript security research. Various innovative analysis technique have been used in AMT such as Trusted JavaScript Modeling combined with optimized WebInject differential analysis.

The product: AMT Banking Malware Detector

The AMT Banking Malware Detector is a sophisticated security platform for detecting and managing advanced malware on your online banking customers in real time. AMT Banking Malware Detector instantly recognizes all new malwares that have been installed on users' computer interacting with your Internet Banking Web Site. The technology is able to detect all types of banking malwares, with a focus on targeted malware specifically designed to attack a particular bank.

Key Features:

• Agentless: does not install anything on user’s computer.
• Transparent: does not alter the user experience.
• Proactive detection: detects malware not known yet.
• Easy Setup: installation and tuning in just a few days.
• Available in both modes cloud and appliance.

Performance

No degradation in the performance of the bank infrastructure: no need to install new infrastructure components.
Light Deployment: for portals with millions of users does not require significant additional infrastructure.

• Fraud Risk Management

The technology reduces risk of infected users preventing frauds.
Can be easily managed by the bank's internal anti-fraud team through the innovative HTML5 interface.

• Easy Management

The product is easy to install with a single JavaScript source for multiple sites. No need to install new infrastructure components (no impact on Business Continuity).
Easy to manage with AMT control panel and AMT daily reports.

• Customization

It is designed to integrate with any anti-fraud systems with the ability to customize the modular components such as GUI, API, and specific components.
Ability to create ad hoc components for malware detection.

Why choosing AMT?

The key point of the AMT Banking Malware Detector is the new proactive approach.

AMT creates a model of Custom Signature Engine (CSE) for each online banking service.

The CSE permits to perform a continuous comparison with the mutations and to identify in real time a new threat.

AMT Banking Malware Detector allows to identify malware victims before they will be defrauded.

Axur’s services monitor threats outside your perimeter, that is, anything beyond your firewall. All information stored on our platform is public data that represents some risk to your company. We make every effort to ensure that all our customers have the best experience with our Customer Success department. In addition, we have a CSIRT consisting of a Professional Services team who are specialists in Digital Risks. Axur One protects our customers from digital risks found in social networks, mobile, superficial web, deep web, marketplaces, spam email and other digital platforms. Monitoring sources may vary according to the needs of our customers.

Blueliv takes a proactive approach to cyber defense, delivering targeted, actionable cyber threat intelligence and protecting your company from the outside in introducing Threat Compass. Threat Compass uses sophisticated algorithms to deliver actionable, automated cyber threat intelligence from open, closed and private sources. This makes it easier to identify and manage real threats targeting your organization – for faster decision-making and accelerated performance. It's built from a customizable group of targeted modules, backed up by our world-class in-house analyst team. Enrich and contextualize threats so you can detect attacks, defend your assets and understand your adversaries’ plans before they strike. Integration is frictionless, with full API and flexible plugins so Threat Compass’ targeted intelligence is immediately available to your security systems and teams. The cloud platform’s easy setup means you gain and maintain valuable situational awareness instantly. By triaging incident responses, your security team is empowered to rapidly detect and mitigate threats, remediate damage and implement strategic solutions that make it extremely difficult for a similar attack vector to succeed. Targeted threat intelligence saves time and maximizes security resource while accelerating incident response performance. Credentials Find actionable intelligence around leaked, stolen and sold user credentials. We locate them in real-time on the open, deep and dark web, along with information about relevant malware used to steal the information. Blueliv’s sinkholes, honeypots, crawlers and sensors are continuously searching for your stolen credentials, helping eliminate blind spots in your threat landscape. Credit cards Dig deep enough and you can find all sorts of credit card data online. This module can dramatically reduce losses from theft and fraud of credit cards. We retrieve stolen credit card data and provide information to help organizations mitigate the damage. Hacktivism Monitor global hacktivism activity on social networks and the open and dark web that can affect your infrastructure. Using an advanced early-warning system and active geolocator, the module generates targeted threat intelligence to shield against potential attack vectors. Mobile apps Malicious and illegal applications are hiding in plain sight in non-official marketplaces, luring your customers away and even stealing their data. Our module specializes in detecting applications claiming affiliation to your organization or using company assets without authorization to protect your brand and reputation. Social Media Monitoring Monitor your organization’s digital footprint on social networks and search engines. Find websites not authorized to use your brands, logos, assets claiming partnership affiliation assets and more, so you can take proactive steps to shut them down. Data leakage Discover if your organization’s sensitive documents have been leaked on the internet, deep web or P2P networks, intentionally or not, such as with shared internal documents with poorly-secured file sharing providers. Malware Our Targeted Malware module allows you to detect malware seeking to steal sensitive information or commit fraud. The aggressive solution proactively hunts down targeted malware and ‘Man in the Browser’ attacks, aimed specifically at your organization. Through robust and continuous analysis of millions of samples per month, we provide forensic reporting on malware behavior targeting your systems. Dark web Boost your awareness of what’s going on in the underground, observe malicious activities targeting your organization and proactively prevent future attacks.  Gain an advantage by putting a spy in the enemy’s camp:  become better informed about criminals targeting your organization; proactively prepare countermeasures; find stolen user credentials. Domain Protection Fraudulent domains are a risk to your organization and your end customers, with the goal of stealing information or damaging your brand.  Combat phishing and cybersquatting by proactively detecting attacks and take countermeasures.

IT SECURITY & COMPLIANCE - PROBLEM SOLVED!

NNT’s Change Tracker™ Gen7 R2 solves IT Security and the problems that plague all organizations – the overwhelming noise of change control and ensuring the integrity of IT systems. Completely redesigned with both security and IT operations in mind, Change Tracker™ Gen7 R2 is the only solution designed to reduce change noise and the complexity of integrity monitoring and policy management all while allowing for unprecedented scalability and management that meets the most demanding enterprise environments. Gen7 R2 integrates with leading Service desks and Change Management solutions to reconcile the changes that are actually occurring within your environment with those that were expected and part of an approved Request for Change. Security and IT Service Management (ITSM) have traditionally observed and managed change in two very different ways. By linking the changes approved and expected within the ITSM world with those that are actually happening from a security perspective, SecureOps™ is delivered and underpins effective, ongoing security and operational availability.

Change Tracker Features And Benefits

Automates CIS Controls Spot cyber threats, identify any suspicious changes and adjust the secure baseline for all of your systems in real-time with NNT Change Tracker™ Gen7R2. Approve changes to the authorized baseline with a simple point and click. Breach Prevention Ensure all IT assets are secure and breach free at all times by leveraging state of the art, recommended security and configuration hardening settings along with real-time system vulnerability and configuration drift management. Breach Detection Change Tracker™ Gen7 R2 identifies suspicious activity using highly sophisticated contextual change control underpinned by threat intelligence to spot breach activity while reducing change noise. Real-Time Contextual File Integrity Monitoring Change Tracker™ intelligently analyzes all changes in real-time leveraging the world’s largest repository of independently verified whitelisted files combined with intelligent and automated planned change rules to significantly reduce change noise and deliver a true FIM solution. System Hardening & Vulnerability Management Minimize your attack surface with continuous and real-time clear configuration guidance and remediation based on CIS and other industry standard benchmarks for system hardening and vulnerability mitigation guidance. Continuous Compliance Monitoring Across all Industries NNT provides comprehensive tailored or pre-built reports to provide vital evidence to security staff, management and auditors of the ongoing and improving state of your organizations secure and compliant posture.

New Features and Functionality

• All new Dashboard, fully customizable with choice of widgets and multiple tabs for alternative Dashboard layouts

• ‘Single-Page Application’ design gives a contemporary, super-responsive Change Tracker experience

• New universal Query/Report controls, consistently available, enables reports to be built ‘off the page’

• New Reports Center – build and schedule any reports, with graphically-rich content, including all new Executive Report showing overall security of your estate

• ‘Expert Event Analysis’ sections for reports, with events automatically pre-analyzed to show ‘noisiest’ devices, paths, registry settings and any other monitored configuration attributes to aid decision making in your Change Control Program

• Report production now performance optimized, even large volume event reports are generated on a streamed basis to minimize impact on Hub server resources

• Report properties can be tailored – include a hyperlinked Table of Contents, Event Details table and Query Parameters, together with as many/few event attributes as required

• New Group & Device/Date & Time filter and selection control panel, selections persist for any page accessed, panel can be hidden when not in use to give a ‘full screen’ display of the Dashboard

• User-defined auto-refresh settings for all pages

• New componentized Planned Changes, allowing easy re-use of schedules and/or rulesets, driven by a new Planned

• New ‘FAST list’ planned change rule option, ensures only file changes you select as permitted, allows a user-defined list of approved file changes to be operated – like a personal FAST Cloud!

Operating at a forensic level within the IT infrastructure, Change Tracker™ works across all popular platforms such as:

• Windows, all versions including Server 2019, 2016 and Windows 10, XP, 2003/R2, Windows 7, Windows 8/8.1, 2008R2, 2012/R2 (Core and GUI)
• Linux, all versions, including Ubuntu, SUSE, CentOS, RedHat, Oracle, FreeBSD and Apple MAC OS
• Unix, all versions including Solaris, HPUX, AIX, Tandem Non-Stop
• VMWare, all versions including ESXi
• Database Systems, including Oracle, SQL Server, DB2, PostgreSQL, My SQL
• Network Devices and Appliances, all types and manufacturers, including routers, switches and firewalls, from Cisco, Nortel, Juniper, Fortinet and Checkpoint

Gain visibility into attacks on your environment

Basic security measures are no longer sufficient to protect your business against today’s rapidly evolving cyber threats; this reality is made glaringly evident by the constant stream of breaches reported in the news. Traditional perimeter security technologies such as firewalls and Intrusion Prevention Systems (IPS)—as well as endpoint security like anti-malware—do not provide the broad and deep visibility across your IT infrastructure needed to detect these threats. Evidence of attacks and incursions within your environment can be found in log records and machine data generated by your networked systems, security devices and applications, but how do you unlock these critical insights? Most businesses struggle with the continuous investment in technology and people required to maintain ongoing monitoring of their security posture. The ControlScan Managed SIEM service combines enterprise-class SIEM technology from the ControlScan Cyphon platform with our deep security expertise and service excellence. Comprehensive service collects, correlates, analyzes and stores log data from network infrastructure, servers and applications in order to identify and mitigate security incidents while facilitating compliance with requirements within PCI, HIPAA, GLBA, SOX and other frameworks. The secure, cloud-based Cyphon platform collects log data generated by devices such as firewalls, IPS solutions, servers, desktops and applications. Correlation logic is applied to the aggregated logs to identify potential security threats, and alerts are generated and sent in real time, on a 24x7x365 basis. ControlScan Security Analysts are on hand to support the assessment and investigation of critical alerts and to provide guidance on proper response.

Key features of the ControlScan Managed SIEM Service

• Log Collection for your entire IT infrastructure
• Event Correlation and Analysis leverages multi-sourced log data and advanced correlation rule sets to detect security incidents
• Prioritization and 24 x 7 Alerting
• 12 Months of Log Retention for compliance requirements, including PCI DSS requirement 10
• Reporting and Data Access available to you through ControlScan's web-based platform
• Advance Functionality including:
• File Integrity Monitoring (FIM)
• Custom real-time dashboards

A Unique Solution to Solving the Security Challenge.

As the leader in providing cloud-based, unified security and compliance solutions, ControlScan offers unique value through its Managed SIEM service.

Deploy with ControlScan and get benefits that include the following:

Security-as-a-Service – Avoid costly, up-front investments in hardware, software and technical expertise with ControlScan’s cloud-based services. You’ll be up and running quickly and effectively with an enterprise-class, scalable solution. A solution that gets better with time – Ongoing upgrades and enhancements to the Managed SIEM service ensure the addition of new capabilities for identifying evolving attack methods. At the same time, your ControlScan security team is continually creating and tuning correlation rules for your environment to ensure maximum visibility to true, critical alerts. A staff of security experts watching your back – Only the largest organizations can afford a staff of resources maintaining security and compliance day-in and day-out. ControlScan brings extensive knowledge and experience in both areas, validated by the range of IT Security, PCI and HIPAA certifications held by our team of experts. This knowledge continues to grow as threats become more advanced. A single solution for your biggest challenges – The ControlScan Managed SIEM service delivers functionality you need on three different fronts: 1) Security 2) Compliance 3) Operations. By collecting, aggregating, correlating and analyzing data from your environment, you gain visibility to your organization’s overall security posture, support for key controls in most compliance frameworks, and assurance of the health of your networked systems.

Corax’s rich data foundation is created through expert ingestion and analysis of third party datasets, including threat intelligence, internet performance data and loss data, and using proprietary Corax automated ‘outside in’ discovery tools that identify detailed characteristics of the technology and security environment of individual companies and their internet connections with other companies.

• Technology and Security data
• Loss data
• Real time Threat Intelligence & Vulnerability data
• Real time Business Interruption / Internet
• Commercial Information
• Custom analytics
• Clients able to modify our model to develop their own view of risk

AI-enabled probabilistic modelling. Prediction and expected costs of data theft and IT disruption Rich, granular, expert-created standardised dataset. Detailed technology, security and loss data on millions of companies Scalable technology platform. Continuous daily, automatic addition and update of thousands of companies in the database

Data, reports and modelled outputs on:

• Cyber risk of individual and groups of companies, including assessment and benchmarking of cyber hygiene and technology resilience; and prediction and expected costs of data theft and IT disruption.
• Scenarios relating to cyber events, security vulnerabilities, technologies and vendors.

Delivered via web access or API integration

Corax is the leading and largest source of cyber exposure data and predicted loss costs of breach and network outage events. Corax’s rich data foundation is created through expert selection, ingestion and analysis of third party datasets, including threat intelligence, internet performance data and loss data, and using proprietary automated discovery tools that identify detailed characteristics of the technology and security environment of individual companies and their interconnections with other companies. Modelled data is developed within a proprietary AI probabilistic engine to predict the expected cost of data compromise and IT disruption with unprecedented accuracy.

Introducing CORE Security

When it comes to securing your cloud, you need to peace of mind that security’s at the core of your hosted infrastructure. That’s why we’ve put together three ServerChoice CORE Security™ packages, with varying levels of protection, so you can get best-fit cyber security for your organisation.

CORE Base

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Unmanaged Quarterly
• System hardening
• Next-generation firewall
• Advanced DDoS mitigation: Standard (20 Gbps)

CORE Enterprise

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Unmanaged Monthly
• System hardening
• Next-generation firewall
• File integrity monitoring
• Advanced DDoS mitigation: Enhanced (250 Gbps)
• 24/7 SIEM services

CORE Platinum

• Two-factor authentication
• TrendMicro anti-virus & malware protection
• Vulnerability scanning: Managed Monthly
• System hardening
• Next-generation firewall
• File integrity monitoring
• Advanced DDoS mitigation
• Pro (Terabit+)
• 24/7 SIEM services
• Intrusion Prevention System (IPS)

Bolt-on CORE Security™ Services

In addition to the above security packages, we offer a range of additional security enhancements to deliver maximum protection from cyber threats:

• Data loss prevention (DLP)
• Web application firewalls (WAF)
• Penetration testing
• URL filtering (Virtual Desktops only)
• Email spam filtering and antivirus (Exchange only)
• Compliance consultancy

True cloud security must ensure users are authenticated, that the device used is not compromised, that the network used is safe, and yes, that the user behavior (Access, downloads, uploads, collaboration, reporting) is allowed. To ensure true cloud security, organizations must purchase, integrate, and operate multiple platforms - which is very expensive, very complicated, labor intensive, and extremely time consuming. SecureCloud platform tackles this problem by providing continuous, real time visibility, control and remediation, Coronet SecureCloud ensures that corporate data is used only by trusted users, using trusted devices, connecting through trusted networks to trusted cloud services.

Threat Protection

• Ensure Control over who has access to the cloud platforms, and where from
• Ensure GDPR, HIPPA, SOX, compliance, and detect PII, PHI, and EDR automatically
• Block compromised devices from accessing corporate data in the cloud resources
• Control what users can do, and who they can collaborate with
• Prevent malware spread through cloud usage (such as file sharing)
• Provide visibility into activity in the cloud, the devices used, and the data that was shared
• Detect and mitigate advanced cloud-to-cloud attacks

SecureCloud device authentication

With SecureCloud, an organization can not only enforce fine-grained access control to a cloud service, but also create and enforce a policy that prohibits access from unmanaged devices with no active Coronet agent running. SecureCloud uses federated user authentication processes, such as SAML, that put the SecureCloud service in the path of SaaS applications. Each authentication request is steered to the SecureCloud authentication proxy that performs pre-authentication risk assessment based on user, device and service security postures and makes context-based access decisions.

Location based defense

Many organizations require that sensitive information and services only be accessed on premises or in secure locations. SecureCloud includes sophisticated location resources management and turns raw geo-location data into geo-spatial intelligence, leveraged in access control, threat prevention and data control.

Threat prevention

Additionally, the administrator can mark a named location as trusted or risky (white and black list). For a conditional access policy, the trusted or risky locations are yet another filter options available for conditional access policy definition. Named locations are also important for the reduction of false positives during detection of impossible travel and atypical locations risk events. SecureCloud identifies, mitigates, and automatically remediates threats across cloud services. It monitors activity patterns in the cloud, determines the behavioral models and establishes baselines. Upon connection of a cloud service, all cloud activity is scored according to various predefined risk factors. SecureCloud inspects every user session and takes automatic remediation actions when something happens that is different from either the baseline or from the user’s regular activity. In this manner, SecureCloud continues evolving its models as it observes new and often unusual behavior without human intervention. These capabilities set SecureCloud apart from traditional approaches that require an unreasonable number of manual updates to ensure accurate threats detection.

CTM360 is a subscription service offering 24 x 7 x 365 Cyber Threat Management for detecting and responding to threats originating in cyberspace. A growth-stage startup headquartered in the Kingdom of Bahrain, CTM360 currently serves more than 28 of the Top 50 GCC Banks, as well as entities in Oil & Gas, Healthcare, Sovereign Wealth Funds, Aviation across 22 countries. CTM360 currently remains a leader in Cyberspace for Managed Threat Detection & Response, Digital Risk Management, Threat Intelligence, Corporate & VIP Brand Protection, Anti-Phishing, etc. CTM360 is offered as a service through an ecosystem built in the cloud and remains solely outside the perimeter of any organization.

CyberInt’s Argos Digital Risk Protection Platform is compliant with the world-leading standards in cyber intelligence and follows the entire intelligence lifecycle process (Direction, Collection, Analysis, Dissemination and Review). It utilizes both technology and human resources to monitor your organization’s digital footprint, identifying potential or existing threats threatening your organization’s perimeter or beyond. Argos™ gives you the insights necessary to identify, understand and mitigate attacks before they even penetrate your organization. For our purposes, we will focus on the Collection, Analysis and Dissemination stages. During the collection phase, Argos Threat Intelligence platform uses hundreds of web crawlers to scour the open web, deep web and darknet. The crawling is carried out on high profile sites in order to get the most updated and accurate intelligence. These crawlers collect indicators that are relevant to our customers. Utilizing avatars (developed and managed) by our analysts to access closed forums to collect highly relevant data. The collected data is correlated to a dedicated profile which is created for each customer and includes assets such as:

• Domains and URLs
• IPs Social media pages
• Executive names, e-mails and social media accounts
• Specific keywords related to the customer, such as: product names and proprietary terms

Argos, then takes all the collected data and stores it for advanced deep learning and machine learning processing. Benefits:

• Generate real-time incidents of targeted attacks, data leakage and stolen credentials compromising your organization
• Identify threat actors targeting your organization in real time and provide contextual data about them
• Access hundreds of sources – feeds, IRC, dark web, blogs, social media, forums, and paste sites – to collect targeted data
• Analyze results with actionable recommendations
• Utilize a 10,000-strong entity database of threat actors and tools for attribution and to maximize context
• Automate a proven intelligence process

Save time & money

Increase security by focusing on remediating  vulnerabilities that are a part of a validated attack path to a business process or critical asset

Key features:

• Creates actionable insights based on critical vulnerabilities that threaten your business process for immediate alerts and remediation with one click
• Continuous silent vulnerability scanning on all IP based devices on premise or in the cloud
• Automatically detects critical assets and finds how hackers could reach and threaten them, no human involvement required.
• Cronus is certified for Penetration Testing by CREST
• Help comply with GDPR –require regular pen testing, vulnerability management and greatly reduces the risk of breach to your sensitive data.

Continuous. Perform continuous scans all year round, valid for both vulnerability management and penetration testing to stay on top of your network’s security 24/7. See live map and get real-time alerts on current threats to your business processes. Global. Cybot can be deployed globally and showcase global Attack Path Scenarios ™ so you can see how a hacker can hop from a workstation in the UK to a router in Germany to a database in the US. This capability is unique both for penetration testing as well as for vulnerability management.  The various CyBot Pros will be managed by a single Enterprise dashboard. Business Process Focused. CyBot brings context to each asset it scans, checking how it could affect a business process. In this way, you can funnel all your vulnerabilities and first focus on those that are exploitable and that are a part of an attack path to a critical asset or business process. This greatly reduces the resources needed for patching and ensures business continuity.

Which CyBot is right for me?

CyBot is a next-generation vulnerability management tool as well as the world’s first Automated pen testing solution, that continuously showcases validated, global, multi-vector, Attack Path Scenarios ™ (APS), so you can focus your time and resources on those vulnerabilities that threaten your critical assets and business processes. CyBot has one core engine: CyBot Pro, plus two additional management consoles. One for Enterprises and one for MSSPs. CyBot Pro is the workhorse of the product suite. It is a patented autonomous machine-based penetration test which initially scans the networks, its assets, its vulnerabilities and then takes the next step to map out and validate all the routes a hacker could take to reach your critical assets and business processes. Much like the process a human penetration tester would follow, but continuously and at a much larger scale and scope. CyBot Enterprise manages several CyBot Pros. This is great for larger organizations with global networks who wish to gain insights on global Attack Path Scenarios ™ between their branches, each using a different CyBot machine. CyBot Enterprise will aggregate information from all CyBot Pros for in-depth global insights on cyber threats to your business processes. CyBot MSSP provides large managed security service providers with full control of their Enterprise customers, each with their various CyBot Enterprise and CyBot Pro accounts. Schedule their scans, get alerts to your SIEM and much more

Manage Your Attack Surface

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface. With its comprehensive global botnet, the CyCognito platform uniquely reveals unknown and unmanaged assets associated with your organization – including those in cloud, partner and subsidiary environments – that are critical to your cybersecurity risk management. In fact, CyCognito helps organizations identify 30 to 300% more assets than they knew existed prior to using the CyCognito platform.

Prioritize and Eliminate Attack Vectors

The CyCognito platform helps you eliminate critical attack vectors with a continuously updated and prioritized view of your attacker-exposed IT ecosystem. You and your security team can use the CyCognito platform to pinpoint critical risks just as attackers do. Organizations that still have to perform legacy external testing to meet customer agreements or compliance regulations use the CyCognito platform to augment and optimize those processes by focusing the legacy tests on the areas of greatest risk that the CyCognito platform has identified.

Monitor Subsidiary Risk

The CyCognito platform gives you immediate visibility of the security posture of your subsidiaries and organizations you are evaluating for merger or acquisition. It identifies their attack surfaces and the effectiveness of their security controls, without requiring any deployment or configuration.

Global Bot Network

CyCognito’s Global Bot Network uses attacker-like reconnaissance techniques to scan, discover and fingerprint billions of digital assets all over the world. No input or configuration needed.

Asset Mapping

• Web applications
• Keyword and code fragments
• Logos and icons
• Deployed software
• TLS configuration
• IP ranges

Multi-Vector Attack Simulator

Using CyCognito’s proprietary risk-detection methods, the attack simulator identifies risks per asset and discovers potential attack vectors. It doesn’t affect business operations and works without deployment, configuration or whitelisting.

SECURITY MODULES

Public Techniques:

• Vulnerability assessment

• Encryption analysis

Proprietary Techniques:

• Authentication testing

• Misconfiguration detection

• Network design analysis

• Data exposure detection

• Code injection risks

Protecting Your Organization from Shadow Risk

Explore the different ways CyCognito helps take your cybersecurity risk out of the dark.

• Completely External

Operates externally and continuously in the cloud, with no impact on business continuity.

• Configuration Free

No need for software deployment, integration or configuration. It just works immediately, out of the box.

• Runs Automatically

Works independently across your organization’s environment, without affecting operations.

Organizations need visibility to detect and respond to the external threats targeting them and mitigate those attacks before they can impact a business. Digital Threat Protection proactively monitors, identifies, intercepts and removes attacks on your organization and brand, neutralizing threats outside the wire before they ever get a chance to come in. Digital Threat Protection proactively detects, stops and deters external threats to your organization’s employees. Comprehensive Digital Footprint Risk Management and Defense Monitors the Domain Name System, 600+ mobile application stores and 1700+ social media platforms to find and take down unauthorized similar domains, apps, profiles, posts and search engine malvertising. Abuse boxes, referrer weblogs, and many other intelligence sources are regularly inspected to thwart additional threats. 24/7/365 Cyxtera Threat Advisory Center Our team of agents continually examine our vast repository of threat data sources for potential attacks, contact ISPs to remove malicious content from the web and document their work every step of the way in the Cyxtera Customer Portal. Machine Learning Powered by Human Intelligence Leverage machine learning to anticipate unreported phishing URL patterns, automate adjustments as attacker strategies evolve, and instantly blacklist phishing sites. Our round-the-clock agents then quickly get the sites hosting attacks taken down. Spearphishing and BEC Protection Eliminates spearphishing and business email compromise attacks by authenticating email senders and blocking unauthorized messages before they reach company employees, partners and end users. On-demand analysis of employee junk and phishing emails along with takedown of the phishing infrastructure that sends them. Customized Dashboard and APIs The Cyxtera Customer Portal provides a wealth of data and functionality to customize threat identification and reporting and compiles detailed intelligence about attack trends, victims and takedowns. APIs available to receive this information within your own incident response system.

Discover breaches as they unfold, not months later. Current breach discovery gap = 120 days.

Datiphy platform provides industry leading end-to-end data transaction analysis to detect breaches as they unfold. Datiphy automates the extraction and indexing of key data assets from billions of data transactions per day, allowing instant visibility and detailed forensics to the complete data life-cycle. Unlike traditional policy and perimeter based security tools that only provide point protection and lack context, Datiphy provides users with a unique DNA profile of each transaction directly from the data’s point of view.

Each asset within the data DNA profile is automatically indexed against all other transactions. The powerful indexing engine identifies relationships that provide the critical context of how sensitive data is living and being accessed within the enterprise.The Datiphy platform is the first true data-centric audit and protection tool.

Features

• Data DNA & Scientific Behavior. Every data transaction has a unique series of assets. Datiphy extracts these data assets for every transaction and indexes them in real time. Scientific relationships among the assets are built and their behavior base-lined. Because every transaction is being surveyed vs a sample, any change in behavior is immediately sensed and false alarms are eliminated.

• Deep Forensics to Avoid Disaster. Think of Datiphy as the data version of a DVR. Detailed forensics, indexed in real time, allow you to see your sensitive data in action as it flows in and out of the enterprise. Datiphy users can replay events to study the tactics and build policy against similar future attacks or alerts for further discovery.

• Cross-Silo Policy Management. Business processes constantly transpose data across multiple silos. This massive data generation and usage is rendering current methods of data security governance obsolete. Datiphy users build and manage data-centric security policies to coordinate controls across these data silos.

• Protect Your Brand Reputation. When breach details develop in the media, it is clear organizations struggle with knowing exactly what has been taken. Datiphy detects the breach as it unfolds and teams can react immediately. The damage is limited and executives will know exactly what has been compromised.

• Who is Hiding? Once a user is inside, the User ID disappears and the application server credentials are all that communicate with the database. This is a normal behavior that is often exploited by attackers. Datiphy’s patented user mapping technology will identify these users and map their actions from the initial HTTP request through the back-end database response.

• Threat Intelligence & Log Data Merged. The problem with log data is it is overwhelming and lacks relevance. The problem with threat intelligence is most people don’t know what to do with it. Datiphy bridges the gap, giving log data intelligent context and making threat intelligence actionable. Enterprises gain data-driven visibility into the critical information needed to help detect targeted, dynamic, and stealthy attack methods.

• See Relationships with Context. Many tools will provide a glimpse into your data assets, but they lack the complete story. With Datiphy not only will you see the relationships among data assets, but you will also have the complete context in which those assets interact.

• See Data Changes. Sometimes accidents happen. Because Datiphy records the details of every data transaction, you can go straight to the event to see what happened and take the appropriate steps for a complete and fast restore.

• Search Any Events Instantly. Because Datiphy indexes the elements of every data transaction as it occurs, events are easy to find and the forensics behind them are instantly available. Incident Response teams now have instant root cause forensics at their fingertips. Compliance Team audit tasks become fast and simple. Searching and reporting the who, what, when, where, and how for any event or data asset is a breeze.

• See Those Who Observe Data. The pool of read privileges are much larger than the pool of write. Datiphy records the trails of those that take a look at sensitive data, regardless of whether change or take it.

• Mean Time to Verification (MTTV). Too much alert overload and threats go uninvestigated. With Datiphy, responding to alerts with relevant detail in real- time enables teams to validate real threats quickly and conclusively.

 

• Mean Time to Response (MTTR). Datiphy will eliminate false positives that waste precious time. By focusing on just the facts, teams investigate faster and provide less time for attackers to cover their tracks.

 

• Mean Time to Resolution (MTTR 2). Discover compromises as they happen and see the relationships among all similar suspicious behavior. Stopping the attack is only part of the job; with Datiphy context, ensuring it cannot happen again finishes the job.

Let DefenseGRID experts keep watch on your behalf

• Threat Ready Active Compliance (TRAC) Team is staffed by security experts that will help monitor your network and alert you when they see a potential threat
• A structured and supported approach to on-boarding
• 24/7 network monitoring
• TRAC can make the difference between a security fire drill and a full system breach
• Frequent, hassle-free updates without additional cost, software downloads or hardware changes
• Pricing based on your asset size, not the amount of data ingested, so you can cover everything
• Speed and power without the high cost of data centers, hardware and hiring additional IT resource

Key Features

• Scalability that evolves with financial institution needs. Transforms complex and unstructured security event data from disparate systems into meaningful, actionable information

• Community intelligence. A community of financial institutions and cybersecurity experts. Leverage community knowledge for progressively smarter cybersecurity & cybercompliance practices. Learn what like-minded thinkers have to say about keeping financial institutions safe and sound. Access our Knowledge Center for best practices and DefenseStorm GRID updates.

• The DefenseStorm GRID: Co-Managed Threat-Ready Cybersecurity + Active Compliance. Your team and DefenseStorm’s TRAC (Threat Ready Active Compliance). Team use the DefenseStorm GRID together.Be as involved as you’d like in day-to-day activities. The TRAC Team carefully curates the threat feeds and triggers most relevant to banks and credit unions to meet compliance & security needs

• Configured for you. TRAC leverages the DefenseStorm GRID library to create cybersecurity triggers specific to your bank or credit union network and policies.

• See everything, prioritize what matters most. TRAC curates triggers to prioritize the most important indicators of compromise. Machine Learning and Rich Context help reduce the number of alerts and false positives while also increasing relevancy.

• The visibility and understanding you need. You see the same console and dashboards our TRAC Team uses, which facilitates co-managed coverage and efficiency.

• Cybersecurity & cybercompliance in one real time system of record. DefenseStorm GRID serves as your system of record for your cybersecurity and cybercompliance postures in real time, all the time. Task Schedules, workflows, audit trails and evidentiary proof reflect industry regulations as well as your own policies.

• Slash reporting time, even for audits and examinations. The DefenseStorm GRID continuously collects all compliance-related evidence and automatically generates corresponding reports to prove compliance to internal and external stakeholders as well as regulators.

• Guidance to align risk with cybersecurity maturity. The DefenseStorm GRID continuously guides you to align your cybersecurity risk with your Cybersecurity Maturity Level. Your Inherent Risk Profile and Maturity Levels will change as threats, vulnerabilities and operating environments change.

Digital Shadows SearchLight minimizes your digital risk by detecting data loss, securing your online brand, and reducing your attack surface. The service enables you to identify unwanted exposure, protect against external threats and thereby reduce digital risk.

SearchLight enables you to minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface:

• Data Loss Detection (Credentials, Sensitive Documents, Intellectual Property, Customer Data)
• Online Brand Security (Domain Infringement, Malicious Mobile Apps, Spoof Social Media Profiles, Counterfeits and Fraud)
• Attack Surface Reduction (Vulnerabilities, Certifcate Issues, Open Ports, Misconfigured Devices)

SearchLight comprises four main stages:

• Configure: Identify Key Assets
• Collect: Monitor for Exposure
• Contextualize: Add Threat Intelligence
• Mitigate: Take Action and Protect

This is an iterative process and organizations will continually loop back to further refine and add to their key assets. Crucially, at each stage, we act as an extension of your team to help configure SearchLight, collect from hard-to-reach sources, add analysis of threat intelligence, and provide recommended actions.

DXC Technology’s Security Platform helps organizations deliver an efficient security response, streamline remediation and clearly visualize security posture. It does so by extending the cloud-based IT service management capabilities of ServiceNow to security teams. This platform combines DXC’s cybersecurity operational processes and advanced workflows together with ServiceNow to automate manual processes and prioritize threats, incidents and vulnerabilities based on their potential impact on the business. Available as a fully managed service through DXC Intelligent Security Operations, the DXC Security Platform ensures continuous monitoring and management of incidents and vulnerabilities by DXC’s 24/7 global Security Operations Centers (SOCs). DXC’s global ServiceNow practice provides consulting services and project accelerators to ensure that organizations improve efficiency and lower costs as they elevate service management to the cloud. Key benefits:

• Correlation of information on incidents and vulnerabilities to the configuration management database (CMDB) to understand the business criticality, allowing incident responders to work on the most important issues first

• Workflows that follow National Institute of Standards and Technology best practices for computer/IT security incident handling (NIST SP 800-61r2)

• Automated post-incident review report that eliminates the need for manual post-mortem reports

• Automatic triggering of a patching process, configuration changes or other standard workflows, by specific types of security incidents and vulnerabilities

• At-a-glance dashboards that show executives and analysts the exact status of their overall security posture as well as enable drill-down to a specific incident

• Indicators of compromise automatically linked with security incidents and vulnerabilities, streamlining and automating the  manual process of threat investigation and incident triage

Extensive collaboration capabilities Built on proven ServiceNow applications for IT Service Management (ITSM), IT Operations Management (ITOM) and IT Business Management (ITBM), DXC’s Security Platform supports forms-based workflow application development and extensive collaboration integrated with workflows, including:

•     Chat capabilities
•     Content and knowledge management
•     Task management

Through increased automation and improved collaboration, security and IT teams can work more closely to hold the entire organization accountable for solving issues quickly. These streamlined processes can help expand the capacity of security analysts and response teams to respond more efficiently to attacks and incidents. As a result, the DXC Security Platform will help reduce overall risks enterprise-wide.

 

Comprehensive support services

DXC offers a complete array of managed security services for cloud, traditional data center, endpoint, identity and network  management. DXC’s Security Platform can be integrated with DXC’s services:

•     24x7 SOCs for continuous monitoring and management of incidents and vulnerabilities
•     Cyber assurance for account and security service management
•     Incident management team for response to user- and machine generated incidents
•     Managed SIEM
•     Managed vulnerability assessment
•     Global threat intelligence
•     Client ITSM environments, if needed (at additional cost for integration)
•     Service Desk, if needed (at additional cost)

 

Why DXC?

With 40 years of experience in information security, DXC is one of the world’s few companies that provide end-to-end services to monitor and safeguard systems — from strategic consulting and technical assessments to managed security services.

Key features:

Security Services Catalog and User Ticketing. Allows security teams to manage and respond to user-generated security incidents. Handles incidents raised by users over the telephone, email or the security catalog. Integrates with threat intelligence portal. Requests automation among IT, end users and security teams

Security Information and Event Management (SIEM) Integration. Allows security teams to test, execute and audit security response plans. Handles network- and non-network-related incidents. Integrates with threat intelligence portal. Requests automation among IT, end users and security team. Predefines workflows for common security incidents

Vulnerability Management. Manages vulnerability investigations and aligns remediation activities. Integrates with the National Vulnerability Database. Includes third-party integration with market-leading vulnerability identification solutions. Seamlessly integrates with incident response tasks, change requests and problem management. Predefines workflows for common security vulnerability types

Being able to identify all the types of issues and events, including custom code and SoD violations, ERPScan provides unparalleled vulnerability management capabilities. With the help of carefully designed machine learning features, it can analyze huge amounts of log data, which go beyond human capacity, to detect cyberattacks and anomalous user behavior. ERPScan Smart Cybersecurity Platform is equipped with a set of modules that encompasses all the main areas of enterprise security outlined in the Gartner PPDR and SAP Cybersecurity Framework. Each of the modules is designed to fit the specific needs of different roles. Moreover, the new interface of the platform makes them easier to be worked with and enhances the overall efficiency of security practices.

Detect    

• Collect all the logs generated in your SAP system
• Detect 0-day and 1-day attacks with the help of machine learning
• Analyze user behavior and detect anomalies

Assess    

• Understand your assets
• Schedule security checks
• Identify vulnerabilities, misconfigurations, customization issues, and SoD violations

Monitor    

• Check compliance
• Monitor all connections between systems with the Threat Map
• Review security posture with high-level role-tailored dashboards
• Get all the necessary security information with the help of the search engine

Prevent    

• Automate code correction
• Generate virtual patches on the fly
• Export 0-day signatures to IDS/IPS system

Respond    

• Track changes between scans
• Receive notifications
• Create incidents in external Incident and Task Management systems

Key benefits:

• Perform industry-specific checks
• Cover all areas of SAP security
• Report on the security posture to the management
• Save time and reduce the costs of compliance
• Simplify vulnerability management