Based upon its long-standing cooperation with partners and customers, CONET has a profound strategic knowledge, technical know-how and process expertise to find vulnerabilities, identify suitable security tools and protective measures, thus preventing and repelling hazards and cyber attacks effectively.
- IT Security Consulting / Governance, Risk & Compliance (more)
- IT Security Analyses, Penetration Testing, Vulnerability Scans (more)
- Unified Threat Management, Internet Security, Network Security (more)
- Identity & Access Management, Multi-factor Authentication (more)
- Encryption, Cryptography (more)
- Endpoint Security Management & Mobile Security (more)
- Patch Management & Provisioning (more)
- Monitoring & Reporting, Intrusion Detection, Threat Detection (more)
- Security Information and Event Management (SIEM) (more)
- Archiving / Backup, Restoring / Disaster Recovery (more)
- Physical Security (more)
- Security Intelligence, Security as a Service, Managed Security Services (more)
- Cyber Defense in Public Security and Defense (more)
- Cyber Security Trainings, Awareness & Simulation (more)
If nothing works properly without IT anymore, then nothing will work if this IT is being sabotaged, damaged or misused – do not let it come to this!
The traditional methods of IT security often fall short considering new attack vectors and patterns with regard to the digital transformation at the workplace of the future, within Enterprise 4.0 and the Internet of Things (IoT).
Cyber security extends the classic IT security to the entire cyber space: It is no longer enough to protect the actual information and communication technology (ITK) or a server, an application or a network individually. The entire information room and all networks of the real and the virtual world which provide the exchange and the processing of data and information need to be secured – from the respective and sometimes critical infrastructures via all devices in use, whether smartphone or intelligent refrigerator up until the interface human being.
As to enable cyber security to guarantee an effective protection and suitable resilience towards attacks, it needs to become a core element of all business processes and organizational structures. Security considerations should not be included into new IT solutions subsequently but must be taken into account early on in the conception phase for new architectures and applications according to a „business-driven security“. A comprehensive cyber security strategy and an integrated IT security architecture are needed which follow determined IT security guidelines and best practices.
Questions, methods and technology of IT security are an integral element of all IT solutions and services in process, technology and product consulting by CONET following a „security by design“ approach.
CONET aligns its IT security solutions according to the relevant legal and regulatory conditions regarding governance, risk and compliance. This includes:
- The basic principles of the BSI like the IT-Grundschutz (IT baseline protection) and its comprehensive guidelines for a good security practice, like e. g. common criteria (CC) or technical guidelines (TR)
- The specifications of the IT security law (IT-SIG) as well as the security catalogue of the Bundesnetzagentur especially for critical infrastructures (KRITIS) like for communication, energy and water providers
- Regulations and certification guidelines of ISO 27xxx
- GRC practices, guidelines and frameworks like those of ISACA, (ISC)2, NIST as well as in the project management and the operation of ITIL or PRINCE 2
Finally, everything depends on succeeding in the tightrope walk between an uncompromising but complex and rigid IT security and a suitably practical cyber security. IT security shall ensure a secure business, but it should not demand extra expenditures while at the same time impeding business.
With CONET you can sit back and concentrate on your core business – while we make sure that your IT stays safe and sound.
Why Cyber Security? New Scenarios for Cyber Threats, Cyber Hazards and Cyber Attacks
As we know from crime prevention criminals and protectors are often racing and competing against each other. New security gaps and weaknesses are being detected, used and fixed or eliminated.
As soon as leading software and system providers publish new security updates, malicious networks put their efforts in reconstructing the eliminated weaknesses by reverse engineering or by special applications to attack all those who have neglected to update their systems immediately. A few years ago this process still took weeks or days. Nowadays, it takes merely seconds until the first attacks directed at still open security gaps are launched.
Long since the attack on information infrastructures, the misuse of botnets, the data theft or the extortion with an externally controlled data encryption by malware and ransomware or the threat of such cyber attacks have grown into a business model of their own, generally referred to as cyber crime. Experts like the German Federal Institute for Security (Bundesamt für Sicherheit in der Informationstechnik (BSI)) estimate that worldwide more than 400.000 new viruses, worms and trojans are developed every day. The number of known malware variants as estimated by the BSI has amounted to more than 560 million last August. The estimated ransom sums per year being currently extorted worldwide amount to circa five billion dollars.
Until now, most phishing and virus mails, which are addressed predominantly randomly to a broad mass of users, can be recognized due to faulty orthography or inferior quality of graphic elements. However, more and more frequently they appear almost authentical and cannot be distinguished properly from “real” e-mails and authentic social media accounts. Spying in social networks and in enterprise communications in the sense of a sophisticated social engineering makes it possible. Sometimes the criminals even succeed in hacking and capering the original e-mail and social media accounts to send their phishing and malware-infected mails directly from there.
At this point, the frontiers between private and business risks become blurred considering the increasing mobility in the professional world, of for instance solutions from the consumer sector will be adopted unreflectedly into the business world or employees may use their own devices according to a bring your own device policy officially or use them as a parallel “shadow IT” privately and professionally without adequate protection: are the employees’ web accounts or smartphones compromised by an identity fraud, in most cases all enterprise gateways are wide open.
This risk will aggravate if the issue “security” has been anchored in the people‘s heads for stationary IT systems, but hardly anyone thinks of suitable protection of mobile devices like smartphones, tablets or in other internet-connected devices like e. g. refrigerators or toys.
IT Security Consulting / Governance, Risk & Compliance
Nowadays, preventive measures are no longer enough to achieve a comprehensive protection because the attack patterns and tools as well as IT systems change far too rapidly, so that attacks or infiltrations of private systems quite often are not detected at all or – indeed – too late. A solid and strategically integrated IT security architecture is needed uniting prevention, detection and reaction. Otherwise, the security approach will remain a mere patchwork and no comprehensive protection can be achieved.
Also, the internal organization must be oriented towards theses security requirements. Data protection officers and IT security officers are long-established roles in the enterprises. Chief security officer (CSO) or chief information security officer (CISO) and the central cyber security operation center (CSOC) and the respective cyber emergency response teams (CERT) complete the organizational structures especially in large enterprises.
Measures and solutions for governance, risk and compliance support the different parties and the enterprise in their goal to focus on and enforce both the entrepreneurial and legal requirements regarding risk management, data security, data protection and corporate actions.
IT Security Analyses, Penetration Testing, Vulnerability Scans
Without reliable statements about the status quo of your own security infrastructures, security measures and possible venues of attack, neither a reliable risk management nor the identification of targeted protection and countermeasures can exist.
Simulation and analysis software are the basis to formulate individual security goals and to detect strengths and weaknesses of your own information infrastructures and processes with the help of penetration tests, vulnerability scans and checks and attack simulations within a security assessment.
This should not only be done once as comprehensive cyber security is not a state but a process. Therefore, regular analysis is indispensable in order to evaluate the success of the initiated security measures and to detect and evaluate possible new threat scenarios.
Unified Threat Management, Internet Security, Network Security
Firewalls for the outward perimeter security and the respective measures like next generation firewalls, reverse proxy and demilitarized zones (DMZ) form the security basis towards the „free“ internet. The key aspects in this concept are virus scanners, antivirus programs, anti-spam mechanisms with whitelisting and blacklisting features for permitted and illegal adresses and content plus a malware detection that detects, blocks, isolates and disarms trojans, password scanners and other software trying to take advantage of security holes.
To expect a 100% security with the help of these measures, however, is an illusion. It is nigh impossible to secure all systems and applications equally well on the highest level due to the available resources, the different usage and the many different requirements to integrity, availability and confidentiality, all of which are in a conflict with each other.
Through external personnel or external transfer media like USB sticks which in certain processes have to be included, possible attacking points can never be completely eliminated. Similarly, with the opportunities of remote servicing which on the one hand provide increased efficiency, minimized response times and a higher availability of the systems, but on the other hand welcome open doors to cyber attackers.
Considering this and other inevitable IT security risks, it must therefore be the central task to assess your own infrastructure in a comprehensive IT security strategy according to criticality and to design a secure network. This should include segmented security domains according to a separation of duties (SoD), thus preventing an attack directed at one individual, not totally protected system from having disastrous effects on the whole network.
Identity & Access Management, Multi-factor Authentication
The basis to protect your own networks and information resources against unauthorized accesses is a stabile identity and access management (IAM). Whereas basic roles and their rights are defined and administrated in the identity management, the access management manages the granting and the administration of individual access rights and privileges to certain parts of the physical or IT-based infrastructure.
The integrated IAM’s goal should always be to maintain the balance between high security standards, the highest comfort possible and therefore lead to a better user acceptance. As soon as the users find the offered secure access and usage ways too complex or too complicated, they will find themselves simplified ways and working methods which in turn will invalidate the existing security measures.
A simple and fitting example are passwords in this context: Naturally, a long password with enforced upper and lower case spelling and special characters are quite safe – but if the user cannot remember these, he will use easy to guess patterns or will write down the password on slips of paper or even in his smartphone or will cause enormous effort at the central IT service with his frequent requests to reset his password.
In order to alleviate this password dilemma and to achieve a higher security level simultaneously, extended authentication methods and authenticator tools are more often employed using generated codes from security tokens, smartcards or e. g. biometrical identification like fingerprints or retinal scans for access procedures instead of a password.
Basically, any data transfer and information stream should be effected nowadays by end-to-end encryption so that in case of possible data leaks, the tapping or spying of information with physical or electronic means to make the exploitation of the illegally acquired information more difficult or even impossible.
All this concerns the data stored on portable devices as well as the internal information streams and the entire electronic communication. Especially the information used for authorization e. g. on smartcards must be protected in an especially complex way because a compromise here means in the worst case a crashed gateway into the enterprise networks.
Endpoint Security Management & Mobile Security
In the course of digital transformation our business world and living environment not only becomes more and more interconnected but also more and more mobile. The digital workplace of the future is not merely a desk in an office. Employees expect to be able to work en route. For the company this means significant opportunities for an increased efficiency and accelerated processes through mobile work.
Therefore, the number of devices which could be used for work will increase rapidly: desktop PC, notebooks, smartphones and apart from this storage media like USB sticks and external hard disks. All these possible contact points, interfaces and storage places must be administrated and be protected by a comprehensive endpoint security management. Especially, due to the fact that employees use their mobile devices more and more parallel both for work and private matter, a clear separation of the business units and applications with the help of segmentation solutions is indispensable, thus helping to protect business data and applications from security gaps in unprotected private apps or compromised private user data.
Within the frame of enterprise mobility management (EMM) the mobile application management (MAM) concerns itself with all aspects of authentication, provision, administration, security and monitoring of mobile applications. The mobile device management (MDM) controls the administration of all mobile devices in use. Setting up, updating, security measures, monitoring and access control are central tasks. The mobile content management (MCM) finally support the provision of content on the particular mobile device. It determines which data can be displayed and which actions are permitted.
Patch Management & Provisioning
Sometimes, commonplace scenarios give rise to high security risks. The fact that too late rolled-out updates like patches or upgrades or those not rolled-out at all enable the exploits of these security gaps, e. g. via zero-day-exploits, is quite obvious. However, quite often several months pass before security-critical patches are being rolled-out because in complex IT infrastructures it is necessary to check properly whether the patch is indeed compatible to all components, in-house developments and individual configurations and will not unintentionally shut down important processes.
Supporting systems for the patch management, upgrade management and release management as well as an automated provisioning help you to keep a good overview and to distribute the current software versions faster and more reliably thus closing down critical security gaps.
Monitoring & Reporting, Intrusion Detection, Threat Detection
The detection of conspicuous behaviour within the in-house systems is a crucial point of today’s cyber security. However, most threats will remain undetected. Attacks are more and more professionally prepared, highly elaborated and designed as advanced persistent threats and multi-staged IT security incidents for long-term use and damage. Over weeks and sometimes months, attackers move undetectedly about the in-house network, withdrawing continually information or waiting for the opportune moment to interfere.
These threats can be identified. With an automated 24/7-observation of the network behaviour and the data communication by using an enterprise threat detection system (ETD) as well as trained experts suspicious developments or actions can already be detected in an early stage. The respective sensor and log files can be transmitted automatically to the central cyber security operation center to enable the security information and event management (SIEM) to intervene as soon as possible and to take countermeasures accordingly to the criticality level of the incident.
Security Information and Event Management (SIEM)
Enormous data amounts have to be considered with regard to the observation and investigation of the network traffic and information flows. Therefore, in-memory technologies are suited best to serve as a basis to evaluate and assess these huge data amounts effectively and in real time as well as to derive reliable forecasts. If such tools and methods are intelligently interconnected with a security information and event management (SIEM), the daily defense will be significantly more efficient and reliable. SIEM solutions work similar to a ticket management system in a central IT service thus offering an overview about all incidents, containing guidelines and workflows concerning the reaction to and treating of IT security incidents while at the same time documenting all security-relevant processes. Digital forensic investigations of such incidents form the basis to be equipped better for future similar cyber attacks.
Archiving / Backup, Restoring / Disaster Recovery
Archiving, backup and restoring software and mechanisms for data loss prevention and data leak prevention which sound the alarm in case of data losses or minimize the negative effects, are the main pillars of every IT security strategy and a reliable business continuity management aiming at upholding a seamless business and work capability.
For a balance between expenditure, storage costs and security demands, the recovery time objective (RTO) and recovery point objective (RPO) must be balanced against each other according to the business requirements. The RTO defines after which time lapse the systems and data must be restored after an incident or a data loss, whereas the RPO determines how much time there is between two backups, this is to say, how much newly altered data might be lost in case of an emergency. According to the process criticality and the revision frequency of information, many different configuration options for the different business and application fields are necessary and indispensable.
Dedicated backup and restoring mechanisms are an effective security strategy, also with regard to possible extortion attempts with ransomware. If the data in question has been saved with regular backups, they can easily be restored to the system with acceptable efforts, so that extortion threats remain ineffective.
Physical security plays an important role both for the operators of critical infrastructures (KRITIS) and also in industrial facilities, office buildings or data centers, e. g. the protection of buildings and facilities with access control or video surveillance.
However, physical security partly also concerns the hardening of devices, for example, if hardware interventions or additional modules close potential risks or technical gaps, e. g. by preventing smartphones or IP-based workplace telephones from being externally manipulated that in-built microphones or cameras can be remote-controlled for surveillance.
Security Intelligence, Security as a Service, Managed Security Services
Faulty configurations often are door-openers for external attacks. Complex and historically grown SAP architectures e. g. might have more than 1500 configuration parameters. About 20 percent thereof are security-relevant as they control the inter-system communication or the right to create new users and roles. Also for operators of critical infrastructures (KRITIS) are partly extremely sophisticated and especially developed professional IT systems with a long lifecycle in use, which cannot be secured by a fast import of updates or an exchange of components in risk.
Without experienced experts for the information security management (ISMS) it is practically impossible to minimize the number of potentially hazardous misconfigurations efficiently, because the administration of the protective mechanisms in use and the IT security products within an integrated IT security architecture is a massive challenge: individual methods and tools offer numerous extremely sophisticated possibilities. It requires a high degree of expert knowledge, experience and overview to identify and coordinate the suitable ones as well as to correctly and seamlessly configure them and utilize them ideally in an automated way and to distribute them partly via self-service portals.
Cyber Defense in Public Security and Defense
Within the defense sector, the term cyber defense has been established as a keyword for the protection of federal or for the public life critical infrastructures against misuse and attacks. The so-called cyber information room (CIR) describes a new dimension of an acting, thus in the meantime standing as an equal beside the traditional defense sectors of air, land and sea, in which a consistent leadership and capacity to act needs to be ensured. You can find further information about current issues and measures about cyber defense in our solution chapter for the armed forces.
Cyber Security Trainings, Awareness & Simulation
With all the potential of cyber criminals one should not neglect that according to a current IBM survey less than half of all security threats come from external sources. More than a third of them originate from malicious members of your own organization, another fourth are due to merely thoughtless handling errors. Therefore, an increased awareness, a regular sensitization for and education about security risks among the users of information technology from the workplace to the private device in a comprehensive cyber security strategy is indispensable.
Apart from in enterprises, existing architectures are tested thoroughly also in cyber trainings, cyber laboratories and cyber academies with threat simulations. Employees are being trained and suitable organization structures and processes are being developed to avoid risks before they mutate to hazards. Countermeasures are being taken effectively and efficiently before damages occur and in the event of incurred damage securing and restoring measures can be taken to minimize the negative effects.