Our services
Consulting, Concepts, Reviews and Analyses
We have many years of experience in providing consulting for complex security environments as well as in designing and analyzing them.
We do not only conduct regular risk analyses, but also recommend measures, develop architectures and vendor-independent IT security concepts, and evaluate existing concepts and policies on the following topics:
360-Degree Analysis
If you want to have your current security level evaluated in its entirety by external, independent experts, you have come to the right place. A 360-degree analysis is the ideal context for this. It includes a one-day workshop, followed by an analysis and documentation.
The 360-degree analysis aims to gather information on the existing applications, IT infrastructure, protective measures that have been taken and IT-security-relevant processes in an overall context to identify and evaluate potential attack vectors and vulnerabilities.
In line with common standards, the following topics, amongst others, will be covered:
- Protection of business-critical applications
- Network security
- Security in the production environment
- Security of endpoints like clients, servers, smartphones, printers, etc
- Protection from malware
- Secure IT operations (permission assignment, backup concept, vulnerability and patch management, security monitoring, administration concept/tiering, etc.
- Security in the cloud
- Security management (ISMS, policies, risk management, service provider management, etc.)
- Information protection
- Secure development
- Physical security
There is no rigid pattern for the 360-degree workshop. Our consultants are also happy to consider and discuss your current key topics and questions.
Following the workshop, we will prioritize the findings, and we will determine and document technical and organizational recommendations for possible measures.
On request, the results can also be used to carry out a detailed structured threat and risk analysis.
The results of the 360-degree analysis will show to security managers the possible fields of action according to priority.
Building Your Own SOC and Incident Response Team
Detecting security incidents early and reacting appropriately is becoming increasingly important. Having the right sensors and detection technologies for this is only the first step. It also requires competent staff, defined processes and additional technical infrastructure to verify alarms and handle incidents.
We assist you with setting up your own security operations center or choosing a suitable service provider.
There are plenty of offers for MDR or Managed SOC services on the market. For choosing the one that suits your company best, it is crucial to ask the right questions. Offers differ in terms of the architectures and operating models used and must be suitable for a client’s situation and infrastructure.
Together with you, we will create the right catalog of requirements and questionnaires to evaluate the offers and help to avoid expensive mistakes.
But not everything can be outsourced to external service providers. We explain which roles and processes for incident response need to be set up internally in order to be able to defend yourself effectively in case of an attack. We also assist with establishing and training an internal incident response team.
Protection against Targeted Attacks, APTs and Modern Malware
Today, enterprises are constantly exposed to APTs or targeted attacks in which professional and individual malware is used.
As a possible solution, the market offers both different technical approaches for detection and response and new prevention mechanisms.
If you want to find out how well your company is protected against today’s malware and identify the most useful measures and techniques to reach the level of protection you require, we can help you by creating a malware protection analysis or concept.
In an initial workshop, we will first determine the current situation at your company in terms of malware protection. This workshop will also provide you with an overview of the current threat situation and the methods available today to detect and block malware.
The information gathered will be used in an effectiveness matrix, derived in a structured way, to evaluate both the current technical situation and the malware protection policies that are already implemented.
We will then use this as a basis to develop a suggestion for malware protection that is both comprehensible and economically feasible
Moreover, we advise you on the possible implementation of protective technologies.
Security for the Cloud and from the Cloud, SASE/SSE, CASB, etc.
Using the cloud plays an increasingly important role for Germany as well.
New threats and specific security controls are relevant in the cloud, and they require detailed understanding of the security aspects relevant in the respective cloud environment.
Security controls like mail security gateways or web proxies are also increasingly often used as cloud services and are meanwhile getting marketed as SASE or SSE solution by almost every large vendor.
We assist you with creating concepts and choosing the most suitable solution. Furthermore, we offer security analyses and trainings on the security in both the Azure and AWS clouds as well as for Office 365.
Vulnerability and Risk Management
Vulnerabilities provide doors for hackers and malware to enter a system or network. They mostly result from a bad configuration or errors in operating systems, network services or applications.
In practice, it is often necessary to weigh the risk of a possible impact due to a vulnerability against the risk of a possible impact due to an improperly performed remediation. Just blindly installing service packs or patches must be replaced with remedying the vulnerabilities in a deliberate and targeted way. This is realized by systematically recording the actually existing vulnerabilities and evaluating them while taking the actual infrastructure, applications and business process into account.
Vulnerability management is a process supported by suitable tools that gathers, processes, evaluates and distributes information about vulnerabilities and controls their remediation.
We will assist you with creating a concept and selecting a technology that is appropriate for your company. If requested, we will also implement this technology for you.
Zero Trust
Zero trust paradigms and architectures say goodbye to the traditional implicit trust put in a seemingly secure internal network, in secure company devices or internal user accounts. Instead of regarding access from the internal network as secure, zero trust means that both the context and the risk of access as well as the security status of the source are considered and the behavior at the time of access is observed, which allows a prompt intervention in case of anomalies.
Zero trust therefore is no product that can simply be purchased but a range of ideas that should be taken into account in the further development of IT structures.
We gladly consult you on what this term is all about and how you can better secure your company IT in accordance with zero trust.
Traceability and Control of Administrative Access
Administrators often have unrestricted access to a wide range of company data. They can access, modify, delete or send data, which may result in uncontrolled data leakage.
The market has been providing technical solution ensuring the traceability and control of administrative access for several years now.
We assist you in both creating a concept and evaluating and implementing it. Moreover, we will be happy to provide you with the relevant products.
EDR and XDR
In the age of targeted attacks and APTs, the technologies available for the protection of endpoints are in a constant state of flux.
Endpoint and extended detection & response (EDR, XDR) aim at detecting compromised systems and supporting incident response.
EDR solutions are installed on the endpoint and monitor the behavior of all processes. What is important is not the users’ behavior but the technical processes like access to files and the registry, communication, starting of processes, manipulation of the storage of processes and much more.
All these operations are considered in an overall context, often also using modern AI techniques, in order to detect a hacking attack or malware.
When an EDR solution is managed in the vendor’s cloud and when additional security products are integrated in the same management besides the EDR agent and are being analyzed together, this is typically called extended detection & response (XDR).
Often, vendors also offer a managed service for this, calling the whole package managed detection & response (MDR).
We know all the details about these modern approaches and products, as well as their actual effectiveness and their limits. We are happy to assist you in analyzing, designing and implementing suitable protective measures.
IoT and Industry 4.0
An increasing number of things in our daily life, in a company buildings or in production are getting networked and communicate via the Internet.
For our customers, we assess the security of these devices and their related apps as well as the security of cloud services.
We will also gladly assist you in implementing IT security in automation (IEC 62443).
Security of Smartphones, Tablets and Apps
We are happy to assist you in the following areas:
- Security assessment of mobile apps
- Development of an individual threat and risk analysis for the use of mobile devices in your company
- Demonstration of attacks on smartphones and other measures to raise awareness
- Requirements analysis and design of appropriate measures
- Development of policies, procedures, minimum requirements and concepts
- Comparison and selection of MDM solutions, sandbox systems or solutions for document access and printing on smartphones / tablets
- Development of overall concepts ranging from network access and WLAN to device management to certificate infrastructure and required apps.
Protection of Web Applications, Portals and Web Services
Not only do flaws in application security threaten the application, but they might often also affect the back-end systems involved or the entire internal IT. For this reason, the protection of applications, portals and web services is essential to the IT infrastructures of most modern companies.
We will gladly support you in designing, selecting and implementing an appropriate solution.
Thanks to our long-standing experience in the field of audits and penetration tests, we are able to comprehensively examine your web applications, portals and web services for potential vulnerabilities.
This way we ensure that you find your vulnerabilities and close the gaps before an attacker can find and exploit them.
ISMS Consulting and Analysis
ISO 27001, Risk Management, Processes, Policies, Guidelines
Today, most information is stored and processed using information technology. In addition, business processes in companies are usually highly dependent on well-working IT systems. Identifying and assessing the risks resulting from the use of information technology and attaining the desired level of protection requires professional information security management. It must be supported by executive management, lived as a process throughout the company and integrated into the corporate security system.
Overview of the services we offer in information security and risk management:
- Planning and implementation of the ISMS
- ISMS evaluation and analysis
- Preparation for certification in accordance with ISO/IEC 27001
- Risk management
- Trainings and awareness programs
Office 365 Security
We consult you about the implementation and secure operation of Office 365.
Active Directory Security
For most companies, Active Directory is one of the most critical components for security. Its architecture, the AD tiering or the initial setup of the suitable tiers as well as the assessment of the secure configuration are important aspects with which we regularly assist our customers.
Competent IT security consulting, pentests, incident response and training
cirosec GmbH
Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany