Our Solutions

In order to secure the assets for any organization, it is imperative to develop a strategy that encompasses all security requirements for the organizations.

Profession Security Servcies (PSS)

Corporate Security Policies

Developing a proper Security Policy for your entity is the first step in the development of a comprehensive security strategy. This policy would deal with all three parameters that are required for enabling e-security including the people, the products and the processes. IT security policies have to address electronic business application security, enterprise security & business continuity, remote access & Internet Security, and infrastructure security management.

Depending on the requirements of the organization, there are requirements of many different information security policies. Each information security policy will describe in detail the policies for a specific domain and if required, define the procedures for implementing those policies. Each defined policy could have the following subsections: policy number, name of the policy, description, audience, owner and any other related policy number. The information security policies can be based on the various domains as defined by ISO27001 or on PCI-DSS. However, any additional domains can also be incorporated, if required. Some common domains that have its own policies in a corporate environment are.

   • Physical Security
   • Logical Security
   • Development
   • Access Control
   • Encryption
   • Communications
   • Escalation Procedures
   • Audit
   • Business Continuity

Information Security Risk Assessment

Based on the Goals set out in the Corporate Security Policy, a Gap Analysis will be carried out in accordance with ISO 27001 security standard or something similar such as PCI-DSS. The ISO27001 defines controlled based on the following ten sections.

   • Security Policy
   • Security Organization
   • Asset Classification and Control
   • Personnel Security
   • Physical Environmental Security
   • Communications & Operations Management
   • Access Control
   • Systems Development & Maintenance
   • Incident Response
   • Business Continuity Management
   • Compliance

Based on the above mentioned Risk Assessment, a Security Framework Document would be developed. The Security Policy Framework would set the stage for the actual domains of Info Sec to be detailed. This Framework would describe the following:

   • The Scope of the Policy
   • The Classification System to be Used
   • Roles & Responsibilities
   • How the Policy needs to be Implemented
   • Position Papers for each Info Sec Domain

Vulnerability Management

Nearly 20 new security flaws, known as vulnerabilities, are discovered every day. IntelFront vulnerability Management and scanning uses a variety of tools and techniques to examine your network for these security holes and misconfigurations. Get peace of mind through frequent security testing.

Regular vulnerability scanning is a critical component of all successful information security programs and is a required component for all merchants accepting credit card payments. These scans also help to proactively find changes or weaknesses in your ever-changing network environment.

Services

Professional Security Services

Our consulting service incorporates PCI, governance, risk and compliancy, and includes penetration testing, vulnerability and risk assessments.

Managed Security Services

Includes analysis, configuration, setup, alerts and 24x7 systems management of a number of IT security vendor solutions.

Choosing the right product is only part of the answer. Ensuring that the technology is installed and properly configured will ensure that the solutions is operating optimally to provide organizations with the best protection. Threat intelligence and event Correlation are key differentiators.

As a Managed Security Solution Provider collecting large data sets across our client base and advanced analytics position IntelFront to provide more proactive threat intelligence.

Training

Information security training for vendor products and certifications.

Solutions Integration Services

Includes architectural reviews, installation and support of best-of-breed IT security solutions.

World-class security products that meet clients' varying needs with experts continually evaluating technology options to bring organizations the best-fit solutions.

Technology Solutions will include:

• Authentication
• BYOD
• Networking
• Anti-virus
• Firewall
• IPS - Intrusion Prevention System
• UTM - Unified Threat Management
• VPN - Virtual Private Network
• NAC - Network Access Control
• SIEM - Security Information and Event Manager
• End Point Security
• Wireless Security
• Vulnerability Management

Adressing new use models.

Addressing new technology use models. Smartphones, tablets, and mobile devices are changing the ways employees use technology.

These trends, coupled with bring-your-own-device (BYOD) initiatives, will force organizations to implement new, necessary security control processes and technology. In most cases, IT departments can no longer say no to these initiatives. The directive from senior leadership is “make it work.”

Managed Security Services Provider

Corporate Security Policies

Developing a proper Security Policy for your entity is the first step in the development of a comprehensive security strategy. This policy would deal with all three parameters that are required for enabling e-security including the people, the products and the processes. IT security policies have to address electronic business application security, enterprise security & business continuity, remote access & Internet Security, and infrastructure security management.

Depending on the requirements of the organization, there are requirements of many different information security policies. Each information security policy will describe in detail the policies for a specific domain and if required, define the procedures for implementing those policies. Each defined policy could have the following subsections: policy number, name of the policy, description, audience, owner and any other related policy number. The information security policies can be based on the various domains as defined by ISO27001 or on PCI-DSS. However, any additional domains can also be incorporated, if required. Some common domains that have its own policies in a corporate environment are

   • Physical Security
   • Logical Security
   • Development
   • Access Control
   • Encryption
   • Communications
   • Escalation Procedures
   • Audit
   • Business Continuity

Solutions Integration Services

Building & Enhancing Secure Infrastructure

Architecture development is essential for secure and stable operational IT environment. With the emphasis on IT assets in most organizations today, proper design and development of secure infrastructure becomes a necessity. Our consultants enable the development of comprehensive design and implementation for various technologies used for security enhancement.

Secure Architecture Review

For any security team, it is essential to understand the technology and the management of the systems security to be newly introduced or in place. IntelFront provides services to review system architecture for projects or exsisting infrastructure recomending applicable controls specific to your environment.

Firewall

The firewall is the principal tool for keeping unwanted intruders out of a specific network. A firewall usually sits between a trusted network, such as the Corporate LAN, and untrusted network, such as the Internet. IntelFront will work to ensure the role of the firewall in restricting the traffic going into the trusted network while only allowing authorized traffic to go out to the untrusted network is properly designed and configured. This can also be designed to protect more secure areas of the Intranet from the less secure areas. In addition, in today’s day of business to business communication, it can also be used at the perimeter to protect the Corporate Infrastructure from traffic originating from business partners.

IPS

Intrusion Detection & Prevention is essential for Monitoring of the Corporate Infrastructure. After the completion of the design and then implementation of the security solution, IntelFront will verify whether the solution your security requiremetns. Intrusion Detection is the technique to continuously monitor all the traffic coming into a specific network and/or the hosts systems to detect any malicious or harmful traffic. Upon detection, the intrusion detection system will generate an alert for the relevant security administrator. In addition, the IDS can also take specific action such as blocking the source of the harmful traffic.

Virtual Private Networks

A Virtual Private Network (VPN) is a private tunnel in the public network for connectivity between various corporate entities i.e. having corporate or private data passing through the Internet via a secure pipe. This is in comparison with the earlier model where point to point connectivity was used for corporate connectivity and connection to the public network was only allowed for Internet related activities.

VPNs are playing a vital role in today’s connected infrastructure. They have led to significant cost savings and provide anytime anywhere connectivity for mobile users. However, security is one of the biggest concerns for such connectivity as the traffic passing through the VPN can contain critical corporate data such as payrolls or financial transactions. IntelFront will work to ensure coporate VPN conenctivity meets best securiy practices.

Security Event Management

The number of events from different security devices that need to be monitored and managed by a limited number of individuals in any operational environment has multiplied exponentially. These include syslogs from firewalls, alerts from IDS, logs from critical systems and networking equipment, all need to be monitored, especially during a security incident. Security Event Management tools enable normalization and correlation of all these events, which implies that a single console is used to monitor all these devices. This leads to less operational overhead and less false positives.

System Hardening

To ensure comprehensive end to end security, IntelFront helps secure Operating Systems running critical services that need to be properly hardened. This is done by applying the latest patches, turning off services that are not required and using products and best practices to ensure integrity of the data on the system. In addition, technologies such as SSH and SSL can be utilized for further enhancing the security of the systems.

End-User Training

Information Security Awareness Program

“A recent study by the Computing Technology Industry Association (CompTIA) cited human error as the most common cause of information security breaches, with some 80 percent of respondents believing this human error was caused by a lack of security knowledge, training, or failure to follow security procedures.” The goal of this training is to inform personnel of their role regarding security in their everyday work.