Our Solutions
Profession Security Servcies (PSS)
Corporate Security Policies
Depending on the requirements of the organization, there are requirements of many different information security policies. Each information security policy will describe in detail the policies for a specific domain and if required, define the procedures for implementing those policies. Each defined policy could have the following subsections: policy number, name of the policy, description, audience, owner and any other related policy number. The information security policies can be based on the various domains as defined by ISO27001 or on PCI-DSS. However, any additional domains can also be incorporated, if required. Some common domains that have its own policies in a corporate environment are.
• Physical Security
• Logical Security
• Development
• Access Control
• Encryption
• Communications
• Escalation Procedures
• Audit
• Business Continuity
Information Security Risk Assessment
Based on the Goals set out in the Corporate Security Policy, a Gap Analysis will be carried out in accordance with ISO 27001 security standard or something similar such as PCI-DSS. The ISO27001 defines controlled based on the following ten sections.
• Security Policy
• Security Organization
• Asset Classification and Control
• Personnel Security
• Physical Environmental Security
• Communications & Operations Management
• Access Control
• Systems Development & Maintenance
• Incident Response
• Business Continuity Management
• Compliance
Based on the above mentioned Risk Assessment, a Security Framework Document would be developed. The Security Policy Framework would set the stage for the actual domains of Info Sec to be detailed. This Framework would describe the following:
• The Scope of the Policy
• The Classification System to be Used
• Roles & Responsibilities
• How the Policy needs to be Implemented
• Position Papers for each Info Sec Domain
Vulnerability Management
Nearly 20 new security flaws, known as vulnerabilities, are discovered every day. IntelFront vulnerability Management and scanning uses a variety of tools and techniques to examine your network for these security holes and misconfigurations. Get peace of mind through frequent security testing.
Regular vulnerability scanning is a critical component of all successful information security programs and is a required component for all merchants accepting credit card payments. These scans also help to proactively find changes or weaknesses in your ever-changing network environment.
Services
Choosing the right product is only part of the answer. Ensuring that the technology is installed and properly configured will ensure that the solutions is operating optimally to provide organizations with the best protection. Threat intelligence and event Correlation are key differentiators.
As a Managed Security Solution Provider collecting large data sets across our client base and advanced analytics position IntelFront to provide more proactive threat intelligence.
Information security training for vendor products and certifications.
Includes architectural reviews, installation and support of best-of-breed IT security solutions.
World-class security products that meet clients' varying needs with experts continually evaluating technology options to bring organizations the best-fit solutions.
Technology Solutions will include:
• BYOD
• Networking
• Anti-virus
• Firewall
• IPS - Intrusion Prevention System
• UTM - Unified Threat Management
• VPN - Virtual Private Network
• NAC - Network Access Control
• SIEM - Security Information and Event Manager
• End Point Security
• Wireless Security
• Vulnerability Management
Adressing new use models.
Addressing new technology use models. Smartphones, tablets, and mobile devices are changing the ways employees use technology.
These trends, coupled with bring-your-own-device (BYOD) initiatives, will force organizations to implement new, necessary security control processes and technology. In most cases, IT departments can no longer say no to these initiatives. The directive from senior leadership is “make it work.”
Managed Security Services Provider
Corporate Security Policies
Depending on the requirements of the organization, there are requirements of many different information security policies. Each information security policy will describe in detail the policies for a specific domain and if required, define the procedures for implementing those policies. Each defined policy could have the following subsections: policy number, name of the policy, description, audience, owner and any other related policy number. The information security policies can be based on the various domains as defined by ISO27001 or on PCI-DSS. However, any additional domains can also be incorporated, if required. Some common domains that have its own policies in a corporate environment are
• Physical Security
• Logical Security
• Development
• Access Control
• Encryption
• Communications
• Escalation Procedures
• Audit
• Business Continuity
Solutions Integration Services
Building & Enhancing Secure Infrastructure
Secure Architecture Review
For any security team, it is essential to understand the technology and the management of the systems security to be newly introduced or in place. IntelFront provides services to review system architecture for projects or exsisting infrastructure recomending applicable controls specific to your environment.
Firewall
The firewall is the principal tool for keeping unwanted intruders out of a specific network. A firewall usually sits between a trusted network, such as the Corporate LAN, and untrusted network, such as the Internet. IntelFront will work to ensure the role of the firewall in restricting the traffic going into the trusted network while only allowing authorized traffic to go out to the untrusted network is properly designed and configured. This can also be designed to protect more secure areas of the Intranet from the less secure areas. In addition, in today’s day of business to business communication, it can also be used at the perimeter to protect the Corporate Infrastructure from traffic originating from business partners.
IPS
Intrusion Detection & Prevention is essential for Monitoring of the Corporate Infrastructure. After the completion of the design and then implementation of the security solution, IntelFront will verify whether the solution your security requiremetns. Intrusion Detection is the technique to continuously monitor all the traffic coming into a specific network and/or the hosts systems to detect any malicious or harmful traffic. Upon detection, the intrusion detection system will generate an alert for the relevant security administrator. In addition, the IDS can also take specific action such as blocking the source of the harmful traffic.
Virtual Private Networks
A Virtual Private Network (VPN) is a private tunnel in the public network for connectivity between various corporate entities i.e. having corporate or private data passing through the Internet via a secure pipe. This is in comparison with the earlier model where point to point connectivity was used for corporate connectivity and connection to the public network was only allowed for Internet related activities.
VPNs are playing a vital role in today’s connected infrastructure. They have led to significant cost savings and provide anytime anywhere connectivity for mobile users. However, security is one of the biggest concerns for such connectivity as the traffic passing through the VPN can contain critical corporate data such as payrolls or financial transactions. IntelFront will work to ensure coporate VPN conenctivity meets best securiy practices.
Security Event Management
System Hardening
End-User Training
Information Security Awareness Program
“A recent study by the Computing Technology Industry Association (CompTIA) cited human error as the most common cause of information security breaches, with some 80 percent of respondents believing this human error was caused by a lack of security knowledge, training, or failure to follow security procedures.”
The goal of this training is to inform personnel of their role regarding security in their everyday work.