Data Security

Gradeon’s suite of security services provide centralised compliance solutions for your organisation, combining expertise in security systems and processes, a knowledge of regulatory requirements, and a cloud-based delivery platform that gives your organisation the ability to automate much of the compliance process internally.

Scroll down to view the services we offer or Contact Us for more information

Penetration testing

Penetration tests measure the effectiveness of live security controls on real world environments tested within a controlled environment.

Gradeon offers an experienced penetration testing service carried out by our security testing team.

Our Penetration Testing Services are conducted by Gradeon' highly skilled and experienced security consultants. Attack simulations and direct compromise attempts at network or application level, to locate potential areas of weakness.

The Penetration Test generates a far more focused and specific report than those produced by automated vulnerability scans. This is because a Penetration Test is designed to fully exploit the level of weaknesses in a system's architecture and not simply alert clients to possible vulnerabilities.

The testing services carried out by Gradeon include:

External Penetration Testing - Penetration testing enables you to challenge your security defences before an attacker does. These simulations provide meaningful detailed reports highlighting vulnerabilities to address.

Internal Penetration Testing - Breaches do not always come from external sources, so its equally as important to conduct an Internal Penetration Test. The Internal Test follows a similar methodology to the External Test, however the Gradeon team will make use of their specifically designed plug-computers to replicate an attack from within the client's network.

Wireless Penetration Testing – Allows the team to conduct thorough wireless security testing to ensure that existing wireless networks are secure, with no rogue wireless networks within your business.

Encryption

Gradeon have expert knowledge and tools to guide you through the mind-field of data repositories and qualification for encryption services.

Legacy systems, aged data media and storage formats can often cause issues. Whether you have tape, disc, call recordings, scanned images etc, we have know-how to help you redact or encrypt sensitive data.

In some cases businesses find it difficult to adjust to new processes where previously seen access to sensitive data requires an alternate solution. Changing mind-sets and providing all-important data to your function in a controlled and secure manner is our expertise.

We have solutions and know-how speak to a consultant today to learn more…

Vulnerability Management

Continuously detect and protect against attacks whenever and wherever they appear..

We offer a cloud service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously secure your IT infrastructure and comply with internal policies and external regulations.

Why Gradeon?

Our Cloud VM service is built on the world’s leading Cloud security and compliance platform, this frees you from the substantial cost, resource and deployment issues associated with traditional software products.

Known for its fast deployment, unparalleled accuracy and scalability, as well as its rich integration with other enterprise systems, VM is relied upon by thousands of organizations throughout the world.

Platform

Revolutionize both security & compliance with the industry’s most integrated, scalable and extensible Cloud platform.

Prioritise

Identify the highest business risks using trend analysis, Zero-Day and Patch impact predictions.

Discover


Uncover forgotten devices and organize your host assets according to their role in your business.

Remediate


Monitor vulnerabilities over time, assign tickets, and manage exceptions.

Assess


Scan for vulnerabilities everywhere (perimeter, internal networks, Amazon EC2) – accurately and efficiently.

Inform


Customize comprehensive reports to document progress for IT, business executives and auditors.

Managed IPS and IDS Service

The firewall is an essential part of your network, designed to prevent unauthorised access from threats from the Internet whilst allowing access to authorised users.

The growth of the Internet has resulted in constant threats in many different ways, from malware and viruses to targeted hacking attempts. The consequence of a cyber-attack can have a huge operational, reputational and financial impact to an organisation.

The constant changing nature of cyber threats make identifying them impossible without the correct approach and tools in place. The Managed IPS and IDS service from Networks First simplifies the complex task of protecting the network.

With the Managed IPS and IDS service your network is protected 24x7x365 from the 24×7 Network Operations Centre (NOC).

WHAT ARE THE BENEFITS OF THE MANAGED IPS AND IDS SERVICE?

  • Provides maximum protection - to constantly changing threats which require the IPS & IDS signatures to be updated as soon as vendors release the signatures. Our services ensure that automated signature files are uploaded to the IPS service ensuring maximum protection.
  • Increased availability – to your everyday service by monitoring firewalls and unified threat management (UTM) appliances, reporting outages proactively means incident resolution can be identified and worked on before you even discover it. Incident resolution time is greatly reduced, in some cases the service can be restored before users are affected by it.
  • Continuous 24/7 protection, for critical security patches – Our services can liaise with manufacturers to ensure that firewall licences are valid and eligible for patches and minor software upgrades.
  • Secure configuration backup – Implementing backups of the configuration files for network devices is vital to rapidly restore service in the event of a failure. The backup process is best repeated weekly to ensure any rule and policy changes are backed up.

FIM

Log Analysers facilitate real time file integrity monitoring (FIM) by protecting sensitive data and meeting compliance requirements. With an effective event Log Analyser, security teams can now centrally track all changes to their files and folders covering events such as (but not limited to) when files and folders are created, accessed, viewed, deleted, modified, renamed and more...

An effective and correctly implemented FIM service will monitor critical changes to confidential files/folders with real-time alerts. Provide detailed information such as 'who made the change, what was changed, when and from where' with bespoke reports.

Events

Real-time event correlation is all about proactively dealing with threats. Data breaches are on the rise and hackers use highly targeted attacks to intrude upon enterprise networks and steal sensitive data. Protecting your network data from attackers involves detecting security threats at its early stage. Security investigators need to determine whether a suspicious event or chain of security events that had happened on the network is a potential security threat or not. Manually investigating events across the network from various log sources and correlating them to formulate an attack pattern will be a herculean task for the security investigators. To effortlessly identify the possible intrusions in the network, you need to have an automated effective correlation engine that gives a complete scope of any security incident by building relationships between events happening across your network infrastructure.

Central Log Management

Centrally collect log data from Windows servers or workstations, Linux/Unix servers, network devices viz., routers, switches, & firewalls, and applications using agent less or agent based methods.

Data Discovery

Where is your data? It seems like a straightforward question but many organisations, through the use of legacy systems and out-dated processes only have a partial understanding of where sensitive data is stored, processed or transmitted.

Gradeon’s team of expert consultants use a variety of industry leading tools and methods to scan for pre-defined sensitive data (anything from personal data such as names, addresses dates of birth, through to credit or debit card data.) Our experts then use their experience, instincts and intuition to identify sensitive data. Vast amounts are typically forgotten and left un-protected.
Knowing where your data is enables a quick reduction of risk in being able to protect it.
If you need some more information request a data sheet or get in touch.

Firewall Security Assessment

A firewall’s effectiveness depreciates over time as more and more rules are added. Unless the defining rule sets are regularly reviewed, it is likely new rules will conflict with older rules and the firewall is left vulnerable. In addition to regular checking a Firewall’s rule set, it is a compliance requirement and best practice for an organisation to agree, document and review its policy on the acceptable configuration of the Firewall.

Gradeon’s approach to Firewall security is in line with our core philosophy – understand what needs to be protected, identify where the risk and threats will come from, then implement, tune and review controls accordingly.

Initially Gradeon will develop a Firewall Configuration Policy document, detailing what the business deems as acceptable configuration of its core security control.

Gradeon consultants then use industry recognised tools, along with their wealth of experience to review existing Firewall rule sets, identify old, duplicated, vulnerable or contradictory rules and ensure all rules are efficient and up to date.