Stäng meny

Data-Centric Audit & Protection

Orchestrate IT security with your data at its core Know your data - Protect what matters

Data-Centric Audit & Protection (DCAP)

In the rise of Big Data and the Information Age, data has become more valuable than ever before. IoT and the advancement of technology also contributes to increased opportunities for cybercriminals.

Combined with the stringent regulatory requirements with regards to data protection and data security controls such as GDPR, PCI-DSS, HIPAA/HITECH and ISO/IEC, organizations are increasingly securing their business and customer data with data-centric audit and protection (DCAP).

What is DCAP?

Data-Centric Audit and Protection (DCAP) is a means of protecting your organization’s data privacy. It addresses security of data itself rather than the security of networks, software or hardware.

This is done through:

  • Data classification
  • Sensitive data storage
  • Data security governance
  • Protecting data against unauthorized access
  • Data monitoring and auditing

In collaboration with Netwrix solutions, we empower our customers to identify and classify sensitive information with utmost precision.

 

How can we help?

​Know Your Data

Ensure your cybersecurity efforts are laser-focused on truly important data (instead of false positives that do not require protection).

Netwrix' unified platform identifies and classifies your sensitive, regulated or mission-critical information consistently and accurately - including both structured and unstructured data, whether it’s on premises or in the cloud.

Protect What Matters

Do you know whether your sensitive data is overexposed? Who can access them?Whether they have been moved, copied, changed or deleted?

​Netwrix solutions enable you to:

  • Ensure that risk-appropriate security controls are implemented around your most critical data.
  • Detect abnormal activity early and respond before a threat turns into a breach
  • Reduce the exposure of sensitive content by tightening permissions and mitigating data and infrastructure security risks.
  • Detect and prioritize incidents better with a single view of all abnormal behavior and the associated risk scores.
  • Ensure timely response to threats by providing incident support and enabling faster, more accurate investigations

Prove Compliance

Assess the effectiveness of the data security controls across your entire infrastructure so you can remediate any flaws before auditors come to call. Get the hard evidence you need to demonstrate to auditors that your controls adhere to their regulations and quickly answer any ad-hoc questions.

​Need more information?

Among Sectors We Serve

Health Care

Prioritize Privilege to Protect Patient Data, Secure and Simplify Operations while ensuring Compliance

Large volumes of patient data or Electronic Personal Health Information (ePHI) are generated daily by the rapidly expanding, interoperable care delivery networks.

From birth dates and social security numbers to private health concerns and detailed illness histories, healthcare information can be much more valuable to cyber attackers than credit card numbers.

​Internet-connected medical devices – such as infusion pumps, heartrate monitors and even imaging and biopsy tables – have become a critical part of the healthcare environment. With medical devices outnumbering healthcare industry staff three to one, this broad movement of connected devices now represents a growing cybersecurity threat that puts patient data, medical information and, potentially patient wellbeing at risk.

From an operational perspective, juggling between various security zones and tiers, means valuable time lost in administering several virtual entrypoints, devices and passwords, or regulatory compliance requirements being unmet.

Securing connected devices – both unsupported legacy devices and new IoMT devices, providing easy and secure access for healthcare workers regardless of location, while taking into account "joiners, movers and leavers" – has emerged as one of the top priorities for healthcare IT security professionals.

​In addition to addressing compliance recommendations and requirements from industry regulators as:

  • Datatilsynet
  • Helsetilsynet
  • Norm for informasjonssikkerhet og personvern i helse- og omsorgssektoren (Normen)
  • NSM's Grunnprinsipper for IKT sikkerhet
  • The European Union Agency for Network and Information Security
  • European Data Protection Board - EPDB
  • NIST Framework - National Insitute of Standards and Technology

​With over 20 years of experience within the healthcare sector, our solution architects and advisors have an in-depth understanding and sector insight with a broad skillset within network architecture, IT security and automation, applied in this field.

We can provide you with the following :

  • Expertise
    • ​Information Security Advisors
    • Solution Architects
    • Project Managers
    • Consultants​​

For more informaiton, contact us.

Telecommunication

Telecommunications systems serve as a critical backbone to nations and economies across the globe.

These systems enable the transmission of financial transactions, business transactions and emergency response communication daily, and if compromised, the consequences could be dire.

Access to these systems are too often left unsecured and unmanaged, putting these critical assets at an increased risk of a damaging cyber attack that could impact telecommunications companies and everyday citizens alike.

Privileged accounts and sessions are repeatedly the target of both internal and external attacks – due to the system-wide access they grant – controlling these sensitive credentials is vital to remain compliant and to protect a business’s core assets.

To reduce the risk of potentially damaging unauthorized access to critical telecommunications systems, organizations should:

  • tightly control and monitor all internal and third-party user and application access to privileged accounts on these systems
  • maximize visibility of IT infrastructure changes and data accesses
  • know ones data in order to protect what really matters
  • have visibility of the traffic behind the perimeter security
  • be fully aware at all times whether one is under attack, be able to rapidly respond and mitigate in an informed manner
  • enforce identity and access management to build a strong IT security posture and ensure compliance​

Having proactive security measures in place to mitigate risks associated with privileged accounts, identity verification, access grants and sensitive data, is not only important to the IT team supporting growing businesses, but it is also a priority for CEOs who understand the business benefits of protecting digital assets.

Approach compliance with confidence - address the evolving set of compliance and audit requirements facing telecommunication companies today:

  • The Electronic Communication Act ("eKOM Loven")
  • Post og telestyrelsen

​Solutions and services we can provide

With over 20 years of experience within the healthcare sector, our solution architects and advisors have an in-depth understanding and sector insight with a broad skillset within network architecture, IT security and automation, applied in this field.​

We can provide you the following solutions and services:

Expertise

  • ​​Information Security Advisors​
  • Solution Architects
  • Project Managers
  • Consultants

Technologies

For more information, contact us.

Industrial

From isolated legacy systems to Internet of Things, Integrated Operations, Hybrid- and Cloud environments

Critical production systems as ICS (Industrial Control Systems) have for decades been isolated from other systems or the Internet as a whole. Due to recent technological developments and business objectives to lower costs, improve operational efficiencies and meet regulatory compliance, IT systems and OT environments have increased connectivity exposing them to a significantly larger attack surface and risk of intrusion from malicious actors.

While the profitability of industrial organizations are heavily dependant on the ability to secure their intellectual property and trade secrets, the implementation of security controls designed to mitigate the risks associated with these vulnerabilities, if not planned carefully, can be very costly.

Some of these risks include:

  • high number of administrative or privileged accounts that enable user and application access to ICS
  • use of shared accounts that enable access to critical systems without individual oversight
  • use of industrial applications with embedded hard-coded credentials
  • use of workstations with excessive administrator rights
  • challenges of integrating and maintaining legacy systems in an ever evolving IT landscape
  • uncontrolled processing of sensitive data leaving sensitive information over-exposed, potentially tampered with, copied, moved or deleted

​Kommando can help your organization address the information and cyber security challenged through our:

Expertise

  • ​​Information Security Advisors​
  • Solution Architects
  • Project Managers
  • Consultants

Technologies

Fore more information, contact us.

Oil & Energy

Industrial Control Systems - A High Value Target for Cyber Criminals

Industrial Control Systems (ICS) are critical production systems which are part of the Operational Technology (OT) environment in industrial enterprises. As IT systems and OT environments increase connectivity to each other, ICS are now exposed to IT systems and the Internet - significantly increasing the risk of intrusion from malicious actors that aim to cause damage to the systems themselves or to use the systems to gain access to other parts of the corporate IT Infrastructure.

Due to the high availability requirements of ICS assets, by enlarge, the risks associated with running commercial-off-the-shelf (COTS) equipment into operations and supervisory levels of ICS architecures are unaddressed.

Some of these risks may include:

  • The high number of administrative or privileged accounts that enable user and application access to ICS
  • The use of shared accounts that enable access to critical systems without individual oversight
  • The use of industrial applications with embedded hard-coded credentials
  • The use of workstations with full administrator rights
  • The broken process of provisioning access with restrictions on what, when and where one can perform a job/task

To mitigate these risks and to address compliance requirements from industry regulators as:

Industrial enterprises must proactively protect and monitor priviled accounts that enable accesses to ICS environments.

With long and broad experience from working with IT security and access control for the Oil and Energy sector, Kommando can provide:

Expertise

  • Security advisors
  • Solution architects
  • Project managers
  • Consultants

Technologies

For more information, contact us.

Finance

Attacks against the financial industry continue to grow as firms consecutively collect sensitive customer information. IT security must be as proactive and automatic as possible, for organizations to remain compliant, rapidly respond to threats and free IT to focus on digital innovations rather than firefighting.

Banks, insurers and other financial service providers require strong privileged access security to protect against growing external and internal threats to personal and proprietary information. Financial and banking firms continuously collect sensitive information about their customers and house considerable amounts of valuable resources, they are attractive targets among hackers worldwide.

The stringent regulatory requirements from both domestic and international governing bodies as GDPR, PCI-DSS, Sarbane's Oxley, MAS TRM, EBA-guidelines and more, keep financial service providers challenged. To remain compliant, respond to threats rapidly and free IT to focus on the digital innovations that strengthen customer loyalty and capture new sources of revenue, IT security must be as proactive and automatic as possible.

Kommando can help your organization address the information and cyber security challenged through our:

Expertise

  • ​​Information Security Advisors​
  • Solution Architects
  • Project Managers
  • Consultants

Technologies

For more information, contact us.

Government

Mitigate security risks for national and local government agencies

National and local government IT teams are tasked to protect an immense variety and volume of sensitive information and critical systems - from human services to citizens' healthcare data, court and law systems, traffic systems, tax-, voting-, and financial information, etc.

The collection of Personally Identifiable Information (PII), and sharing it with other agencies to conduct business, makes it equally important for these agencies to stay compliant while providing effective IT security and ensuring operational efficiency.

Cyber-attacks on systems supporting public services can compromise public health and safety. Financially, state and municipal governments are increasingly seen as attractive targets of ransomware attacks. Whether it's ransomware or other malware, the costs, in terms of resources to recover from a cyber-attack can be significant, whereas in some cases records may be irretrievable.

​Kommando can help you meet the exceptional demands of public sector IT and assist your organization in addressing the information and cyber security challenged through our:

Expertise

  • ​​Information Security Advisors​
  • Solution Architects
  • Project Managers
  • Consultants

Technologies

For more information, contact me.

© Copyright 2018 | Kommando | All Rights Reserved

 

Drammensveien 127, 0277 Oslo

Biblioteksgatan 29, 114 35 Stockholm

Kungsportsavenyen 21, 411 36 Gothenburg

Close
To top