- Minimizing the risk of breaches to your security system
- Reducing the operating costs of secure communications infrastructure
Security is a key issue for IT departments. The exponential increase in the volume of information exchanged today means ever-growing risks of malicious or fraudulent access. It is more and more difficult to protect critical data, making infrastructure and data security a vital issue for companies.
It is now crucial to ensure:
- access is confidential (to prevent identity theft and keep critical information from being stolen)
- resources are available (to keep production from being halted)
- data integrity (so that the quality of information or brand image is not undermined).
Our logical security solutions
CFAO Technology & Energy works with you to define and implement your security policy. Our partner-certified experts design, set up and manage a full range of solutions for corporate clients and small businesses.
Our teams are involved in each of the six steps required to devise your security plan:
- conducting security audits
- establishing security standards
- creating secure infrastructure
- validating and optimizing performance
- monitoring security
- administering and keeping security infrastructure operating
CFAO Technology & Energy carries out several types of audits, based on your needs and your constraints.
- Internal vulnerability audit ("white box" audit): in-depth analysis of the configuration of the various components of your infrastructure. We identify and categorize as many areas of vulnerability as possible. Eliminating the most critical areas of vulnerability for each part of the infrastructure helps reduce the level of risk throughout the system
- External vulnerability tests ("black box" audit): analysis of identifiable external areas of vulnerability (from the internet, a partner, wireless networks, etc.) and validating how these can be exploited
- Intrusion tests: validating how well your infrastructure holds up by attempting to exploit areas of vulnerability that have been identified within certain systems
- Intrusive application tests: the same objectives are achieved as for intrusion tests, but via applications, (in most case using a web stream)
- Encoding audit: in-depth analysis of the encoding of certain modules of an application in order to detect errors or inconsistencies that may make the application vulnerable
Establishing security standards
To enable you to organize your security and develop your security service agreement, we work on standardization documents.
- Developing generic security standards: These documents set out the security policy, area by area, and define the implementation standards and standard procedures
- Drafting technical security standards: These documents comprise the technical security framework and include the documents for secure installation of applications (e.g., OS restriction), product standardization (e.g., type and version of firewall and level of patches) as well as technical guidelines
Creating secure infrastructure
This service offering covers the entire cycle to deploy a secure infrastructure solution.
- Defining systems architecture: Assessing the client's existing architecture, needs and constraints, identifying and evaluating the various possible solutions, and making recommendations. At the end of this phase, we will provide you with an implementation plan and a residual risk analysis
- Choosing components and products: Comparative analysis of products, organizing a model with acceptance and validating the migration plan
- Deploying solutions: Services for integrating the security solutions. During the integration phase, we will apply the methodologies and quality plan defined within your company
- Validating and putting services into operation: Organizing acceptance of solutions through an operational acceptance test and operational qualification process, drafting and validating operating procedures, transferring skills and providing support during the early stages of operation
Validating and optimizing performance
Our services will allow you to test, optimize and monitor your critical applications.
- Load testing and architecture advisory services
- Integrating infrastructure optimization solutions: These solutions improve response time, increase the processing capacity of an application and reduce infrastructure costs. They require the integration of bandwidth management appliances, HTTP compression devices, cache, etc.
- Integrating monitoring and reporting solutions for service agreements and critical applications
We integrate comprehensive security administration and control solutions covering:
- Administration of security components (managing configurations, versions, etc.)
- Centralization, screening and correlation of security events
- Threat detection and construction of dynamic vulnerability databases
- Management of security incidents and coordination with trouble ticketing and help desk tools
- Implementation of a graphic monitoring console (or integrating the solution within an existing HPOV-, Tivoli-, Patrol-type console, etc.)
- Implementation of a hypervision security solution (or integrating a solution within an existing MicroMuse-type solution).
These solutions allow customers to deploy proper Security Operation Centers (SOC)
Administering and keeping security infrastructure operating
Our full range of customized services provides you with support for your security infrastructure at every stage:
- Patch management
- Log analysis
- Hardware/software maintenance and support