Cybersecurity is a journey, and it needs a map, that map is your cybersecurity strategy. We at Secure Sphere Consulting will help you build a strategy that makes business sense and results in effective and efficient protection against cyber threats.
Review the system and configuration against best practices. Firewalls are not static devices that can be installed and forgotten, they need to be ever-evolving. They need continuous updates and patches like any other device with an operating system. The configuration and rules of firewalls are also constantly changing to accommodate for moves, additions, changes, and deletions of a company’s security requirements. With every change comes the risk of misconfiguration, the build-up of legacy rules, and outdated policies which can all lead to your company’s first line security being weakened, and exposing you to cyber-attacks. A regular review of your firewall by experts is vital to ensuring that you are always properly protected.
Cyber Security Review
Review your security status and develop a roadmap. Cyber Security has become such an immense field covering a wide scope including Strategy, Administration, Compliance, Assurance, Technology Landscape, and much more. Knowing about all these areas is a challenge and knowing that you have it all covered is vitally important. A comprehensive review of your entire cybersecurity environment by a 3rd party with the expertise and experience needed to fully understand it all is the only way to be sure. Our experts will assess your current security status, determine your required status, and perform a gap analysis to be used to document a recommended roadmap for you to follow to achieve your security goals.
Evaluating the best fit for your needs. Our team of consultants, pre-sales, and principal engineers have extensive IT experience, especially in the field of Cyber Security. This depth within the Team is essential in evaluating and understanding our clients’ cybersecurity needs and matching the correct service or solution to meet those needs. Whether it’s in an advisory role, performing a Proof of Concept (POC) on a possible solution, or doing a full comparison of several options, we will give you peace of mind that the solution or service we recommend is the best option for you, the client.
Compliance, Standards & Best Practises
CIS, ISO27001, POPI, PCI-DSS
WHAT IS POPIA?
The Protection of Personal Information Act 4 of 2013 (POPIA) is South Africa’s data protection law.
POPIA aims to protect your constitutional right to privacy by ensuring that your personal information is processed in a manner that ensures its confidentiality and that your privacy is respected. Since its enactment in 2013, certain provisions of the Act relating to the establishment of the Information Regulator and regulations under POPIA have come into force. The full POPI Act will take effect once a date has been determined by the President. To achieve this, the Protection of Personal Information Act sets conditions for when it is lawful for someone to process someone else’s personal information.
How can we assist you?
Using a combination of our in-house skilled Technical Consulting team and our specialised compliance partner, Risk-X, we can help your company identify and assess IT security risks and develop a controlled environment which complies with South African legislation as well as with international standards.
Penetration Testing, Vulnerability Assessment, Intrusion Testing. Cybersecurity solutions can be highly complicated, costly to implement, and challenging to maintain. It is important to know that the resources you’ve invested in cybersecurity are achieving the desired results which are minimizing the risk of a breach by having effective protection against cyber-attacks through proper use of People, Processes, and Technologies. Assurance testing is the most effective way for you to get this peace of mind, knowing that your environment is safe.
Cyber Threat Susceptibility Assessment (CTSA)
The Cyber Threat Susceptibility Assessment (CTSA) is a methodology for evaluating the susceptibility of a system to cyberattacks developed by MITRE. CTSA quantitatively assesses a system's inability to resist cyberattack over a range of cataloged attack Tactics, Techniques, and Procedures (TTP).
NormShield needs only the company domain to perform a non-intrusive passive assessment. The engine collects information from VirusTotal, Passive DNS servers, web search engines, and other Internet-wide scanners, as well as NormShield's proprietary databases, which hold more than 10 billion historic items. The engine searches the databases to find all IP address ranges and domain names that belong to the company.
NormShield uses what is called Open Source Intelligence (OSINT) to gather information. The following map shows how hackers can leverage their attack vectors by using OSINT resources like hacker forums, social networks, Google, leaked database dumps, paste sites, or even legitimate security services like VirusTotal, Censys, Cymon, Shodan, or Google Safe Browsing.
NormShield compiles this data into a simple, readable report with letter-grade scores to help identify and mitigate potential security risks.
It identifies the risks (CVE/CWE), the risk score of the corresponding vulnerabilities/weaknesses (CVSS/CWSS), and attack patterns (CAPEC/FIPS-199 impact level). NormShield also classifies the findings into FISMA Cyber Security Framework Area and Maturity Level, NIST 800-53 Control Family, FIPS-200 Area, and NIST 800-37 Process Step. NormShield does all of this without scanning or modifying any of the organization’s business assets. The NormShield Comprehensive Cyber Risk Scorecard is nonintrusive. NormShield won’t use any intrusive vulnerability scanners like Nessus, Netsparker, Acunetix, Nexpose, Nmap, openvas, and others.