Security management is a strategic factor for organisations. Protecting data, and assuring the continuity of information systems, are in fact crucial requirements for business. Ever more sophisticated attacks, targeting every conceivable vulnerability in the information infrastructure, applications, processes and behaviour of individuals, call for a direct and structured response to the problem. To this end, a specialist partner can contribute added value in terms of expertise, competencies and continually updated protection.
Akhela offers not just security products and services, but also know-how, solutions, processes and answers capable of effectively meeting the security needs of an organisation. Each solution is specifically targeted and continually updated to respond to the new security threats that emerge each day. Continual scouting of the international market enables us to offer clients the most technologically advanced and reliable products. Akhela boasts an especially innovative range of offerings in the fields of application security and industrial security (SCADA/DCS networks).
Stages of the security process:
Akhela treats security as an ongoing process within the company, which iterates repeatedly through the following steps:
- Evaluation
- Implementation
- Management design
- Operation
Components of the security offerings:
Application Security
Services and solutions for securing applications, comprising: Application level penetration tests – Drawing up "guidelines" for secure application design and development – Tools for automatically testing the security of web applications – Code inspection – Training.
Industrial Security
Being part of one of Italy's leading industrial groups has enabled Akhela to develop innovative solutions for SCADA/DCS network security.
Vulnerability Assessment & Penetration Tests
VA&PT services, also in Wireless and Voip contexts, aimed at evaluating the security level of networks, systems and applications. This is accomplished using ethical hacking methods, by conducting targeted manual attacks.
Social Engineering
Deployment of techniques for identifying possible non-technological weak links in an organisation's security chain.
Training
Training & Awareness-building, through classroom or e-learning courses dealing with Application Security, Infrastructure Security (Network Security and System Security), Incident Management and Compliance.
Dashboard for monitoring Security and Operations Continuity
Provides a comprehensive overview of an organisation's security and operations continuity situation, displaying summary information about the status of services, and highlighting the initiatives undertaken in different areas.
Data Leakage Prevention
Methods and solutions for preventing the leakage of confidential information. The services comprise: Data classification - Discovery of confidential information stored on the corporate network, in the archives or in shared files, at both the server level and endpoints – Monitoring and protection of outgoing confidential data (via FTP, email, IM/P2P, web, printers).
Data Encryption
Solutions for encrypting data on notebooks, PCs and removable devices, and for protecting against unauthorised access to data stored locally and on the network.
Identity & Access Management
Akhela offers both technological assistance in choosing the most suitable solution for the client's business, and organisational support for analysing how identity and access management issues are approached, and reviewing the related organisational processes.
Security Compliance
Auditing, compliance verification and assessment to support conformity to regulations and standards.
Privileged Passwords Management
Secure management of administration passwords for systems, devices and applications on the part of authorised users.
VA & Management Services
Services delivered by the Akhela SOC for continually monitoring the security of the client's infrastructure and preventing possible attacks aimed at compromising continuity of service or illegally obtaining confidential information.
24 h Incident Management
24 h Security Help Desk that can provide immediate assistance in case of extraordinary events such as internal incidents or computer attacks, in order to take prompt and effective countermeasures.
Security Risk Management
Services and solutions designed to effectively analyse the risk exposure level of an organisation's ICT infrastructure, in order to rapidly identify its critical points and successfully manage and mitigate the risks to the business.
Policy Compliance of Network Appliances
Solutions for monitoring the compliance of an organisation's network, or of specific network devices, with the requirements prescribed by security standards / regulations or internal policies.
FW-IDS-IPS-IDP Operations Management
Fee-based SOC Operations services for the operational management of FW, IDS, IPS and IDP systems (Security Change Management, Security Problem Management, Security Event Management). Provision in outsourced, in-sourced or co-sourced mode.
Internal Fraud Detection
Business application monitoring solutions for recording the behaviour of system users and administrators, in order to pro-actively guard against privacy or security threats through behaviour analysis.
Log Collection
Collection (using agent-based or agentless technology), compression, archiving and consolidation of data logs from multiple systems. The captured data is then presented in an easy-to-read format through a web portal. The proposed technology moreover allows real-time handling of alerts, to give IT organisations maximum control over the infrastructure.