Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Cyber Risk Assessment

Make Informed Decisions

Today organizations are shifting from a pure compliance approach to a broader risk-mitigation and data-protection strategy. Strategic decisions are now driven by how they stack up against your organization’s risk tolerance. TrussInfo helps you make the best decisions about capital, resource and regulatory costs, while balancing security and compliance requirements.

When it comes to cyber security, organizations face a future in which it’s best to prepare for worst-case scenarios. As the number of cyber breaches and impact increase year-on-year, organizations need to be have better visibility into the cyber risk profile of the organization to prepare and plan for the unforeseen circumstances.

That means breach prevention can’t be the sole cornerstone of an effective cyber strategy. As outlined, the question is not if a company is going to be attacked. It’s now a question of when the attack will come.

TrussInfo can help your organization build a comprehensive cyber risk management framework based on years of experience in the cyber security field and protecting some of the most critical entities. Developing the cyber risk management framework is an end-to-end lifecycle from building the cyber risk management framework, cyber risk assessment methodology, cyber risk quantification criteria, cyber risk remediation and treatment plans to report the cyber risks.

TrussInfo takes into account your business landscape, threat profile, inherent risk level and your risk tolerance level that would be acceptable to the business in case of the risk materializing. The risk management framework will be customized to meet your business landscape and we adopt different strategies depending on your level of maturity and ability to perform, maintain and monitor risks on an ongoing basis.

  • Asset Based Risk Assessment
  • Scenario Based Risk Assessment
  • Information Security Standards Risk and Gap Assessment
  • Technical Security Controls Risk Assessment
  • Cyber Security Process Risk Assessment
Managed SIEM

As network traffic and complexity increases, threat and compliance issues call for real-time alerting, correlation, analysis and auditing that can only be accomplished with security information and event management (SIEM) technology and a vigilant team of IT experts. TrussInfo Managed SIEM services provide world-class expertise, threat intelligence, efficiency and automation otherwise unavailable to most organizations.

As part of the Managed SIEM service, any customer premises equipment (CPE) is set up and maintained by TrussInfo, so you can breathe easy and focus on your core business.

TrussInfo Managed SIEM also can help businesses achieve compliance with regulations and requirements, including the Payment Card Industry Data Security Standard (PCI DSS).

Managed SIEM ranges from simple agent-based solutions to our Log Management and SIEM Enterprise Appliances. These appliances offer extensive capabilities for additional correlation, reporting and ad-hoc analysis, both locally on the appliance and via services provided through our Security Operations Centers.

With TrussInfo Managed SIEM, you can expect:

Around-the-clock support from Advanced Security Operations Centers (ASOCs), staffed with experts who have in-depth knowledge and experience working with complex network environments for highly distributed environments. Save time and money while reducing your burden.

Integrated threat intelligence let this highly skilled group worry about your security so you don’t have to. Increase your uptime by preventing infections and keeping malware out.

Compliance support for any of a number of regulations and industry standards, including PCI, FFIEC/GLBA, SOX, and HIPAA and more. We have deep expertise in compliance and can help you navigate the complexity of these mandates.

Great value with zero capital investment, transparent flat-rate pricing, and long-term reduced predictable costs.

Next Generation Firewall Management

Network perimeter security is the first line of defense in an effective information security program. Network firewalls, whether they be UTM based or next-generation devices form the foundation necessary to protect your organization’s data, network and critical assets from outside intruders and threats. Yet, many organizations continue to be challenged by managing these solutions in-house, due to the heavy technical burden of day-to-day management or lack of available, skilled security expertise. TrussInfo’s service is designed to address all of the complexities associated with the deployment, management and ongoing threat monitoring of these enterprise firewalls.

A class of firewalls designed to filter network and Internet traffic based upon the applications or traffic types using specific ports. The application-specific granular security policies provided by Next Generation Firewalls help them detect application-specific attacks, giving them the potential to catch more malicious activity than more traditional firewalls.

Next Generation Firewalls (NGFWs) blend the features of a standard firewall with quality of service (QoS) functionalities, application identification that is agnostic to the TCP/UDP port used, integration with Active Directory for User Identification in order to provide smarter and deeper inspection that is actionable and measurable. In many ways a Next Generation Firewall combines the capabilities of first-generation network firewalls and network intrusion prevention systems (IPS), user identity based security by enforcing role based access control (RBAC) while also offering additional features such as SSL and SSH inspection, reputation-based malware filtering and Active Directory integration support.

TrussInfo works with multiple network security vendors that manufacturer’s enterprise-grade and commercial-grade NGFWs.

End Point Protection

To be effective, endpoint protection has to be both comprehensive and easy. It should embrace all the devices your organization uses to get business done. From small and midsize businesses to large enterprises, endpoint protection should secure against the full threat spectrum by including anti-malware, policy enforcement and compliance management. And, its adoption should be simple and affordable.

Advanced Endpoint Protection is all about protecting your organization from a cyber-attack by preemptively taking action against such attacks. It is a centralized approach to protecting all endpoints – servers, desktops, laptops, smartphones and other IoT devices – connected to the corporate IT network from cyber threats. This methodology enables efficient, effective and easier security management.

Today, as more enterprises adopt practices like BYOD and also as incidences of mobile threats are consistently on the rise, endpoint security becomes highly relevant. We can help you make sure your endpoint devices are secure and pose no threat to the organization.

Vulnerability Management

TrussInfo’s Vulnerability Management services deliver proactive scanning, testing and remediation of application, database and network vulnerabilities so you can better protect your customer data, financial information, intellectual property and other key assets. Through our integrated, on demand security testing platform, you can rapidly identify and address security weaknesses, thereby significantly helping to reduce threats and risk.

And because our vulnerability management is delivered through the cloud and our industry-leading managed security services, you can worry less about scanning and testing product complexity, resource constraints, and in-house security skills shortages–so you can focus on your core business objectives.

TrussInfo specializes in security assessment services that require deep technical expertise and know-how. With a proven methodology in identifying vulnerabilities, active threat profiling and security control gaps assessment, we are at the forefront in providing risk mitigation controls that spans across any enterprise architecture. TrussInfo can provide the most comprehensive detailed security assessment services through the use of commercial and in-house developed assessment tools. Our assessment services are packaged into the following focus areas;

  • Vulnerability Assessment
    • Ethical Internal/ External Testing
    • Vulnerability management Infrastructure
  • Penetration Testing
    • Penetration testing is the practice of attacking your own IT systems, just as an attacker would, in order to uncover active security gaps on your network. Penetration testing is conducted in a way that allows you to safely simulate these attacks, so you can uncover your organization’s actual exposures – whether within technologies, people, or processes – without taking down your network. A pen testing solution or program is a must have in any security program, providing you with a virtual map of your exposures and where to direct your resources
Security Awareness Education

28% of all breaches stem from human error. These are the clicks and malware downloads that keep security professionals like you up at night. With as many as 30% of your employees unable to spot a phishing email, how will you keep hackers from hijacking your data?

TrussInfo identifies your security-naive employees and delivers training targeted to their roles. It self-evolves with employees’ security aptitudes and learning styles, creating personalized learning experiences that motivate behavioral change.

It’s no secret that one of the major concerns currently surrounding cybersecurity is the ‘insider threat’ which is linked to the ‘human’ side of things. It’s a valid argument that whilst an organization can invest heavily in sophisticated security technology, if they have members of staff who are not educated in cybersecurity, they will always be vulnerable to an attack.

Cyber threats are real and attackers are targeting organizations to steal sensitive information every day. Capitalizing on Social Engineering, attackers investigate and research information using social media & public websites to create an attack plan to target organizations.

  • Phishing Simulation and Anti-Phishing Training
  • Personalized Security Awareness Training
  • Learner Assessments
  • Analytics & Reporting
  • Client Support