Information Security / Cyber-Security

Cyber Risk Assessment

    Make Informed Decisions

  • Today organizations are shifting from a pure compliance approach to a broader risk-mitigation and data-protection strategy. Strategic decisions are now driven by how they stack up against your organization’s risk tolerance. TrussInfo helps you make the best decisions about capital, resource and regulatory costs, while balancing security and compliance requirements.

  • When it comes to cyber security, organizations face a future in which it’s best to prepare for worst-case scenarios. As the number of cyber breaches and impact increase year-on-year, organizations need to be have better visibility into the cyber risk profile of the organization to prepare and plan for the unforeseen circumstances.

  • That means breach prevention can’t be the sole cornerstone of an effective cyber strategy. As outlined, the question is not if a company is going to be attacked. It’s now a question of when the attack will come.

  • TrussInfo can help your organization build a comprehensive cyber risk management framework based on years of experience in the cyber security field and protecting some of the most critical entities. Developing the cyber risk management framework is an end-to-end lifecycle from building the cyber risk management framework, cyber risk assessment methodology, cyber risk quantification criteria, cyber risk remediation and treatment plans to report the cyber risks.

  • TrussInfo takes into account your business landscape, threat profile, inherent risk level and your risk tolerance level that would be acceptable to the business in case of the risk materializing. The risk management framework will be customized to meet your business landscape and we adopt different strategies depending on your level of maturity and ability to perform, maintain and monitor risks on an ongoing basis.

    • * Asset Based Risk Assessment
    • * Scenario Based Risk Assessment
    • * Information Security Standards Risk and Gap Assessment
    • * Technical Security Controls Risk Assessment
    • * Cyber Security Process Risk Assessment

Managed SIEM

  • As network traffic and complexity increases, threat and compliance issues call for real-time alerting, correlation, analysis and auditing that can only be accomplished with security information and event management (SIEM) technology and a vigilant team of IT experts. TrussInfo Managed SIEM services provide world-class expertise, threat intelligence, efficiency and automation otherwise unavailable to most organizations.

  • As part of the Managed SIEM service, any customer premises equipment (CPE) is set up and maintained by TrussInfo, so you can breathe easy and focus on your core business.

  • TrussInfo Managed SIEM also can help businesses achieve compliance with regulations and requirements, including the Payment Card Industry Data Security Standard (PCI DSS).

  • Managed SIEM ranges from simple agent-based solutions to our Log Management and SIEM Enterprise Appliances. These appliances offer extensive capabilities for additional correlation, reporting and ad-hoc analysis, both locally on the appliance and via services provided through our Security Operations Centers.

  • With TrussInfo Managed SIEM, you can expect:

  • Around-the-clock support from Advanced Security Operations Centers (ASOCs), staffed with experts who have in-depth knowledge and experience working with complex network environments for highly distributed environments. Save time and money while reducing your burden.

  • Integrated threat intelligence let this highly skilled group worry about your security so you don’t have to. Increase your uptime by preventing infections and keeping malware out.

  • Compliance support for any of a number of regulations and industry standards, including PCI, FFIEC/GLBA, SOX, and HIPAA and more. We have deep expertise in compliance and can help you navigate the complexity of these mandates.

  • Great value with zero capital investment, transparent flat-rate pricing, and long-term reduced predictable costs.

Next Generation Firewall Management

  • Network perimeter security is the first line of defense in an effective information security program. Network firewalls, whether they be UTM based or next-generation devices form the foundation necessary to protect your organization’s data, network and critical assets from outside intruders and threats. Yet, many organizations continue to be challenged by managing these solutions in-house, due to the heavy technical burden of day-to-day management or lack of available, skilled security expertise. TrussInfo’s service is designed to address all of the complexities associated with the deployment, management and ongoing threat monitoring of these enterprise firewalls.

  • A class of firewalls designed to filter network and Internet traffic based upon the applications or traffic types using specific ports. The application-specific granular security policies provided by Next Generation Firewalls help them detect application-specific attacks, giving them the potential to catch more malicious activity than more traditional firewalls.

  • Next Generation Firewalls (NGFWs) blend the features of a standard firewall with quality of service (QoS) functionalities, application identification that is agnostic to the TCP/UDP port used, integration with Active Directory for User Identification in order to provide smarter and deeper inspection that is actionable and measurable. In many ways a Next Generation Firewall combines the capabilities of first-generation network firewalls and network intrusion prevention systems (IPS), user identity based security by enforcing role based access control (RBAC) while also offering additional features such as SSL and SSH inspection, reputation-based malware filtering and Active Directory integration support.

  • TrussInfo works with multiple network security vendors that manufacturer’s enterprise-grade and commercial-grade NGFWs.

End Point Protection

  • To be effective, endpoint protection has to be both comprehensive and easy. It should embrace all the devices your organization uses to get business done. From small and midsize businesses to large enterprises, endpoint protection should secure against the full threat spectrum by including anti-malware, policy enforcement and compliance management. And, its adoption should be simple and affordable.

  • Advanced Endpoint Protection is all about protecting your organization from a cyber-attack by preemptively taking action against such attacks. It is a centralized approach to protecting all endpoints – servers, desktops, laptops, smartphones and other IoT devices – connected to the corporate IT network from cyber threats. This methodology enables efficient, effective and easier security management.

  • Today, as more enterprises adopt practices like BYOD and also as incidences of mobile threats are consistently on the rise, endpoint security becomes highly relevant. We can help you make sure your endpoint devices are secure and pose no threat to the organization.