2. Overview
Cyber Accreditations
Cyber Security Audit Services
Cyber Security Training
Cyber Security Training for Financial Services
Cyber Due Diligence for Private Equity
CISOs on Demand
GDPR Explained
GDPR Explained
Secure Identity Cards
Brand Protection & Anti-Counterfeiting
Secure Mobile Communication
Anti-Money Laundering & Know Your Client
Insider Threat Detection
iStorage - Secure Data Storage
Super Yacht Cyber Security
Contents
_02
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
3. The Security Circle brings together the world’s most
advanced and specialised security products and takes
them to market through our global security contacts.
Our advisory panel includes some of the industry’s most
respected and influential security experts; together, we
deliver robust, cyber-resilient solutions for public and
private sector organisations worldwide.
The Security Circle works closely with a number of
key partners, including The City of London Police and
Napier University’s Cyber Academy, helping to reduce
economic and corporate cyber crime throughout the
UK and Europe delivering specialist courses in cyber
security for businesses and financial institutions.
This product and services brochure highlights our best-
of-breed technologies and training courses, all of which
have been carefully selected and rigorously tested in the
relevant industries to ensure they exceed expectations.
The threat landscape for
organisations is changing rapidly,
we are here to help.
_03
4. _04
Cyber Essentials is aligned with the primary objective of
the UK Government’s National Cyber Security Strategy,
which is to make the UK a safer place to conduct
business online by building a resilient and secure
cyberspace.
It was launched on 5 June 2014 with the aim of helping
organisations of all sizes measure their defences against
common forms of cyber-attacks. Cyber Essentials was
developed in conjunction GCHQ and offers a sound
foundation of basic hygiene measures, identifying some
fundamental sound technical security controls that an
organisation needs to have in place and can potentially
build on to help defend against cyber threats.
Seric recommend organisations adhere to the guidance
given in the Cyber Essentials Scheme, which is suitable
for organisations of all sizes. Accreditation should also be
an ongoing requirement of the supply chain, forming a
reasonable part of any organisational security process.
Businesses, public and private sector organisations and
other institutions hold personal data, provide services and
operate systems in the digital domain. The connectivity
of this information has revolutionised every aspect of the
way organisations operate. But with this technological
transformation comes the responsibility to safeguard the
assets which organisations hold, maintain the services
they provide and incorporate the appropriate level of
security into the products they sell. Consumers and
society at large expect businesses and institutions to take
all reasonable steps to protect their personal data and
build resilience - the ability to withstand and recover -
into the systems and structures on which they depend.
Businesses and organisations must also understand that,
if they are the victim of a cyber attack, they are liable
for the consequences. These liabilities are due to increase
considerably when the new GDPR (The General Data
Protection Regulation of the EU) comes in effect in 2018.
Cyber
Accreditations
The level at which the Government views the importance
of cyber security is clear; since October 2014, the UK
government has required all suppliers bidding for certain
sensitive and personal information handling contracts to
be certified against the Cyber Essentials scheme.
The Scottish Government has a similar arrangement
for certain contracts but has also widened out Cyber
Essentials as a soft requirement on many more tenders:
although not mandatory, firms can gain a higher score
by being accredited. As of January 2016, The Scottish
Investment Bank announced that firms without Cyber
Essentials Accreditation would no longer be able to
borrow funds.
The certification is available in two stages, Cyber
Essentials (Stage 1) and Cyber Essentials Plus (Stage 2).
Both levels of award are assessed against the Cyber
Essentials requirements; however Cyber Essentials Plus
gives a higher level of assurance as a number of onsite
tests are carried out. The scheme covers five key areas:
• Secure configuration
• Boundary firewalls & internet gateways
• Access control & administrative privilege management
• Patch management
• Malware protection
The vast majority of cyber attacks use relatively simple
methods to exploit basic vulnerabilities in software
and computer systems. There are tools and techniques
openly available on the internet which allow even
low-skill actors to exploit these vulnerabilities. Properly
implementing the Cyber Essentials scheme will protect
against the vast majority of common internet threats.
Seric is an Accredited Cyber Essentials Certification
Body and all its engineers are Approved Cyber Essentials
Practitioners.
Seric can also take clients through to ISO 27001 accreditation.
“Last year, the average cost of breaches to large businesses that had them was £36,500. For small
firms the average cost of breaches was £3,100. 65% of large organisations reported they had
suffered an information security breach in the past year, and 25% of these experienced a breach at
least once a month. Nearly seven out of ten attacks involved viruses, spyware or malware that might
have been prevented using the Government’s Cyber Essentials scheme.”
2016 Government Cyber Health Check and Cyber Security Breaches Survey
5. _05
Cyber Security
Audit
Businesses are open to a wide and ever increasing
range of cyber attacks.
Often unaware of the full scope of these risks or where
best to start mitigating them, the result is that company
boards rarely afford oversight to IT and Cyber as they
would in normal financial management.
Seric recognises that organisations need support to scope
and properly contextualise their cyber risk and have
developed a range of Cyber Audit and Cyber Assessment
Services in response.
Audit
The first premise of our approach is that Security is a
big topic, it is far more than just IT. Security is physical,
it is people; it is not just data and applications. Crucially,
security is not an issue just for the IT department.
Seric will make a broad analysis of the current
organisational risk and work with that organisation to
help align the risk posture, establishing the gaps that
need to be addressed by an appropriate combination of
training, process change and technology.
We believe that benchmarking oneself is the first logical
step for any organisation seeking to shore up their
security risks.
A Holistic Approach
Our approach is in two parts, firstly to make an
assessment of the cyber security risk against an open
security standard. Secondly, we make a multiple
perspective measure of data leakage by examining the
levels of leakage internally, externally and at where the
endpoint meets shadow IT.
Seric’s approach to Governance, Risk & Compliance
(GRC) is to report on the current risk position of the
organisation as compared against a leading open standard
measure in Security. This is coupled with a multi-layered
DLP (Data Loss Prevention) assessment through our
Listening Services.
Listening Services
• Listening In - Assessing Servers and Network traffic
• Listening Out - Assessing Information in the Public
Domain and Dark Web
• Listening Around - Assessing Demonstrable
Compliance and Insider Threat
Prevention is ideal, but detection is a must. Organisations
should prepare for when a breach occurs, since in all
likelihood a breach will, or indeed may, have already
occurred. The risks presented by a leak need to be
understood. Having a proactive view of such risks will
certainly have its advantages when the forthcoming
GDPR (General Data Protection Regulation) arrives
in May 2018. A breach missed internally can still be
detected externally, thereby giving organisations a head
start on remediation; tactically as well as financially.
Any such financial risk in this area is presented both in
reputational brand damage and the more direct financial
impact of fines currently levied by organisations like the
Information Commissioner’s Office in the UK.
Service Approach
Our services are delivered using Seric Implementation
Methodology (SIM), which is aligned to Prince2 best
practice. We protect enterprises by increasing their
risk understanding. This means building a stronger
understanding of the overall operational risks - service
risks, resource risks and technology risks - into business
and IT processes, including the technology infrastructure.
There is an exponential growth of data center
transformation, virtualisation, mobility, social business
and attack sophistication. To address risk mitigation in
this context, organisations need to be able to make fast
decisions surrounding their overall risk management
health and this can only be achieved in the context of
a well-documented and clearly understood technology
landscape.
SERICSYSTEMS
Technology success: delivered
6. _06
The world renowned Cyber Academy at Napier
University has been awarded GCHQ accreditation for
its MSc Advanced Security & Digital Forensics. The
programme delivers in-depth knowledge and practical
skills in security, investigation and incident response and
forms the basis for many of the Academy’s short courses.
Capitalising on this expertise, The Security Circle - in
alliance - with the Cyber Academy, has developed a
comprehensive programme of Cyber Security Training
Courses. The courses cover all of the relevant threat and
knowledge that companies and organisations need to
know to keep themselves as safe as they can be.
Accessible for single delegates to attend on a half-day
basis in Glasgow, Edinburgh, Aberdeen and London, our
courses can be tailored to specific business requirements.
Cyber Security
Training
Our team spend time listening to how a particular
business works, evaluate their workplace and then deliver
a training solution that is designed to benefit their specific
business needs and requirements.
Our programme currently consists of:
• Digital Threats and Due Diligence for Business
• The Insider Threat - Employees and Contractors
• Data Loss Prevention (DLP) and Data Loss Detection
(DLD) Masterclass
• Incident Response & Disaster Recovery Masterclass
• Employee Training - Keep your Business and Data Safe
• Online Reputation for Businesses
• OSINT - Learn How to Truly Search the Internet
• CPD for Solicitors
7. _07
Digital Investigation:
The underpinning knowledge of
network infrastructures and potential
threats to enable proactive and
effective threat management and
incident investigation.
Advanced Digital Investigator:
Consolidating underpinning
knowledge with simulated and real
life scenarios for deep understanding
of digital evidence and use in
investigative situations.
Digital Forensics:
The skills, methods and tools for
investigating and securing evidence
on criminal behaviour or intruder
attacks. We are an EnCase Centre of
Excellence.
EnCase:
Introductory, intermediate and
advanced training for law
enforcement and security
professionals in applying the industry
standard tool to real digital forensic
scenarios.
Penetration Testing & Cyber
Attack Simulation:
Testing resilience and responsiveness
through live training exercises based
on real-life threat scenarios.
Encryption:
Tools and techniques for secure data
management and information
sharing in the context of data leakage
and information threats.
Cyber Security Courses
for Financial Services
The Security Circle - in alliance with the world renowned Cyber Academy at Napier University - offer a
range of specialist courses in cyber security for businesses and financial institutions. Through practical
training on real-life scenarios, we give cyber professionals the skills, tools and confidence to design and
deliver effective security management and incident response protocols, with a deep understanding of
different network environments.
We deliver bespoke training in areas including:
Data Loss Prevention:
Understanding the main risks and
threats to customer and business data
and giving the skills and knowledge
needed to prevent data loss.
Network Architecture:
Giving an in-depth knowledge of
public and private web
infrastructures and their interaction
with business and consumer systems.
Investigating DDoS:
Capture, Storage and Analysis of
DDoS attacks using a range of logs
from web servers and networked
devices, and tools including
Wireshark, Snort and Splunk.
Big Data in Cyber Security
Analysis of data logs to identify
patterns and anomalies for threat
detection, and how to use feature
selection and machine learning to
speed up response times and
effectiveness.
Software Programming
& Engineering:
Design, development, implementation
and integration across platforms for
secure systems architecture and
software applications.
Executive Master Class:
Giving senior managers the key
insights and analysis to make
informed decisions about investment
in digital security from a business
perspective.
Digital Risk:
Helping technical or non-technical
managers to identify and mitigate
their main risks, and create a
prioritised action plan for addressing
them.
Secure Online Trading:
Standards for secure eCommerce and
customer data management, giving
consumer confidence in digital
encryption and secure online
transactions.
Cybercrime Legal Landscape:
Current considerations in terms of
business obligations, how the law
supports businesses online, and any
pitfalls to avoid.
Digital Evidence for Solicitors:
This course will focus on introducing
digital evidence to solicitors,
advocates, paralegals and other
professionals working in related
functions.
Cell Site Analysis Workshop:
Providing details of how mobile
networks work and hands-on
experience of activities undertaken to
progress a digital forensics
investigation.
The Cyber Academy’s Virtual Security Operations Centre allows real-life training in a sandbox environment, using real-life
threats and simulated attack/response scenarios to test security procedures and protocols, and to develop skills
8. _08
As a specialist advisor, Seric supports organisations in
assessing cyber risk as part of the Due Diligence process.
Cyber Due Diligence is playing an increasing role in
the deal making process, assuring investors that they
are executing a deal with their eyes wide open; fully
cognisant of the risks and safe in the knowledge that
proper controls and management is in place or at least
that gaps are fully understood. Deal makers and investors
are now waking up to the significant and disproportionate
risk presented by IT and cyber in particular and
appreciate that in any time constrained situation with
high stakes, clear guidance is required.
Clear Guidance
Due Diligence should afford an investor the best possible
appreciation of their risks, should the deal go ahead.
Seric provide clear recommendations to clients as we
assess what is - and what is not in place - from a people,
process and technology perspective. This information
aids collective understanding and provides points of
negotiation for presentation to the seller and a plan of
action for post-completion.
No Surprises
Our approach is to ensure all possibilities have been
covered in terms of key Cyber Security measurements.
Seric uses its own series of standard assessments centred
around Critical Controls but which vary based on the
time available, the size and sector of the organisation and
are weighted toward the trading behaviour; be it B2B,
B2C or both.
Private Equity
Cyber Due Dilligence
Once the deal is complete the post deal investment begins,
dealing with the RAG reports and Gaps to shore up
that risk. This is why Seric make a broad analysis of the
existing organisational risks and establish the gaps that
need to be addressed by an appropriate combination of
training, process change and technology.
Expedient Approach
The more time is invested on Due Diligence, the more
accurate the assessment will be. However, there can
be many time constraints in play during the deal
making process and time on-site is often limited. Seric’s
methodology maximises what can be extracted to deliver
the most accurate assessment in the time available. We
employ pre-visit questionnaires, a clear interview strategy
and a tight reporting process around how we deliver our
Cyber Due Diligence, allowing our dedicated team of
experts to fully support the deal making process.
9. _09
If your organisation doesn’t have one already, a CISO
(Chief Information Security Officer) is the senior-level
executive in a business who is responsible for ensuring
that company data and technologies are protected.
CISOs are in growing demand but are generally the
preserve of larger organisations. SMEs usually do not
have the resources for CISOs but the need for their
combination of commercial acumen and technical
knowledge is just as great.
CISOs typically manage all matters in the business
relating to cyber security, disaster recovery, business
continuity, compliance, identity and access management.
They respond to incidents, establish appropriate standards
and controls, manage security technologies and direct
the establishment and implementation of policies and
procedures.
The Security Circle recognises that SMEs need CISO
expertise but may not have the resources for a full time,
permanent role. That’s where CISOS on Demand comes
in, providing CISO expertise on a project or part time
basis to fulfil all the tasks usually undertaken by a full
time Chief Information Security Officer. The Security
Circle’s team of CISOs have all worked at executive level
in a variety of national and international organisations
and bring the expertise needed by SMEs to help create an
accountable, security conscious business culture alongside
a technically robust and secure security infrastructure.
CISOs
on Demand
The key value provided by a CISO is in the role of
business leadership. CISOs bring far more to the table
than just a specialty in technology, CISOs have a broad
and deep perspective on risk and how to enable the
business while minimising that risk. As such, CISOs must
drive the information technology and security education
of the workforce, ensuring collective understanding and
action with respect to information security. A good CISO
is a great business enabler.
10. _10
Information is the new global currency and with data
breaches and cyber crime on the rise, the new GDPR
(The General Data Protection Regulation of the EU)
places the protection of user information at the heart
of any organisation.
GDPR is a new regulation designed to enhance data
protection for EU citizens by helping regulate data
protection measures within the EU, as well as data
accessed by EU citizens within non-EU organisations.
It is the long awaited EU response to the outdated Data
Protection Directive (DPD) and comes into force on
May 25 2018. Despite Brexit, the UK government has
confirmed that it will adhere to the EU GDPR so it is
important that businesses understand the new legal
framework and are ready to adhere to it from day one.
In order to enhance data protection for EU citizens, the
GDPR implements the following high level controls:
• Expanded territorial scope
• Single set of rules for EU member states
• Organisational responsibility and accountability
• Explicit consent requirements
• Subject access requests
• Right to erasure for user data
• Data breach notification requirements
• Appointment of a Data Protection Officer
GDPR
General Data Protection Regulation of the EU
Expanded territorial scope
The GDPR will apply to both organisations (data
controller/processor) and data subjects (users) based in
the EU, as well as non-EU organisations that process or
control EU citizens’ personal data. Personal data is defined
with a rather large scope, including a user’s name, social
media posts, banking information and IP address. The
GDPR does not, however, cover personal data processed
for investigations by law enforcement or national security
agencies.
Single set of rules
Each EU member state will be appointing a Supervisory
Authority (SA); the regulator of all things GDPR. The SA
will attend to complaints and investigations based on the
GDPR and sanction any offences.
Organisational responsibility and accountability
Organisations will be required to ensure that they
are adhering to the GDPR. It is each organisation’s
responsibility to audit their practice to ensure that they
are incorporating privacy by design and data protection
by default. Organisations must also keep true to the
original purpose(s) for which they have collected user
data. On top of these responsibilities, organisations
exporting data to third countries must also ensure that
the country in question can ensure adequate privacy and
protection measures.
11. _11
Explicit consent requirements
In order to process personal data, organisations will be
required to gain consent from data subjects. This consent
must be renewed every six months. Proof of consent
will be required, as well as proof that the user was well
informed and gave their consent of their own free will.
Subject access requests
Users of an organisation’s information services will be
able to create subject access requests (SARs) to find out
just how much of their personal data is being stored and
used by an organisation. Data controllers will need to
respond to SARs within one month of receipt, without
undue delay.
Right to be forgotten (or erasure)
Data subjects have the right to be forgotten and have
their data erased from the data controller’s infrastructure
if they withdraw their consent, if they object to the data
being stored - based on legitimate grounds, of course, if
their data is no longer necessary to the purpose for which
it was collected, or if the organisation’s data processing
methods do not comply with the GDPR.
Data breach notification requirements
Data controllers must notify their Supervisory Authority
of a personal data breach within 72 hours after detection,
where feasible. Data subjects must also be informed of
any breaches of their personal data.
Appointment of a Data Protection Officer
If an organisation’s core business focuses on the gathering
and regular, systematic monitoring of personal data, they
will need to appoint a Data Protection Officer (DPO).
The DPO will also have oversight of data protection
impact assessments. DPIAs are a necessity if there are
inherent risks to the rights and freedoms of data subjects.
The implementation of the GDPR provides a great
new opportunity for an organisation to enhance its
information security practice from technical, governance,
and legal perspectives. It’s time to get proactive and
review all of your organisation’s activities where they
involve the collection, processing and storage of user data.
The Security Circle’s products and services can take your
business through every stage of the process to becoming
GDPR compliant. There is no doubt that with increasing
concerns about data breaches and cyber crime, the
new rules and standards for businesses holding data is
essential to restoring consumer trust and will set a new
benchmark in data handling.
The penalties for failing to comply with GDPR are severe - up to 4%
of annual global turnover or 20 million Euros, whichever is higher.
12. _12
Designed in conjunction with a US based team of
experts, Bowater’s approach to identity provides both
government and corporate organisations with secure
identity credentials that are extremely easy to use, but
exceptionally secure on all levels.
A good example of how we can apply our full technology
stack to provide a complete solution to a specific problem
is the work we have done for a US based organisation.
This customer needed a secure ID card that included both
physical and digital multi factor authentication:
• Enhanced Visual Security – using the
BowaterHologram™ - the world’s most secure hologram
in its enumerated form, provided as a complete overlay to
prevent tampering with the information on the card.
• Public data authentication – to enable the public to
verify the identity of the bearer easily and without
special technology using any smartphone barcode
scanner in additional to the hologram.
• Private data authentication – to enable officials to
access confidential information on the card without risk
to security or unauthorised access of the confidential
data.
The BowaterHolotronic®
Security Card
• Emergency medical information – accessible by
emergency medical technicians in the event of the bearer
being involved in an accident.
• Inter agency operability and authentication –
enabling agencies to trust the identity cards of members
from other agencies or organisations using the
BowaterHolotronic™ Security card. This is considered to
be a key function by our customer.
• Data and record management – to ensure that the
information on the card is accurate and up to date.
• Card management and replacement – to streamline the
process and ensure that it is robust, as well ensuring that
the cards are replaced regularly to ensure their security.
Having looked at the, market, the customer chose
Bowater as the only provider that could deliver on all of
its requirements. As well as benefitting from Bowater’s
full technology stack, the customer also asked us to
develop some additional and advanced ID Security
functions which must be kept confidential.
13. _13
Having launched its range of solutions in 2015, Bowater
has proven its technologies to be amongst the most
advanced and robust available.
The company’s core technology, the BowaterHologram™,
is the most advanced form of hologram available on the
market for several reasons:
1. It is at the point of publishing this document the only
commercially available real colour, 3D, volume hologram
available on the market.
2. When serialised, it is the only hologram commercially
available in industrial quantities that has unique serial
number embedded in the hologram at the point of
manufacture.
3. The equipment and know-how used to manufacture the
BowaterHologram™ was developed in secret and remains
a secret. We will not ever share, license to third parties or
make this knowledge commercially available.
When fully integrated with digital, mobile and other
technologies, the level of security which Bowater
customers enjoy is unparalleled.
As well as the Identity security market, where Bowater
has established itself with a number of high profile
customers, the combination of technologies deployable by
Bowater is attracting customers in areas such as:
Bowater
Authenticated
1. Qualification certificates – to counter the growing
problem of qualification, fraud that costs both money -
and in the case of medical qualification fraud - has cost
lives.
2. Education competence credentials – that combining
the security of the ID solution with the ability to track
and manage qualifications in industries where this is
increasingly important, such as aviation.
3. Tax stamps – to enable tax authorities to have greater
control over their tax stamp programmes with both
enhanced audit trails and our investigation apps.
4. Consumer Goods – to protect both brands and their
customers from the global drain on legitimate business of
counterfeiting and parallel trade.
5. Foods and Pharmaceuticals – to help brands comply
with new legislation and protect patients from the
massive problem of counterfeit drugs.
6. Ticketing – to add additional security to event ticketing
and reduce the risk of ticket touting, providing a safe
secondary ticket market.
In addition to the security element of the solutions,
Bowater’s solutions also provide additional value with
functions that include consumer engagement, track and
trace, inventory management, data capture and a growing
number of others.
14. _14
End-to-End Encrypted Speech, Messaging & File Sharing
The only App that protects from IMSI Catchers
& Man-in-the Middle Attacks
Smartphones are becoming increasingly subjected to
silent attacks. Users are unaware that their device has
been infected and no antivirus can detect these threats.
The Number 1 weakest security link for
businesses are mobile devices.
(CyberEdge Group)
Most organisations are unaware that the single biggest
threat to their network security now comes from
smartphones. SMS attacks, SMS fraud, identity theft and
the use of IMSI catchers are on the increase, providing
cyber criminals with ready access to personal and
business data.
With the growth in BYOD - employees using their
own mobile devices for work - and a lack of protection
on corporate supplied devices, businesses are highly
vulnerable to a data breach. Smartphone hacking
software is readily available online, allowing fraudsters
and hackers to unlock smartphone passwords, access
sensitive data and breach an organisation’s IT security.
VERJI SMC
Encrypts mobile communication and
protects against hacking attacks
The benefits of Verji are:
• Secure voice calls using SRTP end to end encryption
• Secure messaging using 256 AES end to end encryption
• Protection against SMS based attacks, including silent
SMS attacks
• Protection against attacks using Fake Cell Towers
• Buy as a hosted solution or have a dedicated in house server
• Easy to install and no training needed to use
• Can be branded with company logo
• Available for Android, IOS & Android compatible Blackberry
Winner at the European Cyber Security & Privacy
Innovation Awards for Best ICT Security Innovation 2014
Rosberg are proud to be a MobileIron Approved Partner
and the Verji SMC App can be deployed through the
MobileIron Platform.
15. _15
What
PassFort is the first company to develop Client Lifecycle
Management (CLM) software in the cloud that regulated
businesses of all sizes can use to automate, measure
& improve customer onboarding and risk assessment
processes. We empower compliance teams by enabling
them to spend less time information handling and more
time decision-making.
Why
Compliance analysts spend only 10% of their time on
Decision-Making and Analysis today. 75% of their time
is spent on Data Collection and 15% is spent on Data
Processing & Management.
That means a compliance officer is spending over 90% of
their working time on tasks that could be automated.
It also means that close to 90% of your people expenditure
generates little to no ROI. Time and money is being
wasted on a monumental scale. Businesses are left wholly
unprotected.
How
PassFort CLM combines two custom-built and proprietary
technologies to offer a solution to this problem.
PassFort
Client Lifecycle Management
Software in the Cloud
PassFort Engine allows businesses to automate the
Data Collection, Processing & Management of customer
onboarding. These pre-integrated building blocks are
supported by our unique stage-driven design and consist
of customisable verification, risk management and
decision-making stages.
PassFort Identity enables consistent and auditable
decision-making processes so that compliance teams can
handle exceptions, alerts and notifications generated by
the PassFort Engine. We’ve developed tooling to enable
compliance teams to effectively collaborate on customer
data and evidence why particular decisions have been
made.
Summary
PassFort CLM is designed to help businesses adopt
an “always on” compliance mindset. By automating
information handling and providing tooling to empower
compliance decision-makers, we enable businesses to
deliver better customer
experiences and grow.
16. _16
ZoneFox is a next generation software product that allows
customers to monitor all user interaction with critical
data stored on computer systems within their network.
Streamlining Your Security Processes
Enterprise-wide protection. 360° visibility.
All via one pane of glass.
ZoneFox takes a refreshingly different approach to
protecting your business-critical data. We follow it.
Zonefox tracks data movements within the organisation,
recording the actions performed against it, from someone
attaching it to an email, to copying to a USB stick. Zonefox
analyses these actions, monitors compliance to the
organisation’s security policy and related rules, and alerts
when policy breech occurs.
Comprehensive Insider Threat Detection & Behaviour
Analytics
ZoneFox combines an astonishingly lightweight agent on
your endpoints along with powerful analysis capabilities
- and then swiftly delivers robust security, total visibility
and the flexibility that your business needs, minus the
usual headaches.
ZoneFox
Monitor. Detect. Protect.
The next generation Insider Threat Detection Platform
ZoneFox helps prevent the insider threat by giving you all
the benefits you’d expect from a smart security solution:
• Helps protect your IP – priceless.
• Helps protect your customer data.
• Stay on the right side of the law as far as compliance
goes.
• You get out-of-the-box visibility – in other words, it’s
quick to set up and start monitoring.
• You can see what’s happening at a glance, from a single
pane of glass, 360°.
360° Visibility Around Key Information
• ZoneFox delivers detailed reporting capabilities so you
can see what’s going on with your business - critical data.
• It automatically detects when there’s risky behaviour
going on.
• Alerting you straight away via sms, email, or direct via
the interface - however you like it.
• You can see in real-time where your data is going, and
where it’s leaving from, so you can take decisions
around whether or not you need to take action.
• And if you want, you can see everything that’s
happening on an endpoint in the order it’s happening.
• Because Zonefox doesn’t capture content, you don’t run
the risk of violating privacy.
17. _17
Looking for the highest level of
security for your data while utilising
the fastest USB 3.0 speeds? The
iStorage diskAshur® military grade
secure portable hard drive with
real-time XTS-AES 256-bit hardware
encryption is the ultimate secure
data storage device with capacities of
up to 2TB.
The diskAshur is FIPS PUB 197
validated and seamlessly encrypts all
data on the drive in real-time using
100% hardware encryption, keeping
your data safe even if the hard drive
is removed from its enclosure.
Secure USB 3.0
Portable Hard
Drive
With real-time XTS-AES 256-bit
hardware encryption, software
free design and a super speed USB
3.0 connection, the perfect blend
of security, durability & speed.
No other secure flash drive can offer
you super-fast USB 3.0 speed, 100%
data protection, ease of use whenever,
wherever, on any USB device like the
ultra-secure datAshur Pro can!
With no software or drivers required,
the datAshur Pro’s advanced security
features include read-only access,
auto-lock, timeout lock and brute
force protection, delivering complete
data security and guaranteeing 100%
protection of your data at all times.
Super-Fast, Ultra
Secure USB 3.0
Flash Drive
PIN activated iStorage datAshur
Pro flash drive with built-in
military grade XTS-AES 256-bit
hardware encryption.
Looking for the highest level of
security for your data while utilising
the fastest USB 3.0 speeds? The
iStorage diskAshur DT® military
grade secure desktop hard drive with
real-time XTS-AES 256-bit hardware
encryption is the ultimate secure
data storage system with capacities
of up to 8TB.
The diskAshur DT is FIPS PUB 197
validated and seamlessly encrypts all
data on the drive in real-time using
100% hardware encryption, keeping
your data safe even if the hard drive
is removed from its enclosure.
Secure USB 3.0
Desktop Hard
Drive
The world’s first PIN operated
desktop hard drive with built-in
hardware encryption and
capacities of up to 8TB.
READY
NLNCSA Level 2
Pending CertIFcations
Certified Product
3.0
18. _18
Introduction:
The growing complexity of superyachts in this age of
the Internet of Things (IoT) means the industry is
relying more and more on Information Communication
and Technology (ICT) to optimise yacht performance
and operations. Vessels are being connected with
services provided from shore-side networks via the
internet to enable and improve essential maritime
operations such as navigation, propulsion, security and
communications. These systems are all vulnerable to
cyber attack, threatening the safety of the vessel and
crew and the security of the data belonging to the
superyacht and its owner.
Many owners and vessels are therefore vulnerable to
attack and will not have applied suitable rigour to
protect the confidentiality, integrity and availability of
their on-board systems and data.
The Threat is Real:
In 2013, the 65m yacht, White Rose of Drachs, was
steered off course, without the crew being aware,
whilst sailing from Monaco to Rhodes.
Superyacht
Cyber Security
Superyacht Cyber Vulnerabilities:
• Control systems attacked, disabling the yacht
• Navigation interference: ECDIS, GNSS, AIS
• Ransom demand after data encrypted
• Covert surveillance of communications
• Exposure of private photos or video
• All communications blocked
• Theft of personal data
• Attack from drone platform
Cyberprism Maritime provides a holistic range of bespoke
cyber services to protect maritime platforms from cyber
attack and ensure the confidentiality, integrity and
availability of critical information, data and systems.
We leverage an unparalleled expertise in maritime
security and cyber technologies to audit on-board systems
and identify threats, offer a remediating action plan to
remove vulnerabilities, and then deliver a unique
maritime cyber protection package (Yachtguard™ and
Marinaguard™) to protect and assure 24/7.
Our team is a unique blend of military maritime security
professionals and nationally renowned cyber and digital
forensic experts. We blend government level security
expertise with the nationally acclaimed technical output
of Warwick and Plymouth’s maritime cyber research
units.
