Cybersecurity Consulting.

Your IT security is our mission. And has been for more than 50 years.

Trustworthy advice from an equal partner.

Public and private organizations are facing the complex challenges of digitalization, regulatory changes and diffuse cyber-threats presenting ever-changing attack vectors. This requires a sound understanding of the risks and appropriate measures required to ensure resilience at all levels of an organization. The focus of regulation is shifting towards stricter specifications and requirements in the field of information security, not least due to NIS2, CRA and DORA. In order to anchor a rigorous cybersecurity architecture in your business processes, it is first and foremost necessary to have precise knowledge of the individual requirements. Resource-efficient yet secure strategies and concepts lay the groundwork for the economical and resilient implementation of measures that not only make your company compliant, but also truly secure.

We can help you! As a BSI-certified IT security service provider, we are committed to impartiality and have decades of experience in the design and integration of information security in various types of organizations.

ISMS implementation and consulting

We support you with the introduction and operation of your information security management system.

External ISO and DPO

We provide external information security or data protection officers for your organization.

Security concepts

We help you to develop holistic concepts for the secure architecture of existing systems and the integration of new systems.

Risk analysis

Full support in analyzing risks and planning appropriate measures.

Cloud security

Joint development of tailor-made, secure concepts for using the cloud, with a review of your current architecture.

Business continuity management

We support you in individually planning emergency management.

Security testing

We test the effectiveness of the measures you have taken to protect your systems with customized penetration tests.

Audit support

Assistance with the preparation and follow-up of audits and support during implementation.

Key Benefits.

Proven in the defense sector

Decades of experience in securing the highest levels of classified information for armed forces and the defense industry.

A holistic consulting approach

Individually tailored and context-based advice, taking all stakeholders into account.

Impartial advice

Our consultants focus on your individual requirements and are committed to providing impartial and product-independent advice.

BSI-certified IT security service provider

We enjoy the full confidence of the BSI and our services meet the highest quality and security requirements.

Use cases.

A high-tech global company and a financial services provider, fearing the consequences of a ransomware attack, asked for a risk analysis and ransomware concept. We created these, along with a backup concept, within a very short space of time.

A commercial company was seeking contracts in the public sector with possible access to classified information at level CONFIDENTIAL or higher, as well as inclusion in the German Federal Ministry for Economic Affairs’ security clearance program. We provided the company with comprehensive advice on all issues relating to the protection of classified information, including the creation of an individualized security concept.

Due to the IT security requirements of the German Federal Motor Transport Authority (KBA) for Internet-based vehicle registration (i-Kfz), our customer was under pressure to act. A penetration test carried out by us revealed technical and organizational weaknesses in the provision of the i-Kfz / MSADP procedure. These put approval by the KBA at risk and would at any rate have massively hindered the approval process. In an interdisciplinary project, the organizational deficiencies were cleared up by optimizing the ISMS and the technical implementation of security measures was initiated and monitored. This made complete fulfillment of the requirements possible, with the KBA approving the procedure in a short space of time.

As part of the deposit protection system of the private banking industry in Germany, the customer makes a significant contribution to maintaining the stability and strengthening the competitiveness of private banks and the financial center.

In order to meet the special requirements for information security in the banking industry, the client commissioned us to set up a certifiable information security management system (ISMS) for its complex organization. The ISO 27001 certification of a Europe-wide key procedure in 2017 and the IT baseline protection certificate for the entire information network in 2018 enable the client to demonstrate its expertise in information security management.

As the central IT service provider of a state administration, our client operates a heterogeneous IT landscape at four properties. In order to demonstrably ensure the confidentiality, integrity and availability of the entire IT infrastructure as well as the correct and reliable functioning of critical administrative processes, the customer must follow the standardized recommendations of the BSI.

To this end, we drew up an IT security concept and other necessary documentation for the two data centers as well as for the information and communication technology in the other properties.

As one of the largest insurance groups in the world, our customer has the highest information security requirements. A product for micro-segmentation of applications was introduced to protect the business-critical core applications.

We supported the client in setting up the segmentation solution and rolling out the technology across Europe. Starting with the technical implementation, we also developed concepts and processes for the onboarding of new applications, the future operating model and the training of users. Thanks to close cooperation with the customer and the manufacturer, the security of one of the customer’s most important applications was significantly increased within a very short time using microsegmentation.

As part of the continuous updating of the public client’s IT security concept and the associated review of security measures, annual penetration tests are carried out on the existing systems.

To this end, we used specially configured audit notebooks and a BSI-compliant procedure model for testing classified systems. The tools used included established standards such as passive scanners (e.g. NMAP) as well as active scans and system interventions (OpenVAS, Metasploit Framework and other tools). Close cooperation with the client and the system users and administrators, as well as our powerful test solution for classified systems, made it possible to confirm the security of the system.

News.

Interview in NITECH: The National Secure Cloud

As part of a strong consortium, the National Secure Cloud (NSC) is committed to ensuring the usability of cloud technologies up to the classification level DEU SECRET. Only technologies that…