Data breaches are happening constantly and the attack surface is expanding. It is vital that companies know how to protect themselves effectively against the increasing number of malware, ransomware and phishing threats.
Digital transformation and mobility, generated by the development of tele-working, are giving rise to new risks that expose companies across all sectors to new, increasingly frequent and aggressive threats. Data security is therefore becoming a major issue for companies, and cybersecurity is one of the most important challenges they now face.
In order to protect their facilities against malware, spyware or viruses, companies rely on experts to advise them, identify risks and vulnerabilities, help them strengthen their systems and defend themselves against cyber attacks.
A Global Expertise
To increase the security of your networks, Sonema will help you define, implement and monitor compliance of a global security policy for your IT system.
From prevention and detection to response, Sonema has designed managed service packages that protect your business from cyber attacks and malware, and also ensure the authentication, confidentiality, integrity and non-disclosure of your system information.
Sonema provides support for your global cyber resilience strategy.
Get our Free White Paper on Security!
This white paper aims to describe the various threats companies are exposed to, and describe the main technical and organisational solutions to set up.
- Resilient, secure and highly-available facilities
- Equipment set-up and management, incident management by certified experts
- Support to understand vulnerabilities and remediation processes
- Solutions tailored to meet business needs and applications
- Partnerships with industry-leading security technologies|
Management tailored to your requirements
- Management of customer equipment
- Managed services from our datacentre
Discover our Security Services
Network Access Control
Manage your users’ access permissions to improve your cyber resilience.
Enhance your security with advanced privileged account management.
Secure identity and access rights management solutions for your network.
Monitor your level of protection by carrying out intrusion tests on your Information System (IS) and networks.
Audit & Consulting
Risk assessment and support from our experts to implement your security policy.
A complete range of solutions designed to protect you against cyberattacks and advanced network threats.
Advanced and powerful protection against spam and malicious programs targeting your mailbox.
Frequently Asked Questions
What does cyber security mean?
What is a Sandbox?
What is a firewall?
What is a WAF?
What is a DDoS attack?
What is the PCI DSS?
What is a VPN (Virtual Private Network)?
Multiple tunnelling protocols can be used including SSL/TLs and IPSec.
What does IPSec mean?
IPSec is also used to establish VPN links as it can securely connect 2 IT systems using an existing network.
What does SSL mean?
a Private Key and a Public Key. These keys work together to create a secure channel of communication between a customer and a server downstream of an authentication step. The SSL encryption ensures that important data like user names, passwords etc sent by the user to the server remain private and integral.
What does TLS mean?
TLS and SSL are not interoperable but TLS offers upward compatibility for older machines which are still using SSL.
The TLS protocol specifications take place on 2 levels:
- The TLS Record Protocol which ensures that the connection is private
- The TLS Handshake Protocol which allows authentication between the server and customer and the negotiation of cryptographic keys before the application protocol transmits any data.
What is strong authentication?
Strong authentication therefore combines several authentication strategies including:
- Something You Know – includes passwords and phrases
- Something You Have – includes smart cards and token devices
- Something You Are – includes fingerprints and retina scans
This information is then linked to an identity and access management solution which is in turn linked to the company’s directory or a metadirectory which references all the base users and their rights.
What does SSO mean?
SSO eliminates the need for users to remember and manage several different sets of login credentials or passwords.
However, by grouping a user’s authentication credentials, SSO increases the value and amount of data which may be breached in the event of the password being stolen.
What is penetration testing?
It consists of testing the security of a computer network infrastructure by simulating an attack by a malicious user or even malware. The tester assumes the role of the potential attacker (hacker). The aim is to find exploitable flaws and vulnerabilities and to define an action plan to improve the security of the information system.
What are the different approaches to penetration testing?
Grey Box Testing: the tester attempts to break into the information system with a limited amount of information. This makes it possible to verify the flaws in a system by posing either as a company employee with internal access, or as the starting point for a hacker who has succeeded in obtaining an employee’s credentials
White Box Testing: This method offers the tester the possibility of detecting a maximum number of security flaws. By having access to all the desired information, the pentester is then able to inspect the system from top to bottom and reach a stage that might not have been reached with a different method. In this case the tester works closely with the company’s technical teams.
What does SOC mean?
What is Ransomware?
What is a Botnet?
What is Phishing?
What is a Vulnerability?
What is a Digital Identity?
What is an ISP?
The process for defining this policy is based on a risk analysis of the IT system security.
Once it has been validated by the organisation’s IT security team, the ISP must be given to all those concerned by the IT system (users, operators, sub-contractors, providers etc.) It acts as a communication tool for the organisation and its ISP responsibilities, plus the resources available to prevent against risks.
What is ISO 27001?
What is a CISO?
The CISO is usually responsible for handling IT risk management for the company. They draw up action plans and recommendations for network and system security, physical security, informing users about security risks and establishing an action plan for business continuity in the event of an incident. The CISO must also help establish and implement a security policy with a focus on continuous improvement and performance assessment. Accordingly, they also oversee the creation of an ISP within the company.