Data at the Heart of Business
Information Systems (IS) are at the heart of business procedures. Used in all professions and networks, they are constantly evolving to assimilate and treat ever-increasing amounts of sensitive data each day.
At high risk of malicious attacks from organisations and individuals using software available on the Internet, IS now need to push past their traditional boundaries and expand the perimeter to protect when it comes to fighting external threats.
From threat management to IT risk prevention, IS protection is a key issue. It’s no longer a case of if will you be attacked, instead it’s when will you be attacked? So, in addition to preventing attacks, we also need to ensure service continuity and business recovery after an attack.
To take advantage of specialised solutions, businesses can work with external companies who offer managed services. They will define and implement risk analysis procedures and a cyber-security strategy.
A Global Expertise
Sonema offers a global approach to security for IT systems and networks and ensures continuity of service and asset protection for its clients. As telecommunication networks provide support for IT facilities, it is vital to protect client data, traffic and applications.
Within our support framework, Sonema will help you to define, implement and check the compliancy of your global IT security systems policy. This analysis allows us to identify any weaknesses in the architecture.
Additionally, Sonema has created a managed service offer, which aims to protect businesses from cyber-attacks and malicious software using the latest threat prevention technologies.
Sonema will help you define your global cyber defence strategy and will protect your networks, applications and data.
Get our Free White Paper on Security!
This white paper aims to describe the various threats companies are exposed to, and describe the main technical and organisational solutions to set up.
- Robust secure facilities offering high availability
- Equipment management and set-up, incident management carried out by certified experts
- Tailored solutions for business applications
- Partnership with market leaders in security technology
Management tailored to your requirements
- Management of customer equipment
- Managed services hosted at our datacentre
Discover our Security Services
Enhance your security with advanced privileged account management.
Secure identity and access rights management solutions for your network.
Monitor your level of protection by carrying out intrusion tests on your Information System (IS) and networks.
Audit & Consulting
Risk assessment and support from our experts to implement your security policy.
A complete range of solutions designed to protect you against cyberattacks and advanced network threats.
Advanced and powerful protection against spam and malicious programs targeting your mailbox.
Frequently Asked Questions
What does cyber security mean?
What is a Sandbox?
What is a firewall?
What is a WAF?
What is a DDoS attack?
What is the PCI DSS?
What is a VPN (Virtual Private Network)?
Multiple tunnelling protocols can be used including SSL/TLs and IPSec.
What does IPSec mean?
IPSec is also used to establish VPN links as it can securely connect 2 IT systems using an existing network.
What does SSL mean?
a Private Key and a Public Key. These keys work together to create a secure channel of communication between a customer and a server downstream of an authentication step. The SSL encryption ensures that important data like user names, passwords etc sent by the user to the server remain private and integral.
What does TLS mean?
TLS and SSL are not interoperable but TLS offers upward compatibility for older machines which are still using SSL.
The TLS protocol specifications take place on 2 levels:
- The TLS Record Protocol which ensures that the connection is private
- The TLS Handshake Protocol which allows authentication between the server and customer and the negotiation of cryptographic keys before the application protocol transmits any data.
What is strong authentication?
Strong authentication therefore combines several authentication strategies including:
- Something You Know – includes passwords and phrases
- Something You Have – includes smart cards and token devices
- Something You Are – includes fingerprints and retina scans
This information is then linked to an identity and access management solution which is in turn linked to the company’s directory or a metadirectory which references all the base users and their rights.
What does SSO mean?
SSO eliminates the need for users to remember and manage several different sets of login credentials or passwords.
However, by grouping a user’s authentication credentials, SSO increases the value and amount of data which may be breached in the event of the password being stolen.
What is penetration testing?
It consists of testing the security of a computer network infrastructure by simulating an attack by a malicious user or even malware. The tester assumes the role of the potential attacker (hacker). The aim is to find exploitable flaws and vulnerabilities and to define an action plan to improve the security of the information system.
What are the different approaches to penetration testing?
Grey Box Testing: the tester attempts to break into the information system with a limited amount of information. This makes it possible to verify the flaws in a system by posing either as a company employee with internal access, or as the starting point for a hacker who has succeeded in obtaining an employee’s credentials
White Box Testing: This method offers the tester the possibility of detecting a maximum number of security flaws. By having access to all the desired information, the pentester is then able to inspect the system from top to bottom and reach a stage that might not have been reached with a different method. In this case the tester works closely with the company’s technical teams.
What does SOC mean?
What is Ransomware?
What is a Botnet?
What is Phishing?
What is a Vulnerability?
What is a Digital Identity?
What is an ISP?
The process for defining this policy is based on a risk analysis of the IT system security.
Once it has been validated by the organisation’s IT security team, the ISP must be given to all those concerned by the IT system (users, operators, sub-contractors, providers etc.) It acts as a communication tool for the organisation and its ISP responsibilities, plus the resources available to prevent against risks.
What is ISO 27001?
What is a CISO?
The CISO is usually responsible for handling IT risk management for the company. They draw up action plans and recommendations for network and system security, physical security, informing users about security risks and establishing an action plan for business continuity in the event of an incident. The CISO must also help establish and implement a security policy with a focus on continuous improvement and performance assessment. Accordingly, they also oversee the creation of an ISP within the company.