SECURITY

Atlantica Digital supports and takes care of companies and individuals, private and public, in the identification, definition and implementation of their security strategies. Atlantica Digital uses a consultative approach oriented to the real and primary needs of the company business, designing and implementing Information Security solutions through the adoption of the most innovative technologies on the market, integrating the technological component with specific methodological skills.

In this scenario, Atlantica Digital presents itself to the market as a qualified partner capable of providing value in all phases of the cybersecurity management process, responding to the security and compliance needs of companies in all sectors.

Atlantica Digital addresses the market with an integrated approach to manage the problems of logical data and infrastructure security, offering solutions and services for:

Governance & Risk Assessment

The growing threats to the security of IT systems and the continuous introduction of new regulations to protect the data processed within their business require organizations to implement specific programs dedicated to information security. Any organization, public or private, must have a solid Governance Risk & Compliance strategy to align its IT activities with its business objectives, manage risks effectively and keep up with the compliance required by the main national and international regulations.

Atlantica Digital supports companies from the evaluation phase of the “state of health” of information security to the definition and implementation of the most appropriate risk mitigation strategies. Referring to the main standards and management models, Atlantica Digital provides a consulting activity and approach that, starting from strategic planning, includes implementation, control and remediation phases.

The activities are organized according to different procedural steps.

Assessment: support in the review of the existing corporate regulatory system

Gap Analysis: identification of possible areas for improvement

Remediation Plan: proposal of the adaptation actions necessary to increase the level of maturity in security “governance”.

Endpoint Protection & EDR

Cyber ​​threats: phishing, trojans, worms, ransomware, malware, etc. are increasingly multi-layered, diversified and complex to detect and block. The corporate endpoint is the prime target of these attacks that penetrate the corporate network, operate in the background and remain dormant before activating their malicious activities. Endpoint Protection solutions play a fundamental role in protecting corporate data and IT assets, providing multi-level security and helping to reduce the proliferation of threats within the network. Companies must adopt proactive and innovative solutions that not only detect these attacks immediately, but react effectively through an automatic remediation capability. Atlantica Digital offers the best Next Generation Antivirus (NGAV) and Endpoint Detection and Response (EDR) technologies that are essential tools to respond to these increasingly sophisticated threats. Endpoint Detection and Response Software provides complete visibility across all corporate endpoints, enabling the automation of routine tasks to detect advanced threats, prioritize them, analyze and neutralize them.

Atlantica uses CyberReason and Eset as EDR and Endpoint Protection tools for managing and controlling endpoints.

OT & IoT Device Protection

The fields of applicability of “intelligent” OT & IoT devices are many: from industrial applications, production processes, to logistics, energy efficiency, remote assistance, healthcare. Industrial infrastructures contain OT devices that are critical and high risk.

According to the most conservative estimates, these devices will reach the number of 50 billion units by 2021, permeating every aspect of our society. The consequence of the introduction of the IoT will be the extension to the world of production and services of the status of always-on, fully connected, always. Above all, this will mean always being connected with the outside world, therefore necessarily exposed to greater risks. In the design phase of these devices, no safety component was normally introduced. Since every IoT device has an IP address, many are connected to the Internet and therefore potentially remotely attackable.

Atlantica Digital offers protection tools for OT and IoT systems capable of identifying anomalous behavior based on the analysis of the traffic generated, isolating compromised devices and protecting all systems from compromise attempts from other parties, significantly reducing the attack surface.

Unlike devices such as laptops, smartphones and servers, IoT and OT devices in fact have dedicated operating systems designed to optimize consumption and performance. Endpoint security systems are not applicable, which are based on the installation of agents inside the device.

Atlantica Digital and NanoLock Security, market leader in ironclad protection for smartmeters, IoT and connected edge devices, have signed a commercial partnership to offer a new security service dedicated to the protection of tens of millions of smart meters and connected devices for the main utilities and industries in Italy and Europe.

Vulnerability Code

Attacks that exploit application vulnerabilities that cannot be identified in any way are ever increasing except by using specific software control and analysis tools. Atlantica Digital offers application code security control solutions that verify, control and mitigate the application vulnerabilities present in the code of any software, web and mobile application, supporting all the most popular development languages ​​and frameworks and implementing security rules recognized as standards by international security organizations. The security check of the application code can be implemented in different ways and at different times. The software adopted by Atlantica Digital allow security checks from the development stage rather than at the time of testing, when the application has been released and must be certified with respect to functionality, performance and safety.

In the development phase, any code block can be subjected to security scans, without the need for compilation, in the testing phase, the security checks are performed through attempts to attack the executable code to verify its vulnerability. If it were possible to check only in the last phase, any correction of the vulnerabilities detected would have a high cost and would produce significant delays in the release. With the control system being developed, companies can create applications that are as performing and functional as they are safe in certain times, saving time and resources.

 

The solution offered by Atlantica for checking the vulnerability code is Checkmarx.

.

IT Vulnerability Assessment & Penetration Testing

Atlantica Digital offers Vulnerability Assessment and Penetration Testing services that allow its customers (public or private) to detect the vulnerabilities of their information system and carry out the necessary remediation activities.

The services offered by Atlantica Digital allow to validate the current systems, procedures and security investments that a company has put in place to protect its business, allowing to highlight where these are already effective and well structured and where there are real lack or absence of consistency with the company’s safety system; with the aim of ensuring the highest level of detection and prevention of IT security incidents.

Since the entire IT structure of a company changes continuously to enable the pursuit of the company business, the control and validation system of the protection systems underlying the company security must be equally continuous. In order to ensure the timely detection and resolution of vulnerabilities, a continuous analysis and validation model is recommended, extended to the entire corporate and cyclical information system, which allows for continuous monitoring and improvement.

 

 

 

 

Vulnerability Assessment

The Vulnerability Assessment is a prevention activity that is based on the non-intrusive research of the vulnerabilities present on systems and devices of a corporate network: both on classic server infrastructures and software applications, but also on mobile, cloud and industrial control.

Atlantica Digital’s Vulnerability Assessment service allows you to verify the presence of vulnerabilities that can represent a serious security risk.

The services offered by Atlantica Digital use automatic tools and tools that are able to continuously detect, record and monitor the presence of vulnerabilities – induced for example by the lack of software updates, by incorrect configurations, by the presence of non-essential services or by bugs in software development – quantify and prioritize vulnerabilities and identify actions to eliminate or mitigate the vulnerability in order to make their exploitation ineffective for an attacker.

The result of the VA therefore allows to establish those mitigation actions that solve or minimize the risks caused by the vulnerabilities discovered and allows to evaluate the general level of security by producing reports that can be presented to the Customer with different levels of detail based on the type of interlocutor.

 

Penetration Test

Atlantica Digital offers Penetration Test services that aim to validate, verify and prioritize the vulnerabilities identified on the corporate target systems. Through an agent-less solution, the most advanced hacker attacks are performed automatically and continuously on the corporate network, automating the discovery of vulnerabilities and executing real ethical exploits on them. In this way, false positives are cleared as vulnerabilities are validated through the execution of real exploits. The company is in fact placed under a real ‘controlled attack’ to bring out the target objectives that a true attacker could achieve and the damage: system compromise, data exfiltration, etc. that it could cause. The company being analyzed concretely understands what its current security posture is, where vulnerabilities to be solved have emerged and at what level to intervene. These tools allow you to perform penetration testing on the entire company network, without special technical skills and at any time with a simple click of the mouse. At the end of the activity, a detailed technical report is produced with the attack procedures performed, the results obtained and the remediation to be applied. The results of the analyzes will be visible only to authorized personnel within the company – without the risk of information leaks to the outside – who will thus be able to immediately implement all the appropriate remediation measures that have emerged.

 

Atlantica Digital uses and offers Qualys as a Vulnerability Assessment solution and PenTera by Pcysys software as a continuous and consistent automated penetration testing tool on the corporate network.

 

Identity Governance

The protection of corporate information and applications can be guaranteed through secure and reliable identity control and access management systems.

The Identity Access Management and Governance Management solutions allow for complete identity management and governance as well as the simplification of user access request processes to corporate resources and also to perform risk analysis and certification.

Atlantica Digital has adopted a framework capable of determining and controlling how identity information is used, stored and propagated within (IT and business) and outside the organization (suppliers, customers).

The results that can be obtained through this type of solutions are greater safety, operability and a reduction in costs.

With the introduction of BYOD (Bring Your Own Device) policies, the growing use of cloud services and the growing sophistication of systems for credential stealing operations, the adoption of Identity Access Management systems is now essential to increase the level of security and effectively oppose data theft thus protecting your company.

For Identity Governance and Identity Access Management, the solution offered by Atlantica digital are Sailpoint and Oracle.

SIEM

Atlantica Digital offers SIEM solutions: Security Information and Event Management capable of acquiring and processing event data from thousands of different sources, in real time, offering the proactive detection of any malicious or anomalous events that are harmful to normal business activities. Within the IT infrastructure of a company there are more and more devices. To better manage them and have full visibility of the events associated with them, it is necessary to use SIEM solutions, which aggregate significant data from multiple sources, to then identify deviations or anomalies from the norm and activate appropriate remediation actions.

In the case of well-structured realities and with multiple security technologies that are not integrated with each other, SOC / SOAR systems are used, which introduce a high level of automation helping and supporting the security team thus guaranteeing the highest level of protection from threats.

By meeting continuous monitoring requirements, it provides comprehensive compliance reporting functions to meet or exceed current regulatory requirements.

 

Atlantica Digital proposes the IBM Qradar solution as SIEM architecture.

Data Security: Data Encryption & Data Masking solution

The encryption and data masking solutions offered by Atlantica Digital are one of the most important technological pillars to guarantee Data Security.

To date, the most important assets held by companies – regardless of the sector in which they operate, their level and their size – are the data that they acquire, manage and keep on a daily basis.

The most recurring element linked to cyber risk, which is increasingly cited in international reports, is the Data Breach, or data leak, in which the threat element defined as Insider Threat is one of the main factors.

To prevent data loss, we propose the use of Data Loss Prevention (DLP) systems to ensure total data protection against all threats, both those arriving from within and those arriving from outside the organization.

DLP solutions include secure file sharing activities using cloud-based file-sharing, data encryption for integrity protection, Mobile Device Management to secure company-provided mobile devices, and Role-Based Access Control for control of access to resources and allow it only to authorized users.

 

Atlantica Digital proposes and offers Micro focus and Thales products as Data encryption and Data masking solutions.

Security Education & Awareness

Among the new solutions to protect company data, outside the purely technological context, is certainly an accurate information security awareness program for the business user.

A proprietary Security Access and Monitoring Management (SAM) product is added to this portfolio of services and products, which allows compliance with one of the new principles and requirements introduced by the GDPR: accountability.

   

The reference frameworks from which Atlantica is inspired and offers its customers in the provision of services, are all internationally recognized standards and adopted as guides also by national and supranational authorities (AgID or ENISA):

  • ISO / IEC 27001: 2013 is the standard that defines the requirements for establishing, implementing, and maintaining an information security management system.
  • ISO / IEC 27701: 2019 are the Standard Guidelines that define the requirements for implementing a management system for the security of personal data and that integrates with the GDPR, because it collects the needs and the spirit of protecting the rights of data subjects in a Security and Data Protection perspective.

The solutions described above allow organizations to adapt to national and supranational obligations, such as:
The NIS Directive: published by the EU in 2018 which establishes the obligation for each Member State to adopt a national cyber security strategy.
The now “famous” GDPR (EU 679/2016): European citizen data protection regulation, mandatory for companies and organizations that collect and manage personal data in Europe.