Enterprise Division

Enterprise

Innovative technologies and advanced services for your complete cyber risk management

The Enterprise division offers technologies and services for all companies that have more advanced security requirements and which, as a rule, have an internal cyber security structure that independently manages the technologies purchased under license

Companies or even Industry groups that are increasingly targeted by malicious attacks, need additional insights to constantly monitor exposed surfaces and, to identify and fix vulnerabilities before they are exploited.

The Cybersel approach is to customise a package of technologies and skills to match any specific requirement. These packages can be deployed in two ways:

LICENSES
Customers can purchase licences for the required technology and chose to independently manage usage and outcomes with periodic support designed to encourage adoption of tools.
CSM Customer Success Management
Customers, whilst still the purchaser of technology licences will have enhanced support from the Cybersel Customer Success Management Team. This team of experts serve as an extension to internal resources to maximise the return on investment.

Technology Partners

Use Cases

BitSight

Security Performance Management

A large French utility decided to undertake a corporate objective measurement of its cyber risk and of all subsidiaries. It divided its organization into Business Units and Operational Units with a main focus on diligence, analysis and research of all infections on its end-points. The result was to reduce its Cyber ​​risk from a risk rating of 580 points to over 700.

Third Part Risk Management for EBA

The rules dictated by the European Banking Authority require Banks and all financial organizations (Fintechs) to carry out their own risk analysis including the Cyber ​​risk for critical suppliers or for full outsources. These rules provide for a series of checks and assessments designed to determine the bank's overall risk. The BitSight solution is used to assess, analyze, control and manage the risk reduction of cyber relevant suppliers and to undertake serious risk mitigation.

Process Unity

As part of the supplier risk assessment processes, the need arose to structure, automate, manage and control the entire flow of operations in order to assess all aspects of risk and compliance.
The main challenges were to follow an operational flow as closely as possible to the business processes without upsetting them and to obtain results in terms of efficiency and measurement.

Given the large number of suppliers to be analyzed, it was necessary to structure and customize all the questionnaires relating to Assessment and Due Diligence, to manage the documentation centrally and above all to obtain an immediate and certain result from the risk measurements. The old systems based on Excel sheets and emails were no longer usable given the large number of suppliers and their different nature.
The process must be a continuous cycle and therefore all the work must be automated through the system, the data collected must be analyzed globally and then carry out the assessment of the overall risk.

The challenges were overcome with the use of Process Unity, a platform that made it possible to manage the entire life cycle of suppliers with Assessments of various kinds, but above all to optimize times and reduce workloads on the various teams: Procurement , Risk and IT Security.

Cymulate

As part of its change processes, the need to validate the effective robustness and validity of the policies of some core services of its infrastructure has emerged:

Web Filtering
Waf
Email
End Points
Browsing of server domains
Potential immediate vulnerabilities (eg new payloads etc...)

To do this, we constantly need to simulate attacks on these systems without service interruption, but above all trying to remain within the scope of compliance and managed or known risks. Cymulate allows you to analyze and review your risks according to new configuration patterns of the perimeter and protection systems, together with the robustness of the end-points and all the systems connected to it. Furthermore, in the context of the GDPR, it is able to verify whether users can export data from the company through the most popular channels (e-mail, https, ftp or other) in order to prevent voluntary / involuntary data breaches.