Incident Management. Cyber forensics - without the guesswork.
All information needed for targeted troubleshooting available at any time
Reduced downtime and avoidance of error repetition
Audit- and compliance-compliant evidence and automatic audit-proof preservation of evidence
VISULOX puts IT operations and first responders back in control.
The crucial thing in resolving cyber incidents is that operations can be resumed quickly, the sources of the error can be clearly identified and measures can be taken to eliminate the cause of the error.
Clear facts instead of blame
VISULOX offers a completely new quality and standards for reliable information without wasting valuable time:
- Who was in the system and when?
- Which servers and applications were used?
- What data, patches, updates were applied and installed?
- Have there been any malicious login attempts?
- What services were available?
This structured information is the basis of a fact-based root cause analysis, which makes it possible to quickly and precisely identify and remedy the cause of the error.
For operations, this means that services are available again as quickly as possible. The management benefits from reliable information and evidence that can be used for reporting or to provide information to a cyber insurance company.
Creating transparency and maintaining an overview
As soon as the cyber crisis team has come together, the information gathering begins - the more the better, system is secondary for now. Or is it? The realisation will quickly set in that orderly information, a timeline and an overview of all affected systems are essential to clearing up the incident. That is why it is relevant:
- What happened?
- Why did it happen?
- Where and when did it happen?
VISULOX generates reports, provides indisputable information and offers insights into past administrative activities within the entire infrastructure. Among other things, you will learn immediately:
Learn,
- Which external users were active
- Whether data from outside has entered the network
- Which administrative commands were issued at database level
- and much more organisation-specific information
All this without discussion or second opinions. Reliable, reproducible and audit-proof.
Audit & REgulation. Out of the Box Conformity.
Compliance with regulations to avoid high fines
Protect reputation and maintain competitiveness
Act before it is too late and proactively meet future requirements
VISULOX is operational compliance. Cyber security is no longer a requirement but a strategic building block.
Cyber standards and minimum legal requirements are increasingly being incorporated into annual audits and inspections across industries. Catalogues of measures are increasingly a prerequisite for establishing business relationships or taking out insurance policies.
DIN EN ISO 27001
The certification of an information security management system (ISMS) requires a consistent access control concept. Provided that the management system functions without restrictions in the context of the first 10 chapters of the standard, the specifications must be implemented technically.
VISULOX is compliant with at least all measure requirements of ISO 27001, related to Annex 9 - Access Control:
Annex A.9.1 deals with business requirements for access control. The objective of this Annex A control is to limit access to information and information processing facilities.
AppendixA.9.2 deals with user access management. The objective of this Annex A control is to ensure that users are authorised to access systems and services and to prevent unauthorised access.
Appendix A.9.3 deals with user responsibilities. The objective of this Annex A control is to make users responsible for protecting their authentication data.
Annex A.9.4 deals with access control to systems and applications. The objective of this Annex A control is to prevent unauthorised access to systems and applications.
The entire Annex A.9 is probably the most discussed requirement in the entire catalogue of measures. We claim it is also the most important. The whole concept of building an ISMS is based on the fact that the right people have access to the right information at the right time and that non-authorised people are prevented from not being able to obtain exactly this.
Who did what when where - Answer it.
Contact us for a complete and detailed mapping of all ISO 27001: 2013 controls VISULOX supports and complies with.
For an update on the revision of ISO 27002:2022 and how to meet the new measure requirements READ HERE
General Data Protection Regulation
Secure personal data in accordance with the European General Data Protection Regulation
- Control who had access to personal data, when, where and, above all, why
- Proactive design of authorisations and the protection of personal data through unavoidable access control and complete documentation of all access attempts
- Traceable documentation of the deletion process in accordance with Art. 17 DGSVO
NIST Cyber Security Framework
The implementation of the Cyber Security Framework of the National Institute of Standards and Technology within the domain PROTECT requires that a fully comprehensive concept, consisting of a multitude of individual measures, is implemented around identity and access control. In addition, there are dedicated IT access control requirements in the IDENTIFY, RESPONSE and RECOVERY domains.
VISULOX is compliant with all relevant NIST CSF measure requirements and supports the technical implementation of the controls:
Identify (ID) | ID.SC Supply Chain Risk Management |
Protect (PR) | PR.AC Identity Management, Authentication and Access Control |
Protect (PR) | PR.DS Data Security |
Protect (PR) | PR.IP Information Protection Processes and Procedures |
Protect (PR) | PR.PT Protective Technology |
Indentify (ID) | ID.SC Supply Chain Risk Management |
Detect (EN) | DE.AE Anomalies and Event |
Detect (EN) | DE.DP Detection Processes |
Response (RS) | RS.AN Analysis |
Response (RS) | RS.MI Mitigation |
Recovery (RC) | RC.RP Recovery Planning |
Identity and access management is the foundation of cybersecurity. Put simply, the NIST CSF, with its focus on fundamental and applied research and standards, seeks to ensure that the right people and systems have the right access to the right resources at the right time.
Contact us for a complete and detailed mapping of all NIST CSF controls that VISULOX supports and fulfils.
SSC PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) aims to protect access to personal information of credit card holders and their payment data.
VISULOX is compliant with all relevant of the 12 requirements of the PCI DSS and supports the technical implementation of the required measures:
- Do not use default values for system passwords and other security parameters specified by the manufacturer (requirement 2)
- Protect stored cardholder data (requirement 3)
- Develop and maintain secure systems and applications
(Requirement 6) - Restrict access to cardholder data according to the "knowledge required" criterion (requirement 7)
- Assign a unique ID to each person with computer access (requirement 8)
- Track and monitor all access to network resources and cardholder data (requirement 10)
Contact us for a detailed mapping of the PCI DSS controls that VISULOX supports and complies with.
TEleArwork. Flexible, secure and scalable.
Separation of the safety zones up to the application level
GDPR compliant meeting sharing and collaboration
No changes at client or application server level - simple and quick to implement
VISULOX is a comprehensive application sharing solution. Everything as usual, but professional, secure and safe.
Support The sharing of screen contents and applications is a standard part of everyday work in IT and collaboration, as is temporary work from home or externally. There is no doubt that this progress has advantages that have a positive impact on the quality of work and the employee's environment. Nevertheless, with privileges also come potential risks.
Home Office Security for privileged users and admins
Securing the corporate network is critical to secure remote working, especially with the increased risks that come with using VPN, cloudspaces and teamwork tools.
Rolling out critical patches, processing IT tickets or rebooting virtual servers from the home office - undocumented, without a false bottom as a function account from outside? Users with high authorisations and far-reaching powers, such as database administrators, PowerUsers or SysAdmins, also have external access to functions that may be critical for the entire IT infrastructure and communication technology.
VISULOX offers a VPN-free and secure working environment in which even privileged users can move without worry. Without agents on servers or modifications to the client.
We find a consensus for employers and employees between a verifiable and controlled working environment and mandatory freedoms required in the field of IT administration.
Documented and secure access from anywhere - without VPN
Apart from creating security awareness among home workers, the employer has little influence despite all this and must assume that IT security in the home office is fundamentally inadequate.
Private home networks are usually poorly secured, while in this home environment, organisation-internal login credentials are used to access the company's IT infrastructure.
VISULOX offers all the advantages of proven application sharing and remote access, but also unique security benefits:
- Voluntary or mandatory recording of user activities
- Control over import and export of files and information
- Withdrawal of Copy & Paste functions
- Easy interactive cooperation of several users in one session
- Simultaneous addressing of multiple hosts
- Determination of permitted login times and geo-locations
- Flexible Multi Factor Authentication
Don't worry about individual VPN connections or collaboration tools. Simply provide your employees with their familiar environment - securely, flexibly and cost-effectively.