VISULOX offers a completely new quality and standards for reliable information without wasting valuable time:

• Who was in the system and when?
• Which servers and applications were used?
• What data, patches, updates were applied and installed?
• Have there been any malicious login attempts?
• What services were available?

This structured information is the basis of a fact-based root cause analysis, which makes it possible to quickly and precisely identify and remedy the cause of the error.

For operations, this means that services are available again as quickly as possible. The management benefits from reliable information and evidence that can be used for reporting or to provide information to a cyber insurance company.

As soon as the cyber crisis team has come together, the information gathering begins - the more the better, system is secondary for now. Or is it? The realisation will quickly set in that orderly information, a timeline and an overview of all affected systems are essential to clearing up the incident. That is why it is relevant:

• What happened?
• Why did it happen?
• Where and when did it happen?

VISULOX generates reports, provides indisputable information and offers insights into past administrative activities within the entire infrastructure. Among other things, you will learn immediately:

Learn,

• Which external users were active
• Whether data from outside has entered the network
• Which administrative commands were issued at database level
• and much more organisation-specific information

All this without discussion or second opinions. Reliable, reproducible and audit-proof.

The certification of an information security management system (ISMS) requires a consistent access control concept. Provided that the management system functions without restrictions in the context of the first 10 chapters of the standard, the specifications must be implemented technically.

VISULOX is compliant with at least all measure requirements of ISO 27001, related to Annex 9 - Access Control:

Annex A.9.1 deals with business requirements for access control. The objective of this Annex A control is to limit access to information and information processing facilities.

AppendixA.9.2 deals with user access management. The objective of this Annex A control is to ensure that users are authorised to access systems and services and to prevent unauthorised access.

Appendix A.9.3 deals with user responsibilities. The objective of this Annex A control is to make users responsible for protecting their authentication data.

Annex A.9.4 deals with access control to systems and applications. The objective of this Annex A control is to prevent unauthorised access to systems and applications.

The entire Annex A.9 is probably the most discussed requirement in the entire catalogue of measures. We claim it is also the most important. The whole concept of building an ISMS is based on the fact that the right people have access to the right information at the right time and that non-authorised people are prevented from not being able to obtain exactly this.

Who did what when where - Answer it.

Contact us for a complete and detailed mapping of all ISO 27001: 2013 controls VISULOX supports and complies with.

For an update on the revision of ISO 27002:2022 and how to meet the new measure requirements READ HERE

• Secure personal data in accordance with the European General Data Protection Regulation
• Control who had access to personal data, when, where and, above all, why
• Proactive design of authorisations and the protection of personal data through unavoidable access control and complete documentation of all access attempts
• Traceable documentation of the deletion process in accordance with Art. 17 DGSVO

The implementation of the Cyber Security Framework of the National Institute of Standards and Technology within the domain PROTECT requires that a fully comprehensive concept, consisting of a multitude of individual measures, is implemented around identity and access control. In addition, there are dedicated IT access control requirements in the IDENTIFY, RESPONSE and RECOVERY domains.

VISULOX is compliant with all relevant NIST CSF measure requirements and supports the technical implementation of the controls:

Identity and access management is the foundation of cybersecurity. Put simply, the NIST CSF, with its focus on fundamental and applied research and standards, seeks to ensure that the right people and systems have the right access to the right resources at the right time.

Contact us for a complete and detailed mapping of all NIST CSF controls that VISULOX supports and fulfils.

The Payment Card Industry Data Security Standard (PCI DSS) aims to protect access to personal information of credit card holders and their payment data.

VISULOX is compliant with all relevant of the 12 requirements of the PCI DSS and supports the technical implementation of the required measures:

• Do not use default values for system passwords and other security parameters specified by the manufacturer (requirement 2)
• Protect stored cardholder data (requirement 3)
• Develop and maintain secure systems and applications
  (Requirement 6)
• Restrict access to cardholder data according to the "knowledge required" criterion (requirement 7)
• Assign a unique ID to each person with computer access (requirement 8)
• Track and monitor all access to network resources and cardholder data (requirement 10)

Contact us for a detailed mapping of the PCI DSS controls that VISULOX supports and complies with.

Securing the corporate network is critical to secure remote working, especially with the increased risks that come with using VPN, cloudspaces and teamwork tools.

Rolling out critical patches, processing IT tickets or rebooting virtual servers from the home office - undocumented, without a false bottom as a function account from outside? Users with high authorisations and far-reaching powers, such as database administrators, PowerUsers or SysAdmins, also have external access to functions that may be critical for the entire IT infrastructure and communication technology.

VISULOX offers a VPN-free and secure working environment in which even privileged users can move without worry. Without agents on servers or modifications to the client.

We find a consensus for employers and employees between a verifiable and controlled working environment and mandatory freedoms required in the field of IT administration.

Apart from creating security awareness among home workers, the employer has little influence despite all this and must assume that IT security in the home office is fundamentally inadequate.

Private home networks are usually poorly secured, while in this home environment, organisation-internal login credentials are used to access the company's IT infrastructure.

VISULOX offers all the advantages of proven application sharing and remote access, but also unique security benefits:

• Voluntary or mandatory recording of user activities
• Control over import and export of files and information
• Withdrawal of Copy & Paste functions
• Easy interactive cooperation of several users in one session
• Simultaneous addressing of multiple hosts
• Determination of permitted login times and geo-locations
• Flexible Multi Factor Authentication

Don't worry about individual VPN connections or collaboration tools. Simply provide your employees with their familiar environment - securely, flexibly and cost-effectively.