Application Security

Tayef offers firewall protection that secures your web servers from malicious traffic and prevents attacks to compromise your system. We offer WAF services by our vendor (F5) that utilizes both negative and positive security models for identifying, isolating and blocking sophisticated attacks that may affect legitimate application transactions. It identifies malicious bots that bypass standard detection methods and mitigates threats before they do damage. It deals with mitigations that learn and adapt to your unique application layer user interaction patterns to enable dynamic defences based on changing conditions. Dynamic traffic pattern learning and behavioral analysis enable real-time identification and response to new application attacks with minimal admin intervention.

(F5) products and solution that include a Web Application Firewall include:

  • BIG-IP Application Security Manager
  • Web Application Security Solutions

Features and Benefits:

  • Comprehensive Application Protection
  • Proactive Bot Defense
  • Layer 7 Denial of Service Protection
  • Application visibility for both threat management and business intelligence
  • Performance metrics and analytics data enable site and workflow optimization
  • Intelligent, Adaptable Defenses
  • Meets compliance requirements for regulatory standards like FFIEC, HIPAA, and PCI-DSS
  • Virtual patching through signature detection of vulnerability exploit attempts
  • Integration with third-party dynamic application security testing (DAST) tools for automated virtual patching.
  • Context Aware Risk Management
  • Flexibility via Programmability
  • Protocol Enforcement
  • Client Side Integrity Defense
  • Scale and Performance Even Under Attack

It is essential for a business to protect its data from falling into wrong hands. Hackers are now equipped with innovative and sensitive technologies, which enable them to exploit system vulnerabilities, web applications, users, and breach parameters to steal valuable data. In order to enhance your security against such attacks, it is important for you to deploy database firewall.  We provide Imperva’s SecureSphere Database Firewall (DBFW) that offers malware protection and other specialized security services to keep your data protected. It satisfies a broad range of database compliance requirements while providing reliable protection with little or no impact on database performance or availability.

Features:

  • Data Discovery
  • Continuous Monitoring Of Sensitive Data Usage
  • Monitor Big Data, Z/Os, and Files
  • Detection of Unauthorized Access, Fraudulent Activity
  • Detect and Contain Insider Threats
  • Unified Policy Deployment and Enforcement
  • Streamlined Compliance Reporting
  • Effective User Rights Management across Databases
  • Real-Time Blocking Of SQL Injection, Dos, and More
  • Audit Analysis for Incident Investigation and Forensics

Benefits:

  • Monitors Data and Users
  • Intelligently Identify and Prioritize Risks
  • Presents a Clear Actionable Picture of the Risks Discovered and Stopped
  • Discover and Help Classify Sensitive Databases and Data
  • Find and Remediate Database and System Vulnerabilities
  • Identify Excessive User Rights and Dormant Users, and Enable a Complete Rights Review Cycle
  • Protect RDBMS, Data Warehouses, Big Data Platforms, and Mainframe Databases and Files
  • Alert, Quarantine, and Block Database Attacks and Unauthorized Activities In Real-Time
  • Automate and Schedule Compliance Tasks and Reporting

Two Factor Authentication, Encryption and HSM

Tayef provides Gemalto’s TFA for our customers to protect respective data and identities from cyber attacks. TFA services are based on various technologies, the most prominent ones are One Time Passwords (OTPs) and Public Key Infrastructure (PKI). We offer PKI encryption key management solutions to help you protect the keys at the heart of PKI as well as PKI-based authentication tokens that leverage the security benefits offered by PKI to deliver dependable identity protection. In order to determine which one is more suitable for your needs, it is essential to understand the difference between the two.

One Time Passwords (OTPs)

  • This is a symmetric authentication in which one time password is generated in two places simultaneously – on authentication server and on hardware token or software token under user’s possession.
  • If the OTP generated by your token is a match with OTP generated by authentication server, only then access is granted.

Public Key Infrastructure (PKI)

  • This is an asymmetric authentication which depends on a series of dissimilar encryption keys – a private key and a public encryption key.
  • Hardware PKI certificate based tokens like USB tokens and smart cards are created to store your secret encryption key.
  • When authenticating to your enterprise network server, for example, the server issues a numeric ‘challenge.’ That challenge is signed using your private encryption key. If there’s a mathematical correlation, or ‘match,’ between the signed challenge and your public encryption key (known to your network server), then authentication is successful and you’re granted access to the network.
  • In PKI authentication, a private encryption key is used, which is non-transferrable when stored in hardware token. Given its asymmetric nature, PKI is used in many parts of the world for higher assurance use cases.

HSMs

  • HSMs are designed to provide a more secure, hardware-based environment within which private keys are generated, stored, and used— eliminating the risks associated with storing private keys in a more vulnerable software repository.
  • By providing physical and logical isolation of key materials from the computers and applications that use them, HSMs make it almost impossible to extract key materials through traditional network attacks.
  • Additionally, tamper-resistant physical designs, coupled with strict operational policies, ensure that direct physical attack and attacks from trusted insiders are negated.
  • HSMs can be easily adapted to provide secure generation and storage for SSL private keys, preventing the compromise of keys by adding the assurance of hardware-secured key management to secure websites

Email security is another concern for businesses and individuals alike. We have introduced Mimecast Secure Email Gateway services, which utilizes multi-layered, sophisticated detection engines to secure email data and of a firm and its employees from targeted attacks, phishing, spam and malware. Mimecast’s adaptive systems are constantly improving defenses to block both known and unknown threats. Contain spear-phishing attempts by reviewing every URL for threats and make sure spam and malware don’t reach the email system. End users are equally protected from social engineering and email impersonation attacks, with a sophisticated set of security checks that protect against spoofing and fraudulent requests. End users can be alerted to suspicious emails to prevent data loss.

Benefits:

  • Better security and system performance
  • A single cloud platform
  • Ultimate administrator visibility and control

Mimecast Email Security offers:

  • Protection with 99% anti-spam with 0.0001% false positives, 100% anti-malware including zero-hour protection and 100% availability SLA.
  • Specially handle graymail such as mailing lists and newsletters for easy filing and decluttering inboxes.
  • Decrease in spam disruption and protect infrastructure from DDOS.
  • Better flexibility with two modes of operation.
  • Retention Mode – Enable valuable capabilities and services including Track and Trace, Secure Messaging, Large File Send and Content Control.
  • Zero Retention – Eliminate legal and privacy concerns about your company’s email gateway without being stored beyond delivery.
  • Increased employee productivity and cut help desk calls with end user self-service to manage blocked and permitted senders.
  • Support mail validation such as DKIM.

Application Control services, by our partner and vendor Ivanti, is powered by AppSense and combines privilege management and dynamic whitelisting to protect you from unauthorized code execution without constraining users, and making your IT staff manually manage extensive lists. This service can help you and your staff in managing user policy and privileges automatically, and allowing optional self-elevation when exceptions occur. The endpoint security platform combines automated patch management and app control with powerful, integrated endpoint security management—global policy, security diagnostics, remote endpoint control, security dashboards and reporting, and more. Moreover, you can enforce application policies “out of the box.” Give users access to the apps they need based on role, location, and other criteria. Remove admin rights without users calling the help desk or resorting to shadow IT.

Through Ivanti’s Application Control:

  • Your IT Staff’s Workload Will Reduce
  • Reduces Your Endpoint Security Risks
  • Control Applications And User Privileges Efficiently
  • You Will Have Better Control For SCCM
  • Push Application Control Configurations To Endpoints
  • Use SCOM To Gather Events And Auditing Details
  • You Can Have Improved Server Access Control
  • You Staff Can Have Better User Experience With Improved Security
  • Manage Administrative Rights Of Non-­IT Users By Limiting Logon Rights To Servers To Perform Specific Tasks
  • Trusted Ownership
  • Integration With Systems Management Tools Increases Efficiency And Control Over Your It Environment
+ Web Access Firewalls (WAF F5)

Tayef offers firewall protection that secures your web servers from malicious traffic and prevents attacks to compromise your system. We offer WAF services by our vendor (F5) that utilizes both negative and positive security models for identifying, isolating and blocking sophisticated attacks that may affect legitimate application transactions. It identifies malicious bots that bypass standard detection methods and mitigates threats before they do damage. It deals with mitigations that learn and adapt to your unique application layer user interaction patterns to enable dynamic defences based on changing conditions. Dynamic traffic pattern learning and behavioral analysis enable real-time identification and response to new application attacks with minimal admin intervention.

(F5) products and solution that include a Web Application Firewall include:

  • BIG-IP Application Security Manager
  • Web Application Security Solutions

Features and Benefits:

  • Comprehensive Application Protection
  • Proactive Bot Defense
  • Layer 7 Denial of Service Protection
  • Application visibility for both threat management and business intelligence
  • Performance metrics and analytics data enable site and workflow optimization
  • Intelligent, Adaptable Defenses
  • Meets compliance requirements for regulatory standards like FFIEC, HIPAA, and PCI-DSS
  • Virtual patching through signature detection of vulnerability exploit attempts
  • Integration with third-party dynamic application security testing (DAST) tools for automated virtual patching.
  • Context Aware Risk Management
  • Flexibility via Programmability
  • Protocol Enforcement
  • Client Side Integrity Defense
  • Scale and Performance Even Under Attack
+ Database Firewalls (DBFW)

It is essential for a business to protect its data from falling into wrong hands. Hackers are now equipped with innovative and sensitive technologies, which enable them to exploit system vulnerabilities, web applications, users, and breach parameters to steal valuable data. In order to enhance your security against such attacks, it is important for you to deploy database firewall.  We provide Imperva’s SecureSphere Database Firewall (DBFW) that offers malware protection and other specialized security services to keep your data protected. It satisfies a broad range of database compliance requirements while providing reliable protection with little or no impact on database performance or availability.

Features:

  • Data Discovery
  • Continuous Monitoring Of Sensitive Data Usage
  • Monitor Big Data, Z/Os, and Files
  • Detection of Unauthorized Access, Fraudulent Activity
  • Detect and Contain Insider Threats
  • Unified Policy Deployment and Enforcement
  • Streamlined Compliance Reporting
  • Effective User Rights Management across Databases
  • Real-Time Blocking Of SQL Injection, Dos, and More
  • Audit Analysis for Incident Investigation and Forensics

Benefits:

  • Monitors Data and Users
  • Intelligently Identify and Prioritize Risks
  • Presents a Clear Actionable Picture of the Risks Discovered and Stopped
  • Discover and Help Classify Sensitive Databases and Data
  • Find and Remediate Database and System Vulnerabilities
  • Identify Excessive User Rights and Dormant Users, and Enable a Complete Rights Review Cycle
  • Protect RDBMS, Data Warehouses, Big Data Platforms, and Mainframe Databases and Files
  • Alert, Quarantine, and Block Database Attacks and Unauthorized Activities In Real-Time
  • Automate and Schedule Compliance Tasks and Reporting
+ Two Factor Authentication, Encryption and HSM

Two Factor Authentication, Encryption and HSM

Tayef provides Gemalto’s TFA for our customers to protect respective data and identities from cyber attacks. TFA services are based on various technologies, the most prominent ones are One Time Passwords (OTPs) and Public Key Infrastructure (PKI). We offer PKI encryption key management solutions to help you protect the keys at the heart of PKI as well as PKI-based authentication tokens that leverage the security benefits offered by PKI to deliver dependable identity protection. In order to determine which one is more suitable for your needs, it is essential to understand the difference between the two.

One Time Passwords (OTPs)

  • This is a symmetric authentication in which one time password is generated in two places simultaneously – on authentication server and on hardware token or software token under user’s possession.
  • If the OTP generated by your token is a match with OTP generated by authentication server, only then access is granted.

Public Key Infrastructure (PKI)

  • This is an asymmetric authentication which depends on a series of dissimilar encryption keys – a private key and a public encryption key.
  • Hardware PKI certificate based tokens like USB tokens and smart cards are created to store your secret encryption key.
  • When authenticating to your enterprise network server, for example, the server issues a numeric ‘challenge.’ That challenge is signed using your private encryption key. If there’s a mathematical correlation, or ‘match,’ between the signed challenge and your public encryption key (known to your network server), then authentication is successful and you’re granted access to the network.
  • In PKI authentication, a private encryption key is used, which is non-transferrable when stored in hardware token. Given its asymmetric nature, PKI is used in many parts of the world for higher assurance use cases.

HSMs

  • HSMs are designed to provide a more secure, hardware-based environment within which private keys are generated, stored, and used— eliminating the risks associated with storing private keys in a more vulnerable software repository.
  • By providing physical and logical isolation of key materials from the computers and applications that use them, HSMs make it almost impossible to extract key materials through traditional network attacks.
  • Additionally, tamper-resistant physical designs, coupled with strict operational policies, ensure that direct physical attack and attacks from trusted insiders are negated.
  • HSMs can be easily adapted to provide secure generation and storage for SSL private keys, preventing the compromise of keys by adding the assurance of hardware-secured key management to secure websites
+ Email Security

Email security is another concern for businesses and individuals alike. We have introduced Mimecast Secure Email Gateway services, which utilizes multi-layered, sophisticated detection engines to secure email data and of a firm and its employees from targeted attacks, phishing, spam and malware. Mimecast’s adaptive systems are constantly improving defenses to block both known and unknown threats. Contain spear-phishing attempts by reviewing every URL for threats and make sure spam and malware don’t reach the email system. End users are equally protected from social engineering and email impersonation attacks, with a sophisticated set of security checks that protect against spoofing and fraudulent requests. End users can be alerted to suspicious emails to prevent data loss.

Benefits:

  • Better security and system performance
  • A single cloud platform
  • Ultimate administrator visibility and control

Mimecast Email Security offers:

  • Protection with 99% anti-spam with 0.0001% false positives, 100% anti-malware including zero-hour protection and 100% availability SLA.
  • Specially handle graymail such as mailing lists and newsletters for easy filing and decluttering inboxes.
  • Decrease in spam disruption and protect infrastructure from DDOS.
  • Better flexibility with two modes of operation.
  • Retention Mode – Enable valuable capabilities and services including Track and Trace, Secure Messaging, Large File Send and Content Control.
  • Zero Retention – Eliminate legal and privacy concerns about your company’s email gateway without being stored beyond delivery.
  • Increased employee productivity and cut help desk calls with end user self-service to manage blocked and permitted senders.
  • Support mail validation such as DKIM.
+ Application Control

Application Control services, by our partner and vendor Ivanti, is powered by AppSense and combines privilege management and dynamic whitelisting to protect you from unauthorized code execution without constraining users, and making your IT staff manually manage extensive lists. This service can help you and your staff in managing user policy and privileges automatically, and allowing optional self-elevation when exceptions occur. The endpoint security platform combines automated patch management and app control with powerful, integrated endpoint security management—global policy, security diagnostics, remote endpoint control, security dashboards and reporting, and more. Moreover, you can enforce application policies “out of the box.” Give users access to the apps they need based on role, location, and other criteria. Remove admin rights without users calling the help desk or resorting to shadow IT.

Through Ivanti’s Application Control:

  • Your IT Staff’s Workload Will Reduce
  • Reduces Your Endpoint Security Risks
  • Control Applications And User Privileges Efficiently
  • You Will Have Better Control For SCCM
  • Push Application Control Configurations To Endpoints
  • Use SCOM To Gather Events And Auditing Details
  • You Can Have Improved Server Access Control
  • You Staff Can Have Better User Experience With Improved Security
  • Manage Administrative Rights Of Non-­IT Users By Limiting Logon Rights To Servers To Perform Specific Tasks
  • Trusted Ownership
  • Integration With Systems Management Tools Increases Efficiency And Control Over Your It Environment