To meet the needs of SME clients that generally manage less complex IT infrastructures, certSIGN has developed a standard solution called Cyber-In-A-Box, a solution that can be tailored to the specific needs of the client.
The certSIGN concept on cyber security for SMEs includes 3 levels:
- Basic Protection or Cyber Hygiene – which includes providing the minimum protection measures that no client should overlook (firewall perimeter network protection, IPS, antimalware protection, backup solutions, user and access rights management, user training);
- Cyber security management – which includes providing information and visibility over the client’s assets, existing vulnerabilities, behavior and events occurring within the equipment and system operation, by managing log-type events;
- Monitoring, alerting, security incident response – CSIRT services.
If the Basic Protection level is achieved at the SME level, usually using their own IT departments, the upper levels are generally missing or are superficially treated.
Cyber-In-A-Box aims to add cyber security management capabilities to SMEs by using a turnkey solution that ensures:
- Asset management – What do we protect?
- Vulnerability management – How vulnerable are we?
- Log management – What happens within our network?
This solution is also a necessary element from the point of view of the specific audits compliant with the incident legislation, the 3 managed elements being the common element investigated by any auditor.
As the size of the networks and the services offered differ at the SME level, the Cyber-In-A-Box solution is adaptable, the level of licensing of the included applications being tailored to the client’s needs.
certSIGN provides the solution tailoring and delivery, according to the needs of the client, as well as services to correctly operate the implemented solution, periodic reporting and support in the case of security audits using the provided solution.