Company Profile Sector: IT GRC Data Breach response, APT, Cyber Security,Providing the first and most effective IT GRC, Incident and Data Breach Management Framework available in the market
About DFLabs (The originating Company)• DFLabs (www.dflabs.com) is an ISO9001 certified company, specializing in Verticals of the Information Security Governance, Risk and Compliance (GRC) and Business Security.• Our mission is: Supporting Information Security Strategies and Guaranteeing Business Security.• Proud of its professional experience, DFLabs provides technologies, consulting and services in the following areas: IT GRC, Incident/ Data Breach/Fraud Prevention and Response, Digital Forensics, e- discovery, Litigation Support. Intrusion Prevention, Log and Vulnerability Management.• We operate on a worldwide basis from our headquarters in Northern Italy. In 2009 We opened an IT GRC and Data Breach Software Factory.• Fortune 100 Customers.• ISO Members and Editors. 2004-2013 Dflabs Copyright
Main Topic: The Security Risk Gap is Growing Exponentially • Lack of IT GRC Strategy • Increasing rate of new incidents and data breach Business and Legal Exposure • Increasing time to resolve them Security Risk • Insurance Companies don’t pay the coverage Gap if the insured due diligence is not proven. • The Gov Authorities are keen to submit sanctions to companies that are not able to prove their due diligence • Reaction Time is crucial to avoid further damages • Traditional IT GRC and Security approaches can’t fully mitigate today’s security challenge – They aren’t effective – They are too expensive, complex and not IT Security Capacity natively created for the strategic GRC and Security Purpose Time, Business Growth New IT GRC demands exceed IT&Security capacity 2004-2013 Dflabs Copyright.
Our Strutcture Consulting, Tech and Professional Services Cross specializations in niche areas Technology andConsulting R&DStructure of strategicconsulting, A Departmentorganizational and legal specializing in R & D DFLabs Team Professional Services Highly Specialized Professional Service Team
Our FrameworkEnsuring Business Security Business Assurance Compliance Data Security Security strategies, policies and Strategic management of over Vulnerability management, control, awareness and training, 150 active standards worldwide, penetration testing, network Incident Management, precise performed with the use of monitoring so as not to impact on detection of abnormal activities specialized legal counsel at the applications and data, incident based on detection of fraud. international level. response, professional services.
Our Value Chain IT GRC FRAMEWORK Risk, Audit and Compliance Officers, CIO, CISO, CSO Security Operations Centers/Investigations, Prioritization | Case Mgmt | Artifact Analysis | Resource/Task Mgmt Impact/Cost Analysis | Evidence/Chain of Custody | External/Law Enforcement IT Security, APT, Incident Response Fraud, Theft & Security Investigations Security Governance Log Web/Appl Whistle Blower SIEM Management Scanning Strategic Planning ERP & HR Policies Configuration Identity & Vulnerability Management Access Management Standards Forensic, Audit, e-Discovery Procedures Firewall / Anti-Virus & End-Point IPS / IDS White Listing Security Financial Systems Consulting, Tech and Professional Services 2004-2013 Dflabs Copyright,
Market Strategy: Our Approach IT GRC FRAMEWORK Consulting, Tech and Professional Services Integration and Existing Current & Automated Data Custom Breach/Incident Security Future IT Architecture Trends Management Trends End Users GOV/LEO/ Critical Finance Telco EDU HealthCare Infrastructure Insurance Security Consulting Companies Vendor Cloud Firms Partners/OEM’s Intelligence data Sharing Rapid Integration 2004-2013 Dflabs Copyright
Our DNA: High specialization and scientific rigor • We are constantly engaged in the international scientific community, with direct participation in ISO - International Standards Organization, as well as in the IETF - Internet Engineering Task Force • Our specialists are certified with relevant International Standards Body, such as TUV, SANS Institute, etc. • Frequently publish scientific articles and participate as speakers and board of advisors to numerous scientific journals and conferences at international level. • We select partners - local and international - with the utmost attention, both for the technology and consulting.9
Main Competences1) Security Governance - IAM2) Fraud prevention (Banking, Insurance etc) Consulting, Tech and Professional Services3) MultiLevel Audit4) 231/01 and CyberCrime (Top Down)5) Fraud management (Internal & External)6) Cloud Computing Risk Management7) Log Management8) Incident Management and Response (including forensics)9) DLP - IPS10) Vulnerability and Pentest11) Application Security12) Database Protection13) Network Monitoring14) Mobile Risk Management and Protection15) Technology Scouting and evaluation/implementation
Our Current Main engagements Business Risk Management, Policy, standards, Technologies, Legal and guidelines LOCAL AND INTERNATIONAL REGULATIONS&STANDARDS Intrusion Preven5on and Incident Management The en.re Security Incident Lifecycle – From Preven.on to Response, including the Anomaly Monitoring IAM-‐Role Management and Segrega5on Both Users and Architectures DLP – Data Leakage Preven5on – GRC Complete informa.on Leakage Management/BYOD Governance Risk Compliance Anomaly Monitoring (Security Strategy Plan) Frauds-‐ Internal and External Misuses Disaster Recovery and Business Con5nuity Plan
Our Software • IncMan Suite, an IT-GRC comprehensive data breach , incident,& investigation management platform that simplifies the management of every kind of security incident--cyber, physical, ethics & fraud—reducing risk, time to response, & costs • CorM - Compliance and Risk Manager - a complete solution that can help in identifying the controls needed to comply with presenting the complex rules, standards and policies in an extremely simple graphical user interface to get any other crucial information. • PTK forensics is a computer forensic framework for the command line tools in the SleuthKit plus much more software modules. This makes it usable and easy to investigate a system. Over 50 Selected Third Parties are Supported
Why Choosing UsDifferentiation Factors –-• Unlike the others, we are Focused on IT GRC with Particular Reference to Incident Prevention, Data Breach and CyberSecurity. The competition is just using existing Security technologies adapted to the scope.• Independency and integration with Third Party plus Virtual Community. Allows partners (like service providers, insurer, MSS and so on) to add Value on top on their exhisting services. Maximum Value to the end users, thanks to our deep knowledge and industry benchmarks-• Real IT GRC , not just “too high to be effective” stuff. But also practical stuff.We have a complete vision of the high and tech layers of the IT GRC able to dynamically associate IT GRC tasks to the data breach and incident management.• We are the only IT GRC Boutique, with deep knowledge of market verticals and our professionals are usually into the loop, both from a governance and practical perspective. We also built Software to enhance the application of our IT GRC Framework• Security Asset Management Capability. No one is currently able to automatically associate the target involved in a particular incident/data breach to risk and KPI.• Big data ready. No competitor is currently working under the Big Data paradigm shift for case management.• Focused on information and business protection. We stay away from foggy approaches. 2004-2013 Dflabs Copyright,