Cyber security

Human error is the weakest link in network security! Cybercrime remains a growth industry but you can counter it with security awareness courses and other cyber security measures.

Cyber security

Security breaches cost the German economy billions every year. Materna offers a range of products and services that help organisations to significantly reduce the risk and impact of malicious cyber activity.

Holistic solutions from the Cyber Defence Center

Employees pose the greatest threat to organizations in all industries. Social engineering attacks, or attacks on their employees, are putting organizations at greater risk than ever, especially when data is involved. Nearly half of all cyber attacks involve employees, nearly one in two of whom try to cover up the incident, adding to the damage. In nearly one-third of successful cyber attacks, valuable data is stolen. Employees must therefore be intensively trained to recognize attacks on their own person.

Cyber security affects us all. Reasons for this include customer and compliance requirements, the outsourcing of IT to the cloud, legal requirements or even strong competitive pressure. Protect your organization sustainably - with our services for planning, creating and implementing holistic cyber security measures.

Materna services for cyber security

Information security management system (ISMS)

Introducing an information security management system

Materna assists organisations which wish to invest in an information security management system (ISMS). The purpose of an ISMS is to identify and analyse IT risks for an organisation, and then to manage these by applying appropriate measures. A multi-pronged approach is crucial to drawing the full benefit, including:

a keen awareness among all employees, from junior staff to middle and senior management
assuring the confidentiality, integrity and availability of data
helping to assure business continuity and thus the success of the organisation
legal certainty by systematically following the relevant laws on information security and data protection
reducing the liability risk of individual managers
cost savings by avoiding security incidents

Materna has been operating as a consultancy for information security for more than 20 years and specializes in the following areas:

ISO 27001 basic protection based on BSI
ISO 27001
TISAX
ISIS12
IT risk management
IT emergency management

Materna will assess the maturity of your organisation’s cyber security with a cyber check based on the ISACA model.

Awareness training

Awareness training for all employees

Our awareness training courses will introduce your employees to the tricks used by social engineering scammers and teach them the importance of reporting potential incidents without fear of repercussions. Videos produced by the Materna media team accompany our e-learning content, which your staff can consume at their workstation and flexibly incorporate into their busy schedules. The course material is backed up with fun games to motivate and encourage users to apply their newly gained knowledge. Regular training and varying campaigns help to reinforce the learning units. A variety of skill levels is available that reflects the needs of every member of staff. Materna also offers face-to-face training courses for the instruction of very complex content.

Phishing campaigns

Boost awareness retention rates with planned phishing campaigns

Materna carries out simulated phishing campaigns: Using a carefully structured test we can check how your employees deal with personalized attacks in the real world. Materna’s method specifically takes individual staff performance into consideration.

Just like real-life malicious phishing attacks, these simulations are designed to tempt employees into opening what appear to be harmless attachments, websites or links. This may take the form of emails from inside the company or from known service providers. Users who stumble into the trap are redirected to an information page that offers a choice of video tutorials, games and other training material showing the user exactly what to look out for. A statistical and personalized record of the recipients of these phishing attacks is kept, providing the organisation with an overview of those employees in need of further training and of their individual learning curves.

Security operation centre (SOC)

Materna’s security operation centre

Materna operates a security operation centre (SOC), a cyber security control hub to protect your IT and OT (operational technology). Our cyber security analysts are on hand to provide the following services:

proactive monitoring of the IT and OT systems and ongoing analyses of the current threat level
detection and elimination of vulnerabilities in your cyber security
centralized security management for a range of end devices
managing the incident response process
sending alerts of known attacks and threats
direct defensive measures to limit damage of cyber attacks
security assessments
technical support for all security-related issues
reporting on the work of the security information centre and all security-related systems

The SOC deploys a range of sensors and systems that generate, collect, analyse and process log files and information flows. Behind every successful SOC lies a log management solution alongside the security incident and event management systems, supported by additional functionalities to detect and intercept intrusions.

Identity and access management

Manage access rights quickly and securely

To implement access rights for your employees securely and efficiently, you need to answer many questions. Identity and Access Management solutions provide decisive impetus here. Materna supports you with consulting, analysis of requirements, design and implementation of a suitable IAM solution. Privileged Access Management (PAM) is a special case of IAM. In this environment, Materna works with its partner Wallix when it comes to securing administrator access, i.e. privileged authorizations.

Web security (OWASP top 10)

Web penetration test

Materna offers the Web Penetration Test module especially for web servers. The website is checked for the OWASP Top 10 vulnerabilities. OWASP Top 10 is the developer's guide to secure program development. It represents the top 10 security risks of web applications. Mimicking an attacker, this is an attempt to bypass the website's security measures. As a basis for evaluation, Materna closely follows the German Federal Office for Information Security (BSI). Such a service can be offered in IT service management as a fully digitalized process. Web developers and employees in web projects then simply "book" a vulnerability scan or web penetration test for their servers and applications.

Cyber security check

Assessing the maturity of information security

As an information security officer (ISO), data protection officer (DPO) or IT manager, would you like to take a closer look at your organization's security level? We have developed the Cyber Security Check for this purpose.

Materna provides an assessment report that includes the following: Framework data including a description of the examined organization and its IT, management summary including an assessment of the threat situation (cyber security exposure) and a detailed assessment (detailed presentation of the identified deficiencies, their evaluation and recommendations to remedy the deficiencies).