Security breaches cost the German economy billions every year. Materna offers a range of products and services that help organisations to significantly reduce the risk and impact of malicious cyber activity.
Holistic solutions from the Cyber Defence Center
Employees pose the greatest threat to organizations in all industries. Social engineering attacks, or attacks on their employees, are putting organizations at greater risk than ever, especially when data is involved. Nearly half of all cyber attacks involve employees, nearly one in two of whom try to cover up the incident, adding to the damage. In nearly one-third of successful cyber attacks, valuable data is stolen. Employees must therefore be intensively trained to recognize attacks on their own person.
Cyber security affects us all. Reasons for this include customer and compliance requirements, the outsourcing of IT to the cloud, legal requirements or even strong competitive pressure. Protect your organization sustainably - with our services for planning, creating and implementing holistic cyber security measures.
Materna services for cyber security
Information security management system (ISMS)
Introducing an information security management system
Materna assists organisations which wish to invest in an information security management system (ISMS). The purpose of an ISMS is to identify and analyse IT risks for an organisation, and then to manage these by applying appropriate measures. A multi-pronged approach is crucial to drawing the full benefit, including:
- a keen awareness among all employees, from junior staff to middle and senior management
- assuring the confidentiality, integrity and availability of data
- helping to assure business continuity and thus the success of the organisation
- legal certainty by systematically following the relevant laws on information security and data protection
- reducing the liability risk of individual managers
- cost savings by avoiding security incidents
Materna has been operating as a consultancy for information security for more than 20 years and specializes in the following areas:
- ISO 27001 basic protection based on BSI
- ISO 27001
- IT risk management
- IT emergency management
Materna will assess the maturity of your organisation’s cyber security with a cyber check based on the ISACA model.
Awareness training for all employees
Our awareness training courses will introduce your employees to the tricks used by social engineering scammers and teach them the importance of reporting potential incidents without fear of repercussions. Videos produced by the Materna media team accompany our e-learning content, which your staff can consume at their workstation and flexibly incorporate into their busy schedules. The course material is backed up with fun games to motivate and encourage users to apply their newly gained knowledge. Regular training and varying campaigns help to reinforce the learning units. A variety of skill levels is available that reflects the needs of every member of staff. Materna also offers face-to-face training courses for the instruction of very complex content.
Boost awareness retention rates with planned phishing campaigns
Materna carries out simulated phishing campaigns: Using a carefully structured test we can check how your employees deal with personalized attacks in the real world. Materna’s method specifically takes individual staff performance into consideration.
Just like real-life malicious phishing attacks, these simulations are designed to tempt employees into opening what appear to be harmless attachments, websites or links. This may take the form of emails from inside the company or from known service providers. Users who stumble into the trap are redirected to an information page that offers a choice of video tutorials, games and other training material showing the user exactly what to look out for. A statistical and personalized record of the recipients of these phishing attacks is kept, providing the organisation with an overview of those employees in need of further training and of their individual learning curves.
Security operation centre (SOC)
Materna’s security operation centre
Materna operates a security operation centre (SOC), a cyber security control hub to protect your IT and OT (operational technology). Our cyber security analysts are on hand to provide the following services:
- proactive monitoring of the IT and OT systems and ongoing analyses of the current threat level
- detection and elimination of vulnerabilities in your cyber security
- centralized security management for a range of end devices
- managing the incident response process
- sending alerts of known attacks and threats
- direct defensive measures to limit damage of cyber attacks
- security assessments
- technical support for all security-related issues
- reporting on the work of the security information centre and all security-related systems
The SOC deploys a range of sensors and systems that generate, collect, analyse and process log files and information flows. Behind every successful SOC lies a log management solution alongside the security incident and event management systems, supported by additional functionalities to detect and intercept intrusions.
Identity and access management
Manage access rights quickly and securely
To implement access rights for your employees securely and efficiently, you need to answer many questions. Identity and Access Management solutions provide decisive impetus here. Materna supports you with consulting, analysis of requirements, design and implementation of a suitable IAM solution. Privileged Access Management (PAM) is a special case of IAM. In this environment, Materna works with its partner Wallix when it comes to securing administrator access, i.e. privileged authorizations.
Web security (OWASP top 10)
Web penetration test
Materna offers the Web Penetration Test module especially for web servers. The website is checked for the OWASP Top 10 vulnerabilities. OWASP Top 10 is the developer's guide to secure program development. It represents the top 10 security risks of web applications. Mimicking an attacker, this is an attempt to bypass the website's security measures. As a basis for evaluation, Materna closely follows the German Federal Office for Information Security (BSI). Such a service can be offered in IT service management as a fully digitalized process. Web developers and employees in web projects then simply "book" a vulnerability scan or web penetration test for their servers and applications.
Cyber security check
Assessing the maturity of information security
As an information security officer (ISO), data protection officer (DPO) or IT manager, would you like to take a closer look at your organization's security level? We have developed the Cyber Security Check for this purpose.
Materna provides an assessment report that includes the following: Framework data including a description of the examined organization and its IT, management summary including an assessment of the threat situation (cyber security exposure) and a detailed assessment (detailed presentation of the identified deficiencies, their evaluation and recommendations to remedy the deficiencies).