Delivered by a specialized group of highly skilled security professionals, Comtrust professional services are geared to provide enterprises with cutting-edge and reliable eSecurity planning and preparedness. The group also assists enterprises with security implementation services and delivers quality educational courses in IT security.

Comtrust professional services team has extensive industry experience and knowledge in the following areas:

1. Vulnerability Assessment

2. Server Hardening

3. PKI Training

4. PKI Consulting

5. Business Continuity Planning

Vulnerability Assessment

Comtrust vulnerability assessment services review the current security posture of an organization’s IT infrastructure. Under permission from the organization, Comtrust security consultants simulate “ethical hacking” attacks on the enterprise IT systems to identify and exploit security holes. Penetration tests are conducted to assess and identify the system vulnerabilities. These tests are performed either from a place inside the enterprise LAN (Internal Penetration Test) or from an external source on the Internet (External Penetration Test). Periodic testing of enterprise IT systems using a combination of both internal and external testing ensures a robust and flexible enterprise security posture.

The results of the penetration testing are compiled in a comprehensive report. The report assigns a security criticality rating to the vulnerabilities identified during the test. The criteria for these ratings are based on the vulnerability’s security impact, ease of exploitation and popularity (a popular vulnerability will carry a high probability of getting exploited). The report also contains recommendations for bridging gaps in IT security.

Another key feature of Comtrust vulnerability assessment services is the complete knowledge transfer to the enterprise IT personnel. As part of service delivery, Comtrust involves the concerned enterprise IT security staff at every stage of testing and during report writing. Furthermore, the entire tool-set (consisting of publicly available and in-house developed software) utilized to conduct the testing, is provided to the organization at the end of the project.

The internal penetration test is an assessment of the “insider threat” to an enterprise IT system. The internal penetration test is carried out from the perspective of a potential attacker that has access to any enterprise device (laptop, desktop) but does not have the access rights. The test also takes into account the possibility where an unauthorized person (visitor, supplier, customer, etc) plugs-in a device on an available network point. A variation of the internal penetration test simulates efforts by an authorized user (employee) to access enterprise resources, for which s/he does not have the access privileges.

A majority of the network intrusion attempts try to find and exploit known vulnerabilities of the operating systems. Additionally, the improper implementation of operating systems and applications also presents opportunities to the hackers. With new vulnerabilities being published daily, it is an imperative to have updated protection against these threats. Comtrust server hardening service is an integrated set of one-time and ongoing implementation activities that concentrates on enhancing the security posture of Microsoft Windows platform (Operating System, Applications) in enterprise IT systems.

Comtrust security consultants begin by analyzing the MS Windows environment on the server. Based on this analysis, recommendations are made to plug the security holes in the system. This also involves removing unnecessary applications, administration privileges and utilities from the system as these pose serious security threats. The server is then prepared according to the consultant’s recommendations by applying security patches (as recommended by OS vendor). This “hardens” the server to face the current security threats. In order to continually stay protected against evolving threats, Comtrust then provides on-going services for security patch application as and when the OS vendor announces new vulnerabilities.

• Updated protection from internal as well as external security threats
• Assured high availability and security of corporate IT assets
• Proactive problem resolution
• In-depth security testing to check systems settings and policies
• Relieved IT resources for core business focus

Corporate security resources are increasingly being stretched due to an exponential increase in threats and system vulnerabilities. A major component of a holistic IT security strategy is continuous preparation to counter these threats. Staying one step ahead of the hackers gives enterprises an advantage in their efforts to thwart intrusion and hacking attempts. Therefore, to protect critical IT assets, it is imperative to stay abreast of latest technologies and security initiatives.

Comtrust training services, conducted by leading IT security industry experts, form the cornerstone of enterprise readiness to tackle security threats. These training courses offer the participants an opportunity to share the experiences and knowledge of IT security experts. The courses combine theory with hands-on workshop for a well-rounded learning experience. Comtrust is flexible in meeting the enterprise security training requirements. Comtrust conducts these courses publicly and can also perform in-house training for corporate organizations.

Public Key Infrastructure (PKI) has established itself as a stable and robust technology for providing security to electronic business initiatives. There is a growing interest in adopting PKI for securing interaction over the web. As the Middle East’s first and only stand-alone Certification Authority (CA), Comtrust has extensive expertise in the PKI domain. Comtrust PKI consulting services are designed to help organizations leverage this complex but highly effective technology. Comtrust offers PKI consulting services in the following areas:

Comtrust can help enterprises in designing a PKI set-up that best addresses the security requirements. Comtrust can also leverage its expertise to develop the procedural framework for a PKI. This includes developing the Certificate Policy (CP), Certification Practice Statement (CPS) and other certificate lifecycle management procedures.

2. PKI Deployment

Comtrust professional services team has in-depth experience of deploying and managing PKI set-ups. Comtrust can provide professional project management of PKI rollouts to ensure in-budget and timely completion. Comtrust can handle PKI projects at any stage of their deployment ranging from a pilot phase to commissioning a live PKI.

3. Customized PKI Solutions

Comtrust can work closely with enterprises to assess their security requirements and develop customized PKI solutions. Cost-effectiveness, scalability, ease-of-use and robustness are some of the key design principles for these customized solutions.

A business is always at a risk of facing disruptions. These business disruptions can be caused by both predictable as well as unforeseen events and can inflict major loss on the business. Therefore, businesses must plan for such contingencies to minimize the potential impact of such occurrences. Comtrust Business Continuity Planning (BCP) services help organizations to prepare for eventualities that can cause tangible (material, financial) as well as intangible (customer confidence, business reputation) losses. Such advance preparation enables organizations to have a practical and workable action plan for dealing with crises that threaten a business.

User Certificates | Server Certificates | Business User Certificates

SecureAccess Solution | Managed PKI Solutions |