Our story: Banks
"We believe that our security is just as we need it. We believe we are well protected, and we trust AEC."
Security strategy and documentation, a proposal of durable architecture, applications and infrastructure, supervision over the suppliers' implementation work, securing the clients' protection and overall final security audit were a part of AEC supply. We managed to make everything happen within the sixth- month prearranged time, even though we supervised six teams from two different suppliers. One supplier was in charge of the supply of the internet solution and mobile banking, and the other one provided the supply of a bank system.
Thanks to meeting the deadline, the bank was able to welcome their first customers precisely in parallel with the start of the marketing campaign.
Our story: Power and Utilities
We manage to respond swiftly and protect your crucial business.
A supplier of electrical energy was facing massive distributed attacks on its web pages leading to a denial of services (DdoS attacks). After these incidents the company deployed a solution for front-end protection. It needed to verify how reliable the chosen solution was and if the web pages were really well protected.
The corporation contacted AEC to have the new solution tested. We first proposed the methodology, and subsequently we executed the tests of the deployed security solution protecting the network perimeter of the company. Over a period of several days we found out that the chosen solution didn't correspond to the corporation's needs.
To protect the firm against the DDoS attacks, we carried out configuration and rules adjustments and we tuned the performance of crucial network components.
Our story: Telecommunications
We solve your problem before your customers or the media notice.
One foreign telecommunication operator had to solve several severe security incidents. At the same time, he faced an acute lack of internal capacity for their solution. So he contacted AEC to ask for a fast remedy and a further plan of security development.
After the introductory analysis, we created for our customer a customized plan of security development tailored to his environment and means. By the analysis of deployment of individual security technologies we helped to select an appropriate solution for his infrastructure. We started with the deployment of next generation firewalls at the perimeter. They have a sandboxing module for an analysis of so far unknown samples of malware. The next step was the protection of the firm's sensitive data. We engaged a DLP system which serves as well as a web and email gateway. To be able to monitor what was happening in the internal network, we also used a NBA system for advanced analysis of the network data stream. The NBA sondes were placed in a way so that we could get a detailed overview of the network operation and also about the data stream at the internet border.
Thanks to a job well done, our customer also hired us for other projects. We have been cooperating with them for several years now. During this time the operator experienced a rapid drop in security incidents, and they are considered a trustworthy and innovative supplier.
Our story: Industry
After changes had been implemented the warehouse was able to expedite the release of goods within 1 hour even without ICT.
A foreign giant in cosmetics with its warehouse located in the Czech Republic, that supplies manufactories with semi-finished products in the Czech and Slovak Republics, Poland, and Hungary, found out that, in the case of an outage of ICT, he would not be capable of securing goods distribution, or meeting supply deadlines.
The corporation contacted AEC to execute not only a revision of the emergency plan for ICT, but also to propose a way of functioning in case of an outage. The analysis of all the processes took three months. After that, we suggested, implemented, and tested the possibility of a warehouse operation without ICT support. During the outage, the warehouse managed to override to backup work processes within an hour. At the same time, we revised the emergency plans and expedited the information system recovery.
Our story: Commercial companies
You might not know what you actually need.
One media cooperation addressed AEC with the analysis of the current status within a bigger project that was aimed at increasing the servers' performance, network parameters, and the storage capacity of the discs.
AEC carried out a set of measurements, tests and analysis, and found out that the information system was ruled by hackers. It had been covertly serving to spread warez and spam. The administrators of the IT media cooperation had no clue until then. The illegitimate operation encumbered most of the system's resources. The AEC analysis' results totally changed the planned IS capacity increase project. After the reinstallation, cleanup and securing of the IS, the previously-planned investments into new capacities were not necessary.
Our story: Insurance
The darkest place is under the candlestick. Even as it comes to you it can take only 5 minutes...
One of the biggest insurance companies placed free access computer kiosks in its affiliates with intranet access for its customers. The users' functions of this terminal were significantly limited so that the customer could not reach the sensitive data of the company. Nevertheless, the insurance company was not sure if the internal network was really safe. It addressed AEC to execute a penetration test in which we practically verify the options of abuse of the kiosks.
In less than five minutes we managed to break through the security directly into the customers' zone of one of the affiliates. We gained control not only over thousands of printers at all affiliates, but also access to the documents at the central file server of the insurance company.
After this effective test, we suggested efficient measures that eliminated the possibility of compromising the internal environment of these computer kiosks.
Our story: Public sector
Our supervision has been helping to maintain the security of the public sector for eight years now.
The office of the state administration needed a security administrator who would ensure supervision over the information system. Covering this position by hiring its own specialist was not realistic in the long run.
The management of the office addressed us with this problem, since we had cooperated in this field in the past. Based on our previous knowledge of the environment and the organization's needs, we suggested the concept of an external security administrator service. In the first phase we carried out a risk analysis, processed a security policy, and subsequent internal documentation. Subsequently, we proposed a set of regular services, through which the office can gain control over its ICT security.
We provided not only regular penetration tests, meetings of the security forum, and updates of the documentation, but also a repetitive screening of the employee's awareness of possible risks and a check-up of the rules compliance. Individual activities were proposed in order to provide a necessary level of flexibility and effective support of the office in various situations. We have been supporting the state administration office for eight years now.