1. Company Profile
Sector: IT GRC
Data Breach response, APT,
Cyber Security,
Providing the first and most effective IT GRC,
Incident and Data Breach Management
Framework available in the market
2. About DFLabs (The originating Company)
• DFLabs (www.dflabs.com) is an ISO9001 certified company,
specializing in Verticals of the Information Security Governance,
Risk and Compliance (GRC) and Business Security.
• Our mission is: Supporting Information Security Strategies and
Guaranteeing Business Security.
• Proud of its professional experience, DFLabs provides technologies,
consulting and services in the following areas: IT GRC, Incident/
Data Breach/Fraud Prevention and Response, Digital Forensics, e-
discovery, Litigation Support. Intrusion Prevention, Log and Vulnerability
Management.
• We operate on a worldwide basis from our headquarters in Northern
Italy. In 2009 We opened an IT GRC and Data Breach Software
Factory.
• Fortune 100 Customers.
• ISO Members and Editors.
2004-2013 Dflabs Copyright
3. Main Topic: The Security Risk Gap is Growing Exponentially
• Lack of IT GRC Strategy
• Increasing rate of new incidents and data
breach
Business and
Legal Exposure • Increasing time to resolve them
Security
Risk • Insurance Companies don’t pay the coverage
Gap if the insured due diligence is not proven.
• The Gov Authorities are keen to submit
sanctions to companies that are not able to
prove their due diligence
• Reaction Time is crucial to avoid further
damages
• Traditional IT GRC and Security approaches
can’t fully mitigate today’s security challenge
– They aren’t effective
– They are too expensive, complex and not
IT Security Capacity natively created for the strategic GRC and
Security Purpose
Time, Business Growth
New IT GRC demands exceed IT&Security capacity
2004-2013 Dflabs Copyright.
4. Our Strutcture
Consulting, Tech and Professional Services
Cross specializations in niche areas
Technology and
Consulting
R&D
Structure of strategic
consulting, A Department
organizational and legal specializing in R & D
DFLabs
Team
Professional
Services
Highly Specialized
Professional Service Team
5. Our Framework
Ensuring Business Security
Business Assurance Compliance Data Security
Security strategies, policies and Strategic management of over Vulnerability management,
control, awareness and training, 150 active standards worldwide, penetration testing, network
Incident Management, precise performed with the use of monitoring so as not to impact on
detection of abnormal activities specialized legal counsel at the applications and data, incident
based on detection of fraud. international level. response, professional services.
6. Our Value Chain
IT GRC FRAMEWORK
Risk, Audit and Compliance Officers, CIO, CISO, CSO
Security Operations Centers/Investigations,
Prioritization | Case Mgmt | Artifact Analysis | Resource/Task Mgmt
Impact/Cost Analysis | Evidence/Chain of Custody | External/Law Enforcement
IT Security, APT, Incident Response Fraud, Theft & Security Investigations Security Governance
Log Web/Appl Whistle Blower
SIEM
Management Scanning
Strategic Planning
ERP & HR Policies
Configuration Identity & Vulnerability
Management Access Management Standards
Forensic, Audit, e-Discovery
Procedures
Firewall / Anti-Virus & End-Point
IPS / IDS White Listing Security Financial Systems
Consulting, Tech and Professional Services
2004-2013 Dflabs Copyright,
7. Market Strategy: Our Approach
IT GRC FRAMEWORK
Consulting, Tech and Professional Services
Integration and
Existing Current &
Automated Data Custom
Breach/Incident Security Future IT
Architecture Trends
Management Trends
End Users GOV/LEO/ Critical
Finance Telco EDU HealthCare Infrastructure
Insurance Security Consulting
Companies Vendor Cloud Firms
Partners/OEM’s
Intelligence data Sharing
Rapid Integration
2004-2013 Dflabs Copyright
9. Our DNA: High specialization and scientific rigor
• We are constantly engaged in the international
scientific community, with direct participation in
'ISO - International Standards Organization, as well
as in the IETF - Internet Engineering Task Force
• Our specialists are certified with relevant
International Standards Body, such as TUV, SANS
Institute, etc.
• Frequently publish scientific articles and participate
as speakers and board of advisors to numerous
scientific journals and conferences at international
level.
• We select partners - local and international - with
the utmost attention, both for the technology and
consulting.
9
10. Main Competences
1) Security Governance - IAM
2) Fraud prevention (Banking, Insurance etc)
Consulting, Tech and Professional Services
3) MultiLevel Audit
4) 231/01 and CyberCrime (Top Down)
5) Fraud management (Internal & External)
6) Cloud Computing Risk Management
7) Log Management
8) Incident Management and Response (including forensics)
9) DLP - IPS
10) Vulnerability and Pentest
11) Application Security
12) Database Protection
13) Network Monitoring
14) Mobile Risk Management and Protection
15) Technology Scouting and evaluation/implementation
11. Our
Current
Main
engagements
Business Risk Management,
Policy, standards, Technologies, Legal and guidelines
LOCAL AND INTERNATIONAL REGULATIONS&STANDARDS
Intrusion
Preven5on
and
Incident
Management
The
en.re
Security
Incident
Lifecycle
–
From
Preven.on
to
Response,
including
the
Anomaly
Monitoring
IAM-‐Role
Management
and
Segrega5on
Both
Users
and
Architectures
DLP
–
Data
Leakage
Preven5on
–
GRC
Complete
informa.on
Leakage
Management/BYOD
Governance
Risk
Compliance
Anomaly
Monitoring
(Security
Strategy
Plan)
Frauds-‐
Internal
and
External
Misuses
Disaster
Recovery
and
Business
Con5nuity
Plan
12. Our Software
• IncMan Suite, an IT-GRC comprehensive data breach ,
incident,& investigation management platform that simplifies the
management of every kind of security incident--cyber, physical,
ethics & fraud—reducing risk, time to response, & costs
• CorM - Compliance and Risk Manager - a complete solution that
can help in identifying the controls needed to comply with
presenting the complex rules, standards and policies in an
extremely simple graphical user interface to get any other crucial
information.
• PTK forensics is a computer forensic framework for the
command line tools in the SleuthKit plus much more software
modules. This makes it usable and easy to investigate a system.
Over 50 Selected Third Parties are Supported
13. Why Choosing Us
Differentiation Factors –-
• Unlike the others, we are Focused on IT GRC with Particular Reference to
Incident Prevention, Data Breach and CyberSecurity. The competition is just
using existing Security technologies adapted to the scope.
• Independency and integration with Third Party plus Virtual Community. Allows
partners (like service providers, insurer, MSS and so on) to add Value on top on their
exhisting services. Maximum Value to the end users, thanks to our deep knowledge
and industry benchmarks-
• Real IT GRC , not just “too high to be effective” stuff. But also practical stuff.We
have a complete vision of the high and tech layers of the IT GRC able to dynamically
associate IT GRC tasks to the data breach and incident management.
• We are the only IT GRC Boutique, with deep knowledge of market verticals and
our professionals are usually into the loop, both from a governance and practical
perspective. We also built Software to enhance the application of our IT GRC
Framework
• Security Asset Management Capability. No one is currently able to automatically
associate the target involved in a particular incident/data breach to risk and KPI.
• Big data ready. No competitor is currently working under the Big Data paradigm
shift for case management.
• Focused on information and business protection. We stay away from foggy
approaches.
2004-2013 Dflabs Copyright,
