• Enterprise Network
• Enterprise Datacenters
• Enterprise Security
  • Introduction
  • Internet Perimeter Security
  • Mobile & Remote Security
  • Business Applications Protection
  • Inside Security
  • Security management & monitoring
  • 360° Security Services
  • Why Belgacom?
• Enterprise Collaboration
• Enterprise Applications
• Enterprise Mobility

Business Applications Protection

ICT security goes beyond simply protecting the network and systems. Your applications and data in particular are an ideal target for hackers.

• 360° Application Security Protection Pack
• Secure B2B Exchange
• Enterprise Single Sign-On
• Secure Database Access
  

360° Application Security Protection Pack

• Architectural Risk Analysis

Architectural risk assessment is a risk management process that identifies flaws in software architecture and determines the risks to business information assets that result from those flaws. Through the Belgacom process of architectural risk assessment - based on Threat Modeling - flaws are found that expose information assets to risk. Risks are prioritized based on their impact on business, mitigations for those risks are developed and implemented, and the software is reassessed to determine the efficacy of the mitigations.

• Source Code Security Review

The key question of application security is: are there vulnerabilities in the code? The only way to respond effectively is with a security source code analysis that pinpoints where you are most at risk. Source code analysis covers application security questions regarding regulatory compliance, data privacy, concerns about outsourcing and is the best way to control long-term costs. Experienced security experts with a programming background analyze the source code of your applications (java, .NET, PHP …) and pinpoint security risks. Vulnerabilities and threat exposures are identified and prioritized, and remediation begins on the biggest deficiencies and vulnerabilities. This test will ensure the safety of your code and will make your application more robust at the core. Furthermore, thanks to this approach, tailor-made remedies are provided that will work for your application.

• Application Security Review

Many organizations conduct their business on the Web. However, only a small percentage of websites are regularly and professionally tested for vulnerabilities which potentially leave organizations open to attacks via vulnerable Web applications. Detect vulnerabilities within your application before a hacker does and ensure the confidentiality, integrity and availability of your data and business critical software. Experienced application security specialists will use OWASP-based methodologies to test your Web application for security problems. These tests are performed manually, using tools of the trade and custom scripts. After the test, a report is delivered which includes a management summary, detailed information on all defects found, solutions to mitigate the problem and a comprehensive list of the performed tests.

• Web Application Firewalls

Web applications of all kinds, whether online shops or partner portals, have in recent years become a popular target of hacker attacks. The attackers are using methods which are specifically aimed at exploiting potential weak spots in the application software itself.  And this is why they are not detected, or not detected with sufficient accuracy, by traditional IT security systems such as network firewalls or IDS/IPS systems.

 

Web Application Firewalls (WAF) have emerged as the best fit for adding a much needed new layer of protection in operational mode. The main benefit of a WAF is the subsequent protection of completed, productive web applications on the application level with a reasonable amount of effort and without having to change the application itself. On the one hand, the WAF offers  basic protection against known attacks or vulnerabilities based on blacklists. The use of a WAF is especially relevant in the case of concrete vulnerabilities, which, for example, are uncovered via application security reviews or source code reviews. A WAF with white listing is then the only option for promptly closing external vulnerabilities (hot fix). 

 

Two different types of WAF products are provided by Belgacom - Non-proxy-based and proxy-based application firewalls.

 Read our customer testimonial (http://www.onemagazine.be/2009/12/03/secure-web-applications-for-clients-and-partners/ )

Secure B2B Exchange

• Secure File Transfer

Organizations increasingly need secure and flexible solutions to exchange information with their partners, suppliers and customers.
Belgacom and its technology partners offer comprehensive, scalable and easy-to-manage solutions for exchanging large files. These solutions allow our customers to easily consolidate disparate systems, automate and streamline applications, simplify compliance with policies and regulations, and safely use the Internet for transactions.

• XML Security Gateway

In a B2B environment, applications communicate with each other using web services. Especially in the WEB 2.0 world, building flexible architectures has become common practice.  However, using web services imposes security requirements that cannot be dealt with by traditional perimeter security solutions like firewalls and IPS. Authentication, message validation, SSL offloading (decryption/encryption) and content-based routing are just a few of the elements that can be taken care of by an XML gateway. This allows the offloading of application servers and enhances application performance. At the same time, security policies are centrally managed.

Belgacom offers different market-leading, robust XML firewall and XML gateway solutions. To ensure a successful implementation, a profound knowledge of software development lifecycle (SDLC) is required. The team has experience in risk analysis, source code review and software development. Belgacom offers various services, such as analysis, design, configuration and support.

Enterprise Single Sign-On

Secure Database Access

• Database Security Testing

Database servers are the most important servers your organization has. They store customer details, financial information, human resources details - all the data that keeps your company in business and which, therefore, need to be highly secure.

Database security tests focus on identifying vulnerabilities in your systems databases. These can be the result of incorrect configuration of the database security parameters or improper implementation of the business logic used to access the database (e.g. SQL insertion attacks). These vulnerabilities may result in the disclosure or modification of sensitive data in the database. The reports Belgacom produces are tailored to your requirements. They will inform you of the vulnerabilities found and will provide information as to how to fix them. So you can obtain full assurance on your crown jewels.

• Database Activity Monitoring

Today, all kinds of applications, both in a professional and personal environment, store valuable information in databases (e.g. credit card information when you pay online or all your financial information via online banking) - information that can be of interest to someone with bad intentions. Do you know who has access to your databases and what is done with that information? This is where database security comes in. Database security appliances sniff the network to locate all databases within your organization and analyze traffic to perform vulnerability assessments. Database agents installed on the servers protect against local attacks.  You will be able to trace each individual user and the subsequent query launched and eventually, by security policies, block or mask query results. All this detailed information is available in tamper-proof reports which meet the needs of auditors.

Belgacom services can help you to secure your databases by providing vulnerability assessments. In a next stage, by installing and configuring database security appliances and setting up security policies, we can help you to protect your data.