Consulting Services: We Find the Right Balance between Information Security And Data Protection
There is no standard solution or even a standard procedure for companies where security is concerned. That is why we offer the full range of security consulting services, from CISO-as-a-Service to risk management and website security checks. We work together to find the right balance between information security and data protection for your processes and applications.
- We can help you assess how your ICT is performing in terms of information security and data protection under Swiss or European Data Protection Regulation (GDPR). Assisted by our tools, you will quickly be provided with a gap analysis or maturity assessment of your organizational processes and functions.
- We can advise you throughout the process of introducing and implementing a systematic information security management system – in accordance with ISO 27001:2013, for example.
- We can support you in meeting new compliance requirements under international standards or laws (for example, ISO 9001) and can integrate these into your Internal Control System (ICS).
Free Website Security Check
Our website security check can help you improve the security and performance of your web application. Our report provides you with specific practical measures and identifies risks. If you wish, we can also compare your website’s security with that of a competitor or partner. This enables us to provide you with even more specific suggestions for improvement. Try it out for yourself now.
Protected From Attacks: We Guarantee Availability and Ensure Secure Data Traffic
DDoS Attacks: We Guarantee Availability
We protect our clients from distributed denial-of-service attacks (DDoS attacks). These are attacks aimed at blocking a service or server. During a DDoS attack, a requested service or client is no longer available or only available to a limited extent. Financial losses, a damaged reputation, dissatisfied users and data theft are some of the possible consequences.
We use Incapsula’s on-demand service to protect against Layer 3/4 DDoS attacks. Your benefits include:
- On-demand protection against DDoS attacks up to 10 Gbit/s.
- Guaranteed availability of 99.999%.
- Extremely low latency.
- Network traffic does not have to leave the EU; 9 locations in Europe and 29 across the globe route all network traffic in the event of an attack.
The DDoS protection does not affect performance if no attack occurs.
Providing protection from DDoS attacks is part of our managed services offering.
Web Application Firewall (WAF): We Stop Cyber Attacks
A web application firewall (WAF) examines all requests sent to a web server and its responses. Should the firewall detect any suspicious or dangerous patterns, it stops all further communication. Possible attacks include cross-site scripting, SQL injection, forceful browsing and cookie poisoning.
We use a WAF to fend off malicious data traffic on the application layer (Layer 7). We use the F5 Big-IP Application Security Manager (ASM) as a WAF – the leading product on the market. The service offers protection from the Top 10 threats identified by the Open Web Application Security Project (OWASP). The web application firewall enables us to take both a whitelist and blacklist approach.
WAF is part of our managed services offering.
Let’s Encrypt Certificates: Protect Personal Data
- Transport layer security (TLS): Transport layer security (TLS) is a protocol that protects personal data when users communicate with applications online. TLS ensures that unauthorized third parties can’t intercept or change the communication between user and client. Consequently, using TLS makes your website more trustworthy for users and adds integrity. Moreover, TLS prepares you for HTTP/2, ensuring you're ready for the future. Using transport layer security also means you rank higher in search engines like Google. We provide our managed services clients with free TLS certificates from Let's Encrypt.
- Domain Name Server (DNS): As part of our DNS service, we check all certificates for Certificate Authority Authorization (CAA) before they are issued. This means we can stop certificates being incorrectly issued by insecure certificate authorities (CA) in advance. Our DNS services are part of our managed services offering.
Penetration Testing: Simulated Attacks to Prepare for Critical Situations
We carry out web application penetration tests with our partner wizlynx. We use real attack strategies to systematically uncover vulnerabilities. These vulnerabilities are either caused by the application itself or its relationship to the rest of the IT infrastructure.
Our Systems Benefit from Maximum Security Standards – Both for Us and Our Clients
Vulnerability Scanning: We Scan Our Systems Automatically for Security Holes
Security is our top priority. This is why we regularly scan our systems for vulnerabilities. Any vulnerabilities identified automatically generates a ticket and are fixed in the next patching process. Our vulnerability scanning is authenticated to prevent downtime and guarantee accurate results and practical recommendations.
We Are ISO 27001 Certified
Our private cloud hosting service has been certified to ISO27001:2013 since April 2018. The certification commits us to:
- Systematically assessing information security risks, including threats, vulnerabilities and impacts.
- Drafting and implementing information security controls and/or other forms of risk management (such as risk avoidance or risk transfer).
- Introducing a comprehensive management process to ensure that information security controls continue to meet requirements.
We are the experts in the operation of web applications.
As a Managed Service Provider we host and maintain your web application on our servers.
Move to the cloud with Unic. We're specialised in cloud computing on AWS and Azure.
Our Service Desk takes care of all your IT queries immediately and competently
Improve the security of your website. We offer you a free Website Security Check.
Unic has continuously invested in improving website application security. In this blog post, we’re showing how our security measures help to mitigate the OWASP Top Ten.
Since April 2018, Unic’s Private Cloud Hosting service is certified according to the international standard ISO 27001:2013. This certification attests Unic to be compliant with the demanding requirements for an information security management system (ISMS).