USE CASES
Your challenge - our solution
Conceptual and regulatory approaches
Find out here which conceptual solutions such as the Zero Trust Architecture and regulatory requirements such as NIS2, NIST and GDPR can be supported by our solutions and services.
ARP-GUARD Network Access Control
ISO certifications
ISO 27001 - Information security
The gold standard certification for information security. ISO 27001 enables organizations to demonstrate that they have implemented a robust information security management system that protects them from data loss, cyber-attacks and other threats.
ISO 27799 - Information security in healthcare
The pioneering standard for the healthcare sector. Designed to ensure the confidentiality, integrity and availability of sensitive healthcare data, ISO 27799 provides clear guidance for information security management in healthcare.
DIN EN 80001-1
Risk management for medical IT networks
The standard Application of risk management for IT networks containing medical devices (EN 80001-1:2011) is primarily intended for operators of medical IT networks (hospitals, care facilities and doctors' surgeries, etc.). Like all standards, this standard is not directly mandatory. However, operators of inpatient treatment (hospitals) in particular are obliged to implement it in accordance with Section 75c SGB-V and the industry-specific security standard specified therein. For operators outside of this context (care facilities, medical practices, etc.), however, implementation is recommended in order to counteract possible liability claims. Implementation and documentation are not subject to any formal requirements.
PCI-DSS
Payment Card Industry Data Security Standard
This standard, usually abbreviated to PCI or PCI-DSS, is a set of rules for payment transactions that relates to the processing of credit card transactions and is supported by all major credit card organizations.
Industry-specific safety standards (B3S)
Critical infrastructures or their associations can specify in "sector-specific security standards" (B3S) how the state of the art requirements can be met. B3S can be submitted to the BSI to determine suitability. There is no legal obligation to draw up a B3S. However, the creation of a B3S is an opportunity for industries to formulate their own "state of the art" requirements based on their expertise. Furthermore, operators who have themselves audited according to such a recognized B3S have legal certainty regarding the "state of the art" that is required and checked during an audit.
IT-Grundschutz
IT-Grundschutz is a freely available procedure developed by the German Federal Office for Information Security (BSI) for implementing a holistic information security management system (ISMS) in institutions (authorities, companies and organizations). The main works of IT Grundschutz are the BSI standards and the IT Grundschutz compendium. Together, they represent a de facto standard for IT security according to the BSI.
Zero Trust Network Access
Zero Trust is an important tool for preventing cyberattacks by distrusting all assets on the network and requiring unique authentication for each network connection. ARP-GUARD provides a unique identity check for all devices and enables maximum transparency, control and security for your network, regardless of the size of the company and the network technology used.
COCKPIT - Sercurity Operations Plattform
Incident Management: 24/7 detection, analysis, containment & response to security incidents in ONE solution
The fulfillment of the reporting obligation with early warning, report & resulting remedial measures can be implemented via the DTS Cockpit
Proactive approach by detecting potential security vulnerabilities before attackers can exploit them
Policies
Objective risk assessment & continuous evaluation of your security level
ARP-GUARD as NAC included: end devices & sources of interference become visible & can be localized in a targeted manner. This transparency can be used to define and enforce individual compliance policies.
- Business Continuity: Ensure business continuity with the right DTS Incident Response Service & experienced crisis management from DTS
Regular security audits & penetration tests: Recurring testing & re-testing of the entire environment through continuous, customized assessments
Effectiveness of risk management measures
Development & regular evaluation of the effectiveness of risk management measures with continuous review by DTS Purple Teaming
DTS Cockpit understands cyber security as a holistic, ongoing process
Cyber hygiene (e.g. updates): Device compliance through the DTS Client
More IT security in general: Provided from own, certified & EU-DSGVO compliant data centers
Cockpit already covers these important components of NIS2.
Identity - IAM & CIAM as a Service
Access control, access management & profile management
(Customer) Identity & Access Management (IAM & CIAM) ensure on a central platform that only authorized & entitled identities can access IT resources. In addition, DTS Identity protects your sensitive data (encrypted or hashed) & increases the overall level of security.
Multi-factor authentication (MFA) & single sign-on (SSO) for local or cloud apps: you log in once for all approved apps using your multi-factor authentication and have access everywhere
Central, intuitive dashboard for all management & apps - as self-service, incl. CI
Policies:
Conditional access: clear guidelines on who can access apps & information from where and with which MFA
Role-based access control (RBAC): A user can be assigned the appropriate role, with predefined access rights. This allows you to maintain an overview and control access to applications.
Incident Management:
Prevention & detection for traceability of access rights, accesses & logins at a glance
Management: All access rights can be revoked directly
Cryptography:
Encryption: None of the passwords are stored at DTS Identity & all are passed on in encrypted form
Breached Password Detection: Identification of "breached" users & passwords enables direct reaction
Supply chain: Security in the supply chain by integrating partners into DTS Identity via suitable B2B licenses
Effectiveness: Measurement of cyber & risk measures, as DTS Identity reporting is available at all times
Communication: Secure voice, video & text communication through integration into DTS Identity
More IT security in general:
"Secure-by-design" architecture based on the zero trust principle (clustered K8s environment that is resistant to brute force attacks as well as threats and DDoS)
Provided from our own certified & EU GDPR-compliant data centers
Identity already covers important components of NIS2.
Zero Trust
Identity as a Service (IDaaS) is an essential building block within the Zero Trust approach to cybersecurity. IDaaS moves identity management and access control to the cloud, allowing users to be identified, authenticated and authorized regardless of their location or the end device used. This solution enables companies to continuously verify trust in user identities and dynamically adjust access rights based on contextual information such as device integrity, location and user behavior. By integrating IDaaS into the Zero Trust architecture, a comprehensive security strategy is created that aims to minimize threats and protect sensitive resources from unauthorized access.
isl.de