Security for the whole life-cycle

Technologies, attack methods and threats are constantly evolving. In order to be able to consider solutions for tomorrow's threats today, it is essential to look to the future. We therefore continuously manage and support selected research projects for applied cybersecurity. All life cycle phases benefit from these findings.

Our ‘Security Concept’ service focusses on the development of detailed security concepts that are specifically tailored to the requirements of product development. We work closely with your development teams to consider the security-relevant aspects of new products right from the start. This includes the identification of potential security risks, the definition of protective measures and the integration of security requirements into the entire development process. The aim is to develop products that meet the highest security standards and are protected against future threats. Our concepts serve as the basis for a secure design and successful implementation that ensures both the security and functionality of the product.

Our security risk analyses help you to identify potential threats and vulnerabilities in your IT and OT systems. In conjunction with the necessary attack steps, the capabilities of the attacker and the current and future interests, we assess the risks in order to create prioritised action plans to protect your systems from attacks. By coordinating your risk management in general, you can make a well-founded comparison of other risks in your organisation, such as corporate risks, safety and others, and thus make informed decisions about your investments in security and the future.
Our many years of experience with a wide range of systems, technologies and architectures enable us to quickly recognise potential risks. We apply established standards and norms to ensure compliance with guidelines and laws. Among other things, we use analysis tools and attack graphs that we have developed ourselves to visualise threats in a way that is understandable for all stakeholders and to be able to assess them in detail. Our services include

Requirements engineering lays the foundation for the secure operation of systems and installations. Based on the security concept and risk analysis, we refine the overall system architecture and derive requirements for the subsystems. The subsequent operating and maintenance concept is also incorporated to ensure smooth utilisation over the life cycle. We attach particular importance to precise and comprehensive specifications that take both technical and organisational aspects into account. This ensures that all requirements are clearly defined and verifiable to guarantee a successful implementation.
The results form the basis for your own product development or a successful tender on the market.

The ‘Systems Engineering’ service includes the development and implementation of holistic system solutions that fulfil both functional and safety-related requirements. We consider the entire life cycle of your systems, from planning and development through to implementation and maintenance. Our solutions are designed to meet current safety standards while being flexible enough to adapt to future requirements.

With Security Operations and Development Operations, we support you in planning, designing and implementing your capabilities for monitoring and responding to security incidents. We also equip you with the skills to continuously develop your systems. Benefit from our experience in the design, development and operation of systems when setting up a SOC, planning and integrating PKI or IAM and designing BCM capabilities. Our design takes into account all relevant processes, technologies and organizational structures to build and maintain an effective and efficient security structure.

How do you test implementation and error scenarios in line with requirements? Through realistic test environments! We develop and create test environments for various security services such as PKI or SIEM/SOC. Why do we do this? In order to actually be able to carry out positive and negative tests, the services require a degree of flexibility that is not desirable in the production environment. With our systems, you can carry out (partially) automated test campaigns of all kinds and run through a variety of scenarios. Test the quality of the implementation of your own development or that of a supplier, realistically play through malfunction scenarios and prepare yourself and your team for these challenges.

With Security Testing and Test Automation, we offer comprehensive security tests that can be carried out both manually and automatically. Our aim is to identify and eliminate potential weaknesses in the implementation at an early stage. By using automated test methods, we increase the efficiency and accuracy of the tests, which leads to increased system integrity. Your test cases do not yet allow automation or you lack the test set-up? We support your team in designing automatable test case descriptions and setting up test environments for continuous testing.

Sparring instead of shadow boxing! We take a red teaming approach to pentesting. This means that our penetration tests (pentesting) perform tailored attacks on your systems in order to identify and exploit vulnerabilities instead of just naming known vulnerabilities. This results in a realistic assessment of the risk and, at the same time, countermeasures for future system design and mitigation can be specifically derived and implemented in the existing system. We conclude our pentests with comprehensive reports and recommendations for improving your security situation. We would be happy to discuss further details and steps in person.

Our Verification & Validation Services offer you a structured and systematic review of new products during the entire development phase in accordance with the V-model. Through thorough verification and validation, we ensure that all requirements are met and that the product fulfils the highest quality and safety standards.

Do you want or need an independent assessment of your security concepts or solutions? We have recognised experts for evaluating and checking security documentation against the relevant industry standards. The independent review can take place in all phases - security concept, risk analysis, requirements specification, functional specification and product. In the railways sector in particular, we also offer auditing by an expert for IT security recognised by the German Federal Railway Authority (EBA).

Our security management supports you in the planning, organisation and monitoring of your cyber security projects. We ensure that projects are completed on time and within budget and that all security requirements are met. Our project managers act as communicative and service-orientated partners in your projects thanks to their own many years of experience in various industrial sectors.

Our Security Principles offer you comprehensive advice on integrating IT and OT security into your organisation. We help you to understand the specific requirements of both areas, consolidate the legal and normative requirements and develop a strategy for your company or your specific areas. Build up and expand your security expertise with us and equip yourself for existing and future challenges.

Our awareness training educates your employees in cyber security best practices. We offer tailored training programmes that raise awareness of security risks and positively influence employee behaviour. Awareness training is tailored to the tasks and workplaces of the respective employees. This significantly increases the relevance and therefore the learning effect.

Making informed and conscious decisions is essential in risk management. Our training programmes empower your employees according to their area of responsibility. We offer training programmes with an individual approach for all levels from production to development, operations and middle to senior management. Improve the quality of your work results and increase the satisfaction of your employees through practical training programmes.