• Magyar
  • English
Sajtóközlemények RSS feed


Ethical hacking

Ethical hacking is the simulation of attacks by a hacker (or an internal user) by our trained experts. Penetration tests are always performed after prior consultation with the Client specifying the steps, conditions, objectives and expected outcomes of the test. Experts of Noreg Ltd. who qualified as Certified Ethical Hackers (CEH) have tested the infrastructure of numerous companies (firewalls, network devices, web portals, internet appliances, databases and SCADA systems) enhancing the security of their system and their critically important data.

If suspicious events are noticed in a system, the cause may often be an earlier attack, the investigation/tracking of which requires substantial expertise. Noreg has the necessary knowledge as specialists of our staff qualified as Computer Hacking Forensic Investigators (CHFI).

Identity management systems

The proliferation of IT systems, the continued growth of the volume and value of the data they manage increasingly requires up-to-date records of privileges the users have to access systems. The introduction of an identity management system is a complex task, and the time required for its implementation depends on the state of the organization and the systems to be included under the control of the IDM.

Noreg as an independent vendor has introduced market leading identity management solutions (HP Select Identity, Sun Identity manager, Novell Identity Manager, Oracle Identity Manager) at many businesses. Noreg also participated as a client-side consultant in identity management projects (feasibility study, concept, quality assurance) . We have similarly extensive experience at handling privileged user accounts, where we recommend Cyber-Ark Privileged Identity Management Suite or Novell Privileged User Manager as solutions.

IT security consulting

Nowadays not only large enterprises and institutions but small and medium sized businesses have to consider external and internal security threats. The best defense against security threats is prevention. How can we decide what level of security our company needs? That level should be determined through a survey of information security requirements, a so-called information security audit using –if possible- external i.e. unbiased help of an IT security expert.

In recent years we prepared several companies for audit according to different requirements (SOX, PCI DSS, Bazel II., HPT, ISO 27001, Common Criteria), prepared information security policies and procedures, drew up business continuity plans, disaster recovery plans and organized IT security trainings. The high standard of the accomplished work is guaranteed by the up-to-date knowledge of our consultants who hold distinct qualifications (CISA, CISM, CRISC, CISSP, and CBCI)


PKI is a set of procedures, processes, people, software and hardware that enables the issuance, distribution, continuous management and use of public key certificates. As can be seen from this definition, a public key infrastructure is extensive, is made up of many components, and can be used in a number of applications. These components together constitute a complex infrastructure, but the individual components can be implemented one by one (each separately) as well.

Noreg offers the following solutions for the individual components of a PKI system:

Noreg offers the following in-house PKI applications besides available products on the market:

Noreg offers the following PKI services:

  • drawing up feasibility studies and concept documents
  • authentication services, time stamping services, planning, implementation, development and support of internal corporate PKI systems
  • preparation of related policies, overview of existing policies
  • development, introduction and support of custom PKI applications

Log analysis and incident management

Nowadays, certain international and national laws and recommendations specify requirements as to how various organizations should manage and reduce their IT risks. This requires IT security solutions which are able to collect the relevant events from various systems, identify security incidents, and facilitate the rapid selection and swift implementation of appropriate protection measures.

Among the solutions marketed by Noreg there are log collection systems (Sentinel Log Manager, syslog-ng, QRadar) and analytical systems with correlation capabilities (Sentinel, QRadar). The solutions support a wide range of platforms, feature built-in reporting capabilities, can be scaled to individual needs and allow building customizable systems. As an independent vendor Noreg introduced a multitude of SIEM (Security Information and Event Management) systems, or participated as a client-side consultant in the preparation as well as the support of the introduction.

Mobile security

More and more mobile devices are used with an ever-increasing functionality. A significant part of data stored on mobile devices is personal or confidential business information. Using mobile devices with inadequate protection poses a major risk, and a potential security incident can considerably reduce the company's prestige.

Solutions have been available for notebooks that can centrally manage notebooks under the control of the system using policies. There is a wide range of security controls that can be applied. SafeGuardEnterprise which is marketed by Noreg provides features including logical access management, hard disk encryption, and even full control of peripheral devices.

Solutions for mobile phones need to address further difficulties. The user experience should not be reduced, enterprise security and compliance obligations must not be compromised while utilising the special capabilities of phones. All challenges to mobile phone security are reliably addressed by the MAD (Mobile Active Defense) mobile security solution.

Intrusion detection and prevention

Intrusion detection systems (IDS) and intrusion prevention systems (IPS) provide protection against attacks from networks. Solutions were initially divided into two areas: network and host (server and workstation) based solutions. Operation of the network devices is based on monitoring and analyzing traffic, while host-based devices monitor logs. The development of information technology and environments brought expansion to the basic functions and added protection of applications and databases.

Noreg has been dealing with IBM-ISS IDS / IPS solutions (network, host and virtual IPS) since its incorporation in 1998 building numerous systems for banks using this technology. These products, thanks to continuous innovation, are among the market leaders to the present day. IBM Guardium products are in a similar position in the field of database monitoring and real-time protection. Our IPS portfolio includes IBM-ISS products as well as McAfee and Radware IPS solutions, from which we also have many references, particularly in the field of public administration.

Cloud security

Cloud computing is considered a field characterized by continued growth and a great future by industry analysts. Gartner has published rather optimistic forecasts of the expansion of cloud-based technologies consistently listing cloud computing among the top ten strategic technologies, while IDC estimates annual growth of 27% on average until 2015.

Responses to security challenges are not any different in the field of virtualization either; however specific features have to be considered. Noreg Ltd is prepared to provide solutions for the new security needs both expanding its portfolio with new solutions and complementing its existing services with cloud-based specialties.