Castleforce help companies with IT Security compliance and risk management by offering products and services to help enforce policies.

PINsafe's single channel web-based solutions are ideal for protecting Web pages, Outlook Web Access (OWA) and SSL VPNs. It is simple to seamlessly integrate with these technologies and is an effective alternative or addition to vulnerable username and password authentication.

PINsafe provides a choice of TURing, PATtern or BUTton interfaces so help secure remote access with no ongoing cost for authentication. As a user's PIN is never entered the solution is immune to keyboard-logging based attacks. The images may employ character rotation and will use a range of fonts and backgrounds and even animation (PINsafe 3.6 onwards).  All to provide resistance to OCR attacks. The security strings can be made up of numbers, characters or even a mixture of the two.

For more details on Swivel PINsafe

Netasq EAL4 EU Restricted firewall

 NETASQ is best known for designing and building the NETASQ EAL4 certified UTM Firewalls. Key features include intrusion prevention, firewall, antivirus, antispyware, antispam, content filtering, VPN and SSL-VPN access. EAL4 Certified on all Netasq firewalls.

Netasq has over 75,000 unified threat management firewalls deployed to business, government and defence organisations of all sizes, NETASQ delivers solutions of unrivalled performance, protection and control and the most comprehensive EU and NATO certifications of any firewall. NETASQ is present in 40 countries and has been securing businesses since 1998.

For more details on Netasq firewalls

DESlock PRO Features

• Full disk encryption - Fast transparent pre-boot security using FIPS validated 256 bit AES encryption.
• Removable media encryption - Policy driven removable media encryption using patented key sharing technology. Now includes DESlock+ Go, on-device software for off-system collaboration.
• Email encryption - Fast, transparent email encryption for Outlook users.
• File & folder encryption - Fast transparent encryption for an extra layer of security within the enterprise.
• Centralised management - Full control of licencing and software features, security policy and encryption keys.
• Assured security - DESlock+ is CESG CCTM accredited and FIPS 140-2 level 1 validated. 

For more details on DESlock Pro

Assuria Log Manager CCTM Accreditation Achieved

Assuria Log Manager (ALM) securely collects and manages audit logs from across the enterprise, helping organisation, small SME’s or large enterprises, comply with regulations. The small footprint* ALM agents are available for Windows and Red Hat Linux platforms (plus many more please see out of scope section 2.2.4 for details). ALM can securely collect almost any logs from almost any source including Windows, Unix and Linux servers, databases, applications, network devices, firewalls, routers, access control systems and many more. Collection from new log sources can be added via agent plug-ins. Collected logs are stored in their original format in a standard file / folder structure with log data integrity ensured through digital signatures and cryptographic hashes.

ALM has a powerful log analysis engine and report generator which allows easy generation of customised reports and alerts of log events as well as a library of standard reports, such as those required for PCI-DSS or CESG GPG-13 compliance. Alerting options includes an opt-in email and other alerting options.

For more details on Assuria CESG CCTM accredited Log Manager

Assuria Auditor Server Security. Assured

Assuria Auditor provides automated Vulnerability Assessment and Configuration Assurance for servers and endpoints through a blend of Resident Agent and Remote Agentless scanning approaches.

• Server hardening
• Vulnerability Assessment
• Compliance Assessment
• Change detection
• Inventory Reporting

For further details on Assuria Auditor

GPG13 Protective Monitoring Conrtol

Protective Monitoring, also known as Good Practice Guide 13, or GPG13, is a UK government (CESG) recommended set of people and business processes and technology to improve company risk profiles.

Essentially, a Protective Monitoring solution will provide visibility and an understanding of who is accessing your organisations sensitive data.

Implementation of protective monitoring solutions are recommended in a number of regulatory and industry best practices, such as PCI DSS, ISO27001, GCSx CoCo and SOX.

More details on GPG13 Protective Monitoring

Information Governance Toolkit Assessment for NHS

Castleforce Information Governance (IG) leadership focus on providing assistance to NHS providers, Commercial third parties and NHS partners in complying with the complex and rapid changing landscape of IG.

NHS Information Governance Toolkit V8 Online Submission

Join our open IT Security Group