ObjectSecurity’s services range from high-level tasks such as security architecture and analysis, assessment and testing, as well as policy, down to the implementation of security technologies. We can help you close the loop between business and IT security and to implement security relevant regulations, processes and frameworks across your IT.
In particular, we offer leading services, R&D, solutions and training related to information security, esp. related to security policy management and implementation (incl. “model-driven security”), access control, cloud security, SOA security, middleware security. Additional services include model-driven requirements engineering, and legal technical expert witness for cybersecurity cases.
Our successful track record with many large blue-chip companies and government organizations underscores our strong expertise and our ability to handle complex security requirements in very demanding IT environments. Projects span numerous mission-critical industries (incl. government, aerospace, defense, manufacturing, finance, telecom, and more).
ObjectSecurity’s highly experienced and qualified security experts hold advanced degrees (PhDs/Master’s) in information security, each have over 15 years of experience in the field, and are renowned visionaries in the area of “model-driven security” and cloud security.
- Security policy automation, including dynamic application security policy automation (esp. access control, audit), model-driven security and agile information assurance accreditation automation. Roadmapping, design, architecture, implementation, assessment, consulting, training, R&D
- Fine-grained access control, including access control policy architecture, design, implantation, automation, review/assessment, attribute-based access control (ABAC); using various technologies, incl. professional services for OpenPMF and XACML.
- Security information modeling and ontologies, including security policy metamodeling, ontologies, privacy ontologies, incident/threat/malware ontologies, attack tree analysis ontologies etc.
- Identity & Access Management (IAM) roadmap, design, implementation – incl. fine-grained authorization, attribute-based access control (ABAC), access policy testing etc.
- Artificial intelligence and cybersecurity, incl. pentesting automation, reinforcement learning, policy prediction etc.
- Application Security, including secure application construction/integration, application security architecture, platform selection / deployment, security assessment, development tool/methodology security, pentesting
- Information assurance accreditation automation, using model-driven security approaches for automated generation of supporting evidence.
- Middleware security, including “model-driven security”, middleware security architecture, middleware security features selection, implementation, deployment, security assessment, development tool/methodology security, technical support (e.g. MICO)
- Cloud security, including security roadmap definition, security architecture, security assessment, PaaS security policy automation, compliance automation. ObjectSecurity’s CEO Dr. Ulrich Lang is on the board of Cloud Security Alliance (Silicon Valley Chapter).
- Service Oriented Architecture (SOA) security, including security roadmap definition, security architecture, security assessment
- Vulnerability assessment & pen-testing, incl. binary (static/dynamic), source code etc.
- Embedded systems security, including pentesting, architecture, design, implementation, development tool/methodology security.
- Enterprise information security policy, including standards assessment, risk analysis, controls selection and implementation architecture, Security Management System (SMS) development and review.
- Application layer firewalls, including risk assessment, selection, implementation, incident reporting/auditing
- Social network platform security, including risk assessment, architecture, design, implementation, review.
- Security training workshops, tailor-made or general purpose
- Contract R&D, including government funded disruptive R&D (EU FPx, US SBIRs), contract studies, emerging technology analyses etc.