COMPANY PROFILE YEAR 2013

Transcription

1 COMPANY PROFILE YEAR BUSINESS MANAGEMENT COMPETENCE SECURITY MANAGEMENT AND COMPLIANCE LOGICAL SECURITY CRYPTOGRAPHY NETWORK / PERIMETRAL SECURITY PHYSICAL SECURITY ENTERPRISE APPLICATION INTEGRATION EAI SERVICES CONSULTING SERVICES SYSTEM INTEGRATION AND DELIVERY SERVICES PROJECT MANAGEMENT TRAINING OPERATIONAL SERVICES PRODUCTS INNOVERY ENTERPRISE ELECTRONIC SIGNATURE SUITE SECURITY CLIENT TOOLKIT CARD MANAGEMENT SYSTEM CMS REGISTRATION AUTHORITY CA LOG-BOOK SOC DECISION MANAGER SOC-DM UTILITIES FOR CERTIFICATION AUTHORITY CERTIFIED AND REGISTERED ELECTRONIC MAIL PEC / REM SECURE UTILITIES FOR SAP TIME STAMPING IBM-STERLING COMMERCE ADAPTERS OCSP REFERENCES CUSTOMERS SERVICES PARTNERS BOARD... 8 Page 1 of 8

2 1. BUSINESS INNOVERY is a leading ICT Services Provider and Software Developer for medium to large sized customers, with a significant experiences in the fields of: ICT SECURITY ENTERPRISE APPLICATION INTEGRATION EAI INNOVERY is a privately-owned Joint Stock Company founded in 2001 by high qualified ICT security consultants. INNOVERY develops its business cooperating with its affiliates: INNOVERY & AFFILIATES HQ ACTIVITY INNOVERY Italy ICT Security, EAI. INNOVERY ESPAÑA Spain EAI: IBM-Sterling. MOXTEAM Italy - EAI/BPM: TIBCO. - Telephony & Internet Mobile. - Business KPI Control. - Business Processes Monitoring INNOVERY LATINO AMERICA Mexico EAI: IBM-Sterling All Company services are certified by: ISO 9001: n /A/0001/Uk/It ISO 27001: n /B/0001/Uk/It ISO 14001: n /C/0001/Uk/It INNOVERY has consistently increased its revenue over the years: 2. MANAGEMENT Our Management Policy is based on the following values: Operating with working groups that combine strategic skills with technical and highly qualified skills; Offering and developing solutions consistent with business model of customers; Quickly and effectively run. INNOVERY has expanded by recruiting and retaining highly educated and specialized engineers, that are building a unique experience through the implementation of technologically advanced IT services: 3. COMPETENCE INNOVERY designs, develops, supports and promotes software ICT applications and solutions by using and integrating the state-of-the-art technologies: The Company has a strong and diversified customer base building up a particularly strong reputation for quality and innovation: ICT SECURITY Security Management Logical Security Cryptography Network Security Physical Security ENTERPRISE APPLICATION INTEGRATION EAI Breakdown by technology of the Company revenue is as follows: Page 2 of 8

3 3.1 SECURITY MANAGEMENT AND COMPLIANCE Our security consultants provide a comprehensive service to take full control over your security infrastructure. Our Security Management activities include: Risk Analysis Vulnerability Assessment Penetration Test Soft Security Assurance Security Policy Development Audits SCADA Security OWASP Our compliance services can help companies meet numerous regulatory needs, including PCI DSS and ISO LOGICAL SECURITY Our Logical Security activities ensure that access to information and business processes should be controlled on the basis of your business and security requirements. INNOVERY Logical Security activities are in fields like: Identity Access Management Access Control SIEM Log Management Fraud Management Compliance Management Biometric Signature Data Loss Prevention (DLP) 3.3 CRYPTOGRAPHY INNOVERY provides security consultancy to organizations in implementing or expanding the business use of cryptography, by maximizing returns on investment in public-key infrastructure (PKI) and related digital security technologies. Our cryptography services include: Electronic signature, Encryption, Authentication, Electronic Transactions, Internet technologies, Applications for Public Key Infrastructure, Implementation of dedicated PKIs, Secure workflow of electronic documents, Internet security Architecture, Engineering and Integration Certificate Policy (CP) and Certification Practices Statement (CPS) PKI Standards and Interoperability Key Recovery products and solutions PKI Certification and Accreditation Utility that allows individuals to electronically sign and store virtually any format of document Solutions to electronic signature and cryptography Our main solutions in which the Digital Signature and the Cryptography are a basic enabling issue: Active & Passive e-invoicing Life Cycle e-commerce Certified and Registered Electronic Mail Collaborative Processes Authorization Cycles Legal Digital Archiving Data Confidentiality Secure Archive Privacy Management Engagement Processes 3.4 NETWORK / PERIMETRAL SECURITY INNOVERY specialists are network security experts in the following latest technological fields: Intrusion Detection Systems (IDS) Intrusion Prevention Systems (IPS) Network Access Control (NAC) Virtualized environment security Cloud Security Firewalling Malware 3.5 PHYSICAL SECURITY By providing a new perspective about the importance of integrating physical and logical security under a single body, our Physical Security activities are in fields like: Intrusion Detection Access Control TVCC Fire Fighting 3.6 ENTERPRISE APPLICATION INTEGRATION EAI INNOVERY can help customers to integrate both internal and external business processes across the value chain, and do it in smart, profitable increments. B2B Business Process Integration Multi-Enterprise SOA Engagement Processes Managed File Transfer EDI Solutions Authorization Cycles Data Confidentiality Privacy Management XML Web Services Page 3 of 8

4 4. SERVICES 4.1 CONSULTING SERVICES INNOVERY Consulting Services are in fields like: Security Strategy & Compliance Security Governance Security Awareness 4.2 SYSTEM INTEGRATION AND DELIVERY SERVICES INNOVERY system integration and delivery services, from consulting and planning to implementation and deployment activities, have been designed to meet a variety of needs, and provide customers with the most effective support options for their organizations that address their specific requirements. 4.3 PROJECT MANAGEMENT Our project delivery methodology, built on PMI s PMBoK, positions us at CMMI Level 3, provides all project team members and stakeholders with a clear step by step guide to follow all through the lifetime of the projects. Our Project Management methodology involves the following main knowledge issues: Project Management of entire Project Life Cycle Change Management Quality Management Technical Coordination 4.4 TRAINING Management of Project Resources Financial Management Risk Management Configuration Management INNOVERY training service can address customers specific educational requirements, understand their needs and build training materials and hands-on labs. 4.5 OPERATIONAL SERVICES INNOVERY Operational Services are all task-related activities relevant to Customer day-to-day support of individual components, group of components or a complete ICT Infrastructure. To speed resolution of issues and to keep costs down for our Customers, we employ a combination of the following monitoring and management services: remote services, by a dedicated Control Room, and on-site services Monitoring shall include: Alerts Performance Management shall include: Reactive Proactive General Configuration Vulnerabilities - Service Desk - Incident Management - Problem Management - Policy Management - Patch Management - System Audit - Asset Management - Configuration Management - Software Deployment - Software Updating These services are available on the web or by telephone by skilled engineers that offer superior ICT knowledge and expertise to enhance customer skills and service-level management. 5. PRODUCTS INNOVERY develops its own ICT products and integrated turnkey solutions with and excellent cost/quality ratio based on the latest, state-of-the-art technologies. 5.1 INNOVERY ENTERPRISE ELECTRONIC SIGNATURE SUITE Based on SOA architecture that allows maximum flexibility for additional new features, this suite is made up of client and server components, which provide the centralized services. Main features are to sign and verify, encrypt and decrypt all documents. It supports keys and certificates stored on hardware (PKCS#11) or software (PKCS#12), according with DigitPA rules. It also allows time stamping and, thanks to the wrapper layer, it also allows the use of any kind of Smart Card. Optional features of the suite are: Remote Signature Digital Signature Optimized XML signature Registration and Issuance of Certificates Key management File secure deleting PDF signature Legal Remote Signature Basket and Automatic Signature File set signature PIN management SSF management for SAP OCSP management Page 4 of 8

5 5.2 SECURITY CLIENT TOOLKIT Software library that collaborate when used in the construction of INNOVERY SECURITY CLIENT new cryptography features. 5.3 CARD MANAGEMENT SYSTEM CMS Application that provides a complete and flexible solution to manage the issuance and administration required for smart card deployments. Cooperating with INNOVERY Registration Authority, it manages the cards as well as data, applets and digital credentials including PKI certificates related to the cards throughout their entire life cycle. 5.4 REGISTRATI ON AUTHORITY A complete Web Based Application Suite that allows issuing of digital certificate and that offers of some advanced features: Integration module for smart card thermo-graphical printers; Pre-Registration Module that allows user data uploading. 5.5 CA LOG-BOOK A complete Application Platform for logging and monitoring CA s applications critical events like: Certification Authority, Time Stamping Authority, Card Management System, Registration Authority, Viewers et-cetera. 5.6 SOC DECISION MANAGER SOC-DM Based on Oracle rule and knowledge systems and dynamic analytic models, SOC-DM entails all aspects of managing decision-making process within a SOC environment by better handling the tradeoffs between precision, consistency, agility, speed, and cost of decision-making. 5.7 UTILITIES FOR CERTIFICATION AUTHORITY Application Platform for assembling Certification Authority components like: ASH-CMP service control Entrust interface library Cybertrust interface library Module for CRL publishing on Web server 5.8 CERTIFIED AND REGISTERED ELECTRONIC MAIL PEC / REM Application Platform that allows sending and receiving e- documents with a high security level and giving legal value to delivery process, according with the legal requirements. REM can verify that an electronic message was sent to the intended recipient and to provide the originator of the electronic message with an independent confirmation that verifies the time and date that the electronic message was sent and the time and date that it was delivered. 5.9 SECURE UTILITIES FOR SAP Application that allows secure store and forward mechanisms to protect data in the SAP infrastructures 5.10 TIME STAMPING Application that allows time stamp digital signature: Server component verified according with EAL3 Common Criteria Complete time stamp management module Plug-in to interface HSM modules Plug-in to interface Postecom security modules 5.11 IBM-STERLING COMMERCE ADAPTERS List of Adapters available: Time Stamp Adapter Storage Adapter EDI Signature Adapter 5.12 OCSP Security Adapter Documentum Adapter Distributed OCSP system that validates pre-computes signed OCSP responses for every certificate and distributes these responses to unprotected Responders. 6. REFERENCES 6.1 CUSTOMERS Below, our main Customers by market segment: UTILITY Terna, Enel, Postel, Iberdrola, Autostrade, Strada dei Parchi. TELECOMMUNICATION Telecom, TIM, H3G. PUBLIC ADMINISTRATION Comune di Roma, Regione Sardegna, Regione Siciliana, DigitPA, INPS, Notartel, SOGEI, CONSIP, SIAE, Università di Napoli, Università Cattolica, Repubblica di San Marino, Ospedale Mario Negri, ICE. FINANCE Banca d Italia, RCI Banque, SIA SSB, Banco Popolare, Mediolanum, Unipol, UBI Banca, AVIVA, BBVA, Citi Bank, Cedacri, Banco Santander, IW Bank, Unicredit. INDUSTRY Otomelara, Ansaldo STS, Ansaldo Breda, Alenia, MDBA, Armani, Pirelli, Renault Italia, Ferrero, Unilever, SAIWA, Elettronica, e-security, SELEX, Toshiba, Finmeccanica. Page 5 of 8

6 RETAIL / DISTRIBUTION Luxottica, Diesel, Sofidel, COOP Adriatica. 6.2 SERVICES Below, the focus to some of the most important services provided to our main customers PUBLIC KEY INFRAST RUCT URE AND DIGIT AL CERT IFICATES SYSTEM INTEGRATION Implementation of standards-based interoperable Public-Key Infrastructure (PKI) committed to secure transactions in e-business applications: Legal PKI (Compliance with DigitPA Rules), PKI Enterprise, Technology Migration. TECHNOLOGIES Entrust, Critical Path, Microsoft, Verizon, Open Source (Open CA), INNOVERY. CUSTOMERS Enel, Terna, SOGEI eccetera SECURITY OPERATIO NS CENTER SOC SYSTEM INTEGRATION Technology and Business Project Analysis, Service Model Definition, Architecture Design, Infrastructure Implementation Planning, Support to Activity Startup, Knowledge Management. TECHNOLOGIES Cisco, Symantec, CheckPoint, ISS, HP ArcSight. CUSTOMERS Enel, Terna, SOGEI eccetera CERT IFIED AND REG ISTERED ELECT RONIC MAIL REM SYSTEM INTEGRATION Implementation of an infrastructure to send and receive e-documents with a high security level and giving legal value to delivery process, according with the legal requirements. TECHNOLOGIES INNOVERY, Critical Path. CUSTOMERS Regione Siciliana SIEM & SECURITY COMPLIANCE SYSTEM INTEGRATION Security infrastructure to collect, manage, and send real time alert about activities on network device (firewall, IPS,VPN), critical applications and so on, and integration with identity and access management infrastructure. Activities should include assessment, thorough evaluation of the user s assets, system deployment and training. TECHNOLOGIES HP ArcSight; Splunk, Q1 Radar, Nice Actimize. CUSTOMERS Utility, Finance LOG MANAGEMENT SYSTEM INTEGRATION Implementation of system to collect and centralize log and other security events, check and track their integrity. Create archives for digital forensics analysis, create dashboards and reports; allow alert generation. TECHNOLOGIES HP ArcSight. CUSTOMERS Finance and PA IDM AND WEB SSO FEASIBILITY STUDY Modernization and normalization of enterprise out-of-date proprietary authentication and authorization systems: Simplify and secure identity management systems of holders and applications; Standardize and extend the authentication to applications; Replace with COTS components the current custom ones; Normalize the profiles management system; Extend the authentication and authorization, to the systems Application-to-Application (Web Services); Increase the level of security and authentication mechanisms; TECHNOLOGIES Oracle, Sun Microsystems: Sun Idenity Manager, Sun Syncornization and Provisioning Module, Sun Role Manager, Sun OpenSSO Enterprise, Sun Directory Server Enterprise Edition, Sun Open Directory Server. CUSTOMERS Utility E-INVOICING SOFTWARE DEVELOPMENT AND SYSTEM INTEGRATION Implementation of ICT Infrastructure according with Italian and European legal requirements and Business Process (BP) based: Buyer e Supplier BPs, Standard e custom archive BPs, Trust weaver invoicing web services BP, Revalidation BP, End to end template BP, Post processing template BP. TECHNOLOGIES Sterling Commerce (Gentran Integration Suite), Digital Signatures, C++, Java, Sun Microsystems (J- Caps), INNOVERY. CUSTOMERS Utility EDI SYSTEM INTEGRATION To exchange, without human intervention, purchase orders and invoices from one business system to the other. TECHNOLOGIES Sterling Commerce, Tibco, Digital Signatures, C++, Java, INNOVERY. CUSTOMERS Finance. Page 6 of 8

7 6.2.9 MANAGED AND SECURE FIL E TRANSFER SYSTEM INTEGRATION Provide a single application that handles all corporate file transfers regardless of protocol. TECHNOLOGIES Sterling Commerce, INNOVERY. CUSTOMERS Utility XML/PDF SIG NAT URE SOFTWARE DEVELOPMENT Application that allows digital signature of XML and Adobe documents According with Italian and European standards and Adobe specifications. Technologies: INNOVERY, C++, C#. CUSTOMERS Utility CARTA NAZIO NALE DEI SERVIZI (CNS) SOFTWARE DEVELOPMENT Enrolment of file encryption and SSL Certificates through Entrust CA TECHNOLOGIES INNOVERY, C++, Pkcs#11, CSP. CUSTOMERS Regione Siciliana. CYBER-ARK ENTRUST XYZMO Privileged Identity Management: Manage and Update privileged user and administration accounts. PKI, Digital Signature and Cryptography; Biometric Authentication. RSA Strong Authentication. TIBCO ALIENVAULT HP-ARCSIGHT IBM Cloud Computing and Grid Computing. Log Management, SIEM, High Sensitive Data Management NET LINK SMART CARD SOFTWARE DEVELOPMENT To allow enrolment and management of health card in combination with other card security features TECHNOLOGIES INNOVERY. CUSTOMERS Regione Siciliana. 7. PARTNERS Partnerships are basic to how INNOVERY conducts his business. INNOVERY helps partners to respond to the needs of new customers, strengthen relationships with existing customers, and open the potential for greater sales and profits. INNOVERY has established long term cooperation and business relations with a great number of hardware and technology vendors. CISCO TREND MICRO MCAFEE STONESOFT SYMANTEC SAFENET THALES Integrated Network Security Data Loss Prevention (DLP) Encryption HSM PARTNER CA INNOVERY RESELLER SYSTEM INTEGRATION OPERATIONAL SUPPORT ORACLE TECHNOLOGY Identity Access Management, Identity Management, SSO. GEMALTO IBM STERLING COMMERCE HP - FORTIFY FIREEYE Strong Authentication, Cryptography B2B Solutions, Enterprise Integration Application, Managed File Transfer. Software Security Assurance (including Related Services) Web Malware Protection System (MPS) IBM Page 7 of 8

8 POSITIVE TECHNOLOGIES MAXPATROL NICE ACTIMIZE Vulnerability and compliance management, auditing, penetration test Integrated Fraud Management System FORESCOUT Network Access Control (NAC) MICROFOCUS DATA EXPRESS Testing data meeting Data Privacy compliance OBSERVE IT User Activity Monitoring 8. BOARD Gianvittorio Abate is INNOVERY Chief Financial and Operating Officer (CFOO). Class 73, he s graduated in Informatics and specialized in the ICT Security and EAI fields. He brilliantly runs the company, working in contact with his workers to successfully pursue the Customers targets. His direct participation to numerous projecting and training activities and the achievement of key professional certifications establish significant issues in the affirmation of the Company with many Customers. The most important activities conducted and managed by Gianvittorio Abate, which deserve to be pointed out, are: ICT Security/EAI Infrastructure projecting for companies of the utility, financing and public administration sectors; Solutions projecting such as: electronic invoicing, documents dematerialization, substitutive conservation (DigitPA) for companies in the utility, financing and public administration sectors; Cryptography and Digital Signature Solutions. Page 8 of 8