In a dynamic world, in which new technologies, services, products and forms of interaction advance with ever-increasing intensity, trust is vital for a successful business. With the use of information and communication security technologies, trustworthiness can be maximized by ensuring consistent business, without interruptions, without loss of privacy and without any security incidents that interfere in business and cause impacts that many times are hard to overcome.
The CPqD Information and Communication Security technology platform comprises multidimensional know-how (regulatory, procedural, physical and technological), aimed at preventing, detecting and responding to security incidents, maximizing trustworthiness.
The most important know-how for this platform includes:
Technologies and methods to reveal vulnerabilities and assess the degree of exposure to protocol, service, technology and product risks in software or hardware systems.
- Code inspection
- Exploit development
- Penetration testing
- Reverse engineering
- Static code analysis
- Vulnerability assessment
Technologies and methods for the identification, authentication and authorization of users and devices for physical and logical accesses, Identity Access Management (IAM), Adaptive Dynamic Authentication (ADA), continuous user authentication and advanced authentication.
- Adaptive and dynamic authentication
- Authentication tokens
- Behavioral biometrics
- Context-based authentication
- Device ID
- Face biometrics
- Risk-based authentication
- Single Sign-On
- Voice biometrics
Technologies to ensure the confidentiality, integrity and authenticity of data, applicable to protocols, services and products, in traditional versions, for restricted environments (lightweight encryption) and environments resistant to quantum computers (post-quantum encryption).
- Digital certificates (public key certificate)
- Digital signature algorithms
- Encryption algorithms
- Hash algorithms
- Homomorphic encryption
- Lightweight encryption
- Message Authentication Codes (MAC)
- Post-quantum encryption
Governance, Risk, Compliance (GRC)
Methods applied for the analysis, assessment, organization, structuring, and planning of security, risks, business continuity, and critical infrastructure protection, with a focus on information security.
- Business Impact Analysis (BIA)
- Critical infrastructure identification
- Disaster recovery and contingency
- Gap analysis
- Interdependency analysis
- Policies, rules, practices and procedures
- Risk assessment
- Risk identification and analysis
- Security architecture
- Threat modeling and analysis
Software and Hardware Protection
Security algorithm-based technologies to protect data processed by software and hardware against different types of attacks.
- Anti-Reverse Engineering (ARE)
- Code obfuscation
- Anomaly detection
- Cryptographic key protection
- Data in use protection
- Runtime application self-protection (RASP)
- Secure channel
- Secure development
- Security monitoring
Wide-reaching and diversified activity
CPqD is present in the area of information and communication security with the CPqD Anti-fraud solution, the CPqD Smart Authentication solution, the CPqD Secure Component solution and other specialized services, with customers in the financial, industrial, electric power, agricultural and telecommunication sectors.