February 10^th, 2010
IT Security Audits of Automated Cash Handling and Payment Processing Systems

Since 2008 Detack performs in depth ATM / POS IT security audits for clients active in the banking, cash and payment processing environments. These tests address the corresponding interfaces and applications as well as the bank terminals security and the customers´ site - the DMZ services responsible for the cash management and operator functions. These procedures are necessary for determining any communication protocols related flaws, system or application flaws affecting the customer.

Detack GmbH has built specialized IT security audit modules for ATM / POS system environments, adapted to the customer’s requirements for each specific test environment. The test structure is built around a customization of the Detack e-Banking Services Audit, Internal Security Audit and the Standard Security Audit modules performed in many projects for the Detack clients. The resulting modules are:
Detack Security Audit for ATM/POS – Infrastructure and Security Design
Detack Security Audit for ATM/POS – Bank Communication End / Central Authorization
Detack Security Audit for Payment Terminals (POS)
Detack Security Audit for Cash and Multifunctional Terminals (ATM)

Regarding the increasing activity in this specific testing environment Detack became an active member of ATMIA (ATM Industry Association) since the year 2008.

October 16^th, 2009
Detack attended as an exhibitor on the it-sa from October 13^th until 15^th 2009 in Nuremberg
Hall 5, Exhibition Stand 5-130

Although Systems has closed its doors the trade fair it-sa remains the focal meeting point for IT security experts in Germany and, in particular, it continues to offer a platform for IT security managers through its open forums in the exhibition halls.

On the it-sa the new SAP^® benchmarking was presented for the first time by Detack – "S-KPI“ is a quick test identifying the IT security of SAP^® systems and saving potentials. Further Detack informed about the performance of high level IT security audits at fair prices as well as the "sign IA" – a ticket based single sign-on system for secure multi factor authentication for SAP^® and Non-SAP^®.

On the stand the trade fair visitors had the chance to get an insight to the Detack product portfolio containing amongst others the following services and products:

IT Security Audits: from the anonymous and user perspective
 internal and external standard IT network security audits
 applications like e-Banking, e-Government, e-Business services audits, internal and external SAP®-, VPN-, terminal services, midrange and
    mainframe audits, DMZ and domain security, internal attacks as well as from partners
 IT security audits of self developed solutions and product audits

Single Sign-On: secure and comfortable system logon with the ticket based Detack "sign IA" for SAP^® and Non-SAP^®

SAP® Benchmarking: Detack "S-KPI“ quick test for SAP^® security and saving potentials

Detack presentations held on the it-sa in forum red:
- Secure (SAP/Non-SAP) system access and economical efficiency combined - single sign-on with the ticket based "sign IA"
13.10.2009, 13:15 – Matthias Forster – Handout / Video

- In contrast to the economy the IT espionage is booming – how to master your IT security responsibility
15.10.2009, 10:45 – Ulrich Neider – Handout / Video

IT(ea)-Time: Roundtable
Helpers in the IT security – which tools are existing and to whom they are useful? – Video

Detack performed a tombola during the it-sa – the prizes were a free security audit and consulting sessions with our experts!

October 2^nd, 2009
Detack attended again on the DSAG yearly congress as an exhibitor– many trade visitors
were interested in the Detack products and services
29^th September until 1^st October 2009 – Exhibition Stand (P4)

The German speaking SAP user group (DSAG) supports SAP clients as an important community of interests regarding all questions and problems around the SAP world. 2009 it was themed as “Ways into the Future” located at the Messe und Congress Centrum Bremen.

The exhibition stand of Detack on the DSAG yearly congress in 2009 provided the trade visitors as in 2008 again the opportunity to discuss about IT security audits, single sign-on and SAP benchmarking with the Detack experts.

Direct neighbours are GORBIT GmbH and "realtime ag" who developed together with Detack the practice orientated GRC Solution Suite. This solution has been successfully presented to the public through several cities in Germany on their conjoint roadshow “Compliance under Control”. This suite combines the "sign IA" of Detack, "RUF_xe" of GORBIT and "apm atlantis" of realtime to a fully integrated solution for the entire GRC process in SAP and non-SAP systems.

	The GRC Solution Suite: Compliance under Control       -  role- and composite roles management       -  user and identity management       -  process- and compliance monitoring       -  recording of histories       -  workflow control

As a response to the high interest received a practice orientated live demonstration of the overall solution was held. Self-evidently, also the standalone available "sign IA" - as a ticket based single sign-on system for secure multi factor authentication at SAP and non-SAP - was demonstrated.


The Detack GmbH additionally presented the new SAP® benchmarking solution "S-KPI“ a quick test assessing the security of SAP systems and possible saving potentials. Due to the continuous rising demand of Detacks professional services the security audits were another highlight on the Detack exhibition stand..

Detack performed a tombola during the DSAG yearly congress – the prize was a free security session with our experts!

May 15^th, 2009
We cordially invited you to our free GRC event

Compliance under Control
act, don’t react

Stay capable of acting by:

- Transparent Processes       - Flexible Authorization Concepts
- Revision Security                   - Optimisation of Cost Structures

Andreas Kerbusk knows this competition well. In his presentation he reflected chances and their positive adaption using his long time experience as board member of the German speaking SAP users group (DSAG) and as CIO of several corporate groups. In the closing part we presented how authentication, user and role management can be combined on a single platform. With the GRC Solution Suite a highly integrated application for central process management of your authorisation and security becomes reality.

Agenda
from 13:00 Refreshments

         14:00 Greeting

         14:15 Compliance under Control – Andreas Kerbusk

         15:30 Coffee and Cakes

         16:00 The GRC Solution Suite – The Platform for Governance, Risk and Compliance

         18:00 Get together in a relaxed atmosphere

Dates the roadshow was on tour:

September26^th, 2008
Booth of Detack on the DSAG Yearly Congress 2008
23. to 25. September - Booth (H3+4)

The German speaking SAP user group – DSAG – became an important community for all companies and employees using SAP®. The yearly congress of the DSAG has grown constantly over the years and became one of the most important events in the SAP area. In this year the event followed the motto "SAP ERP 6.0: The next Step", interesting topics around SAP attracted many trade visitors into the Congress Center of the fair in Leipzig, Germany.

DETACK GmbH has been active over eight years in the IT security area and it focuses on SAP security. DETACK offers SAP IT security audits and consulting services. Out of this profound experience Detack developed the Single Sign-On solution "sign IA" for secure Multi-Factor-Authentication with SSO2 tickets conforming to SAP standards. This technology allows a seamless and secure integration of SAP applications. On top of the efficient features of a SSO solution Detack integrated all the knowledge of numerous IT security audits to protect the SAP / Non-SAP area against unauthorized access.

Due to the strong market demand the cooperation of Detack GmbH and GORBIT GmbH has been reached and an interface to the Identity Management solution "RUF_xe" of GORBIT was jointly developed. This allows to offer an integrated combination of Single Sign-On and Identity Management, combining the strength of two successful companies. This allows users to meet the rigid compliance requirements like GDPdU, SOX und Basel II and at the same time introduces a wide ranging Single Sign-On solution with a proven track record of success.

Detack GmbH represented together with GORBIT GmbH on the DSAG yearly congress in Leipzig, Germany in a booth (H3+4) where the compliant solutions and services were presented. Visitors could gain a thorough understanding of the professional products and services. A live demo of the extensive functionalities of the "sign IA" and "RUF_xe" was demonstrated and attracted many visitors who could get a hands-on feeling of the performance of the joint solution.

On the third congress day (25.08. - 9:00) Matthias Forster of Detack GmbH presented in the security working group on the topic "Single Sign-On to secure Multi-Factor-Authentication in the SAP Area – Company wide IT and Revision Security”.

DETACK is proud of the very positive feedback of the trade visitors on its booth which clearly indicates that the services and products of DETACK and Gorbit are up to date and meet also future challenges.

April 15^th, 2008
Detack IT-Security Day on April 8^th 2008
The Detack IT security services have been in an increasingly high demand, especially during last year, by banks, data processing centres and industrial sectors. Based on experts in the industry and the relevant trade bodies, this trend will sustainably continue. We are willing to meet this challenge.

In order to provide our customers and qualified prospects with an in-depth insight into our work, we cordially invited to our:

Detack IT Security Day
Date & Time: Tuesday, April 8^th2008, 13:00
Location: 71638 Ludwigsburg, Film- und Medienzentrum, Königsallee 43,
in the “Reithaus Ludwigsburg”

What did this event offer?

1. An overview of typical requirements for secure system landscapes, adapted to the latest developments in the industry

2. An updated overview of the Detack services and products was presented, reflecting the latest offering together with applicable real, production test     cases

3. A real life case study regarding the application of our joint framework solution made of Single Sign-On (by the "sign IA") and Identity Management (by     "RUF_xe" of our Partner GORBIT GmbH) in the detection of vulnerabilities, their subsequent elimination as well as the implementation of a generally     secure system environment

4. Our partner headtechnology presented an overview of the latest trends for security products like firewalls and the security of specific ports via the     implementation of WAF & UTM, USB / Device Control as well as content filtering

After the subsequent open discussion, the ensemble of Stuttgart Philharmonic Orchestra members “PhiLowBrass” performed a well tempered set of classical and modern musical pieces creating a relaxed atmosphere. During the dinner the participants, mainly guests from management, IT, revision and administration, got acquainted with each other and enjoyed themselves.

We would like to thank our partners supporting this event:

December 16^th, 2007
Management Circle Intensive Seminar – Security of Web Applications
Presented by Detack GmbH
The potential threats of attacks against web applications have been extensively explored in this seminar and it was shown how typical hackers perform such attacks. The participants were presented with examples of which mistakes can be prevented and which security actions have to be performed in order to reach an effective application layer security. The speakers Ulrich Neider and Matthias Forster of Detack GmbH, Julian Totzek and Thomas Kohl of Deny All, Ulrich Mohr of AAAware Consulting and Dirk Pieck of BV Zahlungssysteme GmbH provided the public a professional insight in the aforementioned subject and in further topics.
Please use the following link to see the entire program: here

Schedule:
8^th and 9^th October 2007 in Düsseldorf
10^th and 11^th December 2007 in Munich

April 20^th, 2007
Detack Presentation at FIDUCIA IT AG Customer Event COM07 "Security and Availabilty of Data Centers"
Detack has participated with one of the key note speakers at COM07, the annual FIDUCIA IT AG banks and business partners fair in Nuremberg from the 16^th until the 19^th of April. The subject covered was "Security and Availabilty of Data Centers".

April 18th, 2007
Detack works together with Nortel for improving the safety level of large scale VPN equipment
Detacks ongoing partnership with Nortel shows the first results in rising the safety level of large scale VPN equipment used worldwide by hundreds of millions of people, Fortune 500 companies, and government institutions. To learn more about the product security audit and the joint effort in the successful elimination of vulnerabilities, please use the following link: Nortel Security Advisories