Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/14/2018
05:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Eurofins Digital Testing Launches Cyber Security Division

Expands testing capabilities to serve TV operators, broadcasters, content companies, device manufacturers, and others in Europe and around the globe

Hasselt, Belgium – November 14, 2018 – Eurofins Digital Testing, a global leader in end-to-end quality assurance (QA) and testing services, today announced that the company has launched a new Cyber Security Division to serve the media and entertainment industry, Internet of Things providers, and other key markets. Concurrently, the company announced the appointments of Marcel Mangel, Erik Rutkens, and Sean Walls as Managing Directors of Cyber Security, overseeing a team of nearly 100 security experts around the globe.  

Today, media and entertainment companies in particular face numerous security threats. These span their internal enterprise software applications and hardware, physical office locations, service delivery infrastructure, content protection methods, billing systems, customer-facing applications, and consumer devices including PCs, tablets, mobile devices, connected TVs, set-top boxes, smart home/IoT devices, and more. 

Eurofins’ new Cyber Security Division was established to help new and existing customers conduct risk and vulnerability assessments; meet compliance obligations; develop effective security programs; train employees; and test applications and devices for vulnerability via audits and ethical hacking programs. 

“Today marks a significant milestone in the evolution of Eurofins Digital Testing and is a critical sign of the times for our customers around the world,” said Johan Craeybeckx, Business Line Director, Eurofins Digital Testing International. “We view cyber security as a natural extension to our extensive testing solution portfolio to help our customers address their threats and vulnerabilities. As part of this effort, we have assembled an exceptional leadership team comprised of Marcel Mangel, Erik Rutkens, and Sean Walls, who collectively bring decades of proven and diverse cyber security experiences to bear. We share a common vision to protect our clients’ connected systems, data, and services throughout the media and entertainment industry, and other sectors, across Europe and around the globe.” 

Cyber Security Leadership Team 

Marcel Mangel is a Managing Director of Cyber Security, based in Germany. Mr. Mangel was most recently Chief Technical Officer at TÜV SÜD Digital Service GmbH, and has over a decade of experience in offensive as well as defensive cyber security. He also serves as an assistant professor for IT security at the University of Applied Sciences in Rosenheim, and holds a master’s degree in computer science as well as several renowned IT security certifications. 

Based in the Netherlands, Erik Rutkens is a Managing Director of Cyber Security, and comes to Eurofins through its acquisition of Insite Groep, the holding of Insite Security and ITsec Security Services, earlier this year. Mr. Rutkens was co-founder of Zercopter. Prior to serving as CEO of Insite Groep, Mr. Rutkens was a Senior Manager at KPMG and spent more than ten years in various teaching roles at the University of Groningen. 

Sean Walls is also a Managing Director of Cyber Security, based in the United States. He has over 20 years of experience in cybersecurity and information technology, and has held executive leadership roles with several international cyber security and IT integration companies.Additionally, Sean has developed successful cybersecurity business units for other large organizations, and has been a strategic advisor to many Fortune 500 and 100 companies over the years. 

Messrs. Mangel, Rutkens, and Walls oversee a diverse team of personnel, labs, and regional offices serving clients around the globe, and they report to Johan Craeybeckx, Business Line Director, Eurofins Digital Testing International. 

Cyber Security Services  

Eurofins Digital Testing’s new Cyber Security Division provides a range of services across six broad categories, including: 

·  Security assessments: Provide companies with a baseline security posture and identify vulnerabilities, threats, and likelihood of exploits and business impacts. This enables them to manage remediation efforts in a way that aligns with their business priorities. Services include: governance gap assessments; external security assessments; internal security assessments; device assessments; (web) application assessments; mobile app assessments; local and remote infrastructure assessments; wirelessassessments; physical security assessments; security awareness/social engineering assessments; penetration testing and more. 

·  Device, app and infrastructure testing services: Provide manufacturers and service providers the ability to secure products and reduce vulnerabilities or risks that could negatively affect their customers through ethical hacking, automated testing tools, auditing and reporting programs. Services include: application security; platform security; logging auditing and monitoring; physical security; cryptography and more. 

·  Compliance services: Enable companies to prepare for, and meet, contractual and regulatory compliance obligations. Services include: gap assessments; remediation assessments; readiness assessments; compliance audits and more, using standards such as ISAE 3402 and SOC, I, II an II. 

·  Advisory services: Enable organizations to develop an effective and relevant security program to minimize risks, manage compliance and align security with business goals and objectives. Services include: policy development; creation of specific or comprehensive security programs; governance; risk management; vulnerability management; asset management; identity and assessment management; disaster recovery and business continuity; incident response; ISO 27001; NIST Cybersecurity Framework (CSF) and more. 

·  Security awareness & training services: Support organizations in raising security awareness. Train employees to proactively recognize threats and protect data, transforming them from a being the greatest security risk to the greatest securityasset. Services include e-learning, serious games, workshops and more. 

·  Managed services: Enable organizations to focus on what they do best. Eurofins’ experts monitor the security of networks, infrastructure and devices and respond to security incidents. Eurofins can also provide security officers or data privacy officers as a service. 

  

Legacy of Security and Compliance Testing  

Prior to today’s announcement and the recent acquisition of Insite Security, Eurofins Digital Testing was already an established leader providing security-related services to the media and entertainment industry. Notably, Eurofins helped develop and manages the content security compliance program for the Digital Production Partnership (founded by ITV, BBC and Channel 4). Eurofins Digital Testing assesses and validates the checklists submitted by suppliers to ensure compliance with the DPP-defined security best practices, in order to receive the official DPP “Committed to Security Mark.”  

Eurofins Digital Testing is also the official CI Plus LLP approved Test Centre, serving device manufacturers and CI Plus DVB operators. CI Plus is the default standard for linear pay-TV delivery on iDTVs (integrated digital TV) which secures video, via the Common Interface (CI) and Conditional Access Module (CAM), enabling the delivery of valuable HD and UHD to retail receivers in a secure environment. 

Outside of the media and entertainment industry, Eurofins Digital Testing Cyber Security Division will also serve select clients across the profit and non-profit sector, including: financial, utilities, healthcare, transportation, and more. 

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19040
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
CVE-2019-19041
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.