Security Monitoring
We operate our own 24/7/365 monitoring centre to prevent, detect and eliminate cyber attacks.
We have a trained analytical security team to provide active protection of cyberspace, management and monitoring of network infrastructure, detection and analysis of security incidents.
The SOC (Security Operations Center) is a specialized department including an analytical team that focuses on monitoring, analyzing and responding to security events in an organization’s information system. The SOC is a key element in the overall security strategy and plays a key role in protecting the organization from cyber threats.
Service detail
- 24×7 real-time monitoring of network traffic including identification of security incidents
- IDS |Intrusion detection system detects unauthorized or suspicious behavior in the computer network. Analyzes network traffic and observes various patterns and signs that indicate a possible attack or security incident
- NSM | Network Security Monitoring focuses on actively monitoring and analyzing network traffic to identify security threats and respond quickly to security incidents. It uses technologies such as IDS, firewalls and logging to provide a means to detect and protect against potential attacks
- SIEM |Security information and event management is an integrated security platform that combines Security Information Management (SIM) and Security Event Management (SEM) functionality. SIEM systems aim to provide a comprehensive view of security events in their information system and enable rapid response to potential security threats
- EDR | Endpoint Detection and Response focuses on monitoring, detecting and rapidly responding to security threats directly on endpoint devices such as computers and servers. It provides organizations with the ability to monitor and protect their endpoints from cyber attacks
- XDR | Extended Detection and Response integrates data and analytics from multiple security sources across the organization to provide a comprehensive view of cyber threats. XDR goes beyond traditional EDR (Endpoint Detectionand Response) systems by incorporating data from multiple contexts, including network, email and cloud environments, enabling better detection and response to more sophisticated attacks
- MISP |Malware Information Sharing Platform & Threat Sharing shares malware and threat information, enabling collaboration between organizations on cybersecurity. It is used to centrally collect, share and analyze information about security incidents, helping to improve the ability to detect and respond to cyber threats
- Block suspicious traffic with subsequent threat assessment and immediate response
- Prediction and prevention of suspicious traffic, including log management
- Locating security incidents and events, including Faster C-SIRT team intervention at the incident site
- Reporting of detected events and incidents
- Establishing a 24-hour Service Desk to report incidents and access network traffic and incident status
Honeypot
We use the service for early detection of malware and subsequent analysis of its behaviour. Malwares are constantly changing their attack strategy, hiding and evading detection in various ways. For these reasons, it is necessary to lure the malware and then analyze its behavior. The main benefit of Honey Pot is the ability to detect network infiltration early, monitor the actions performed by the unauthorized user and alert the system administrator.
Service detail
- An effective tool for detecting attempts to infect devices on the network
- Reduces the extent of damage caused by the presence of an attacker
- Gets information about attackers’ tactics
- Effectively distracts the attacker from mission-critical systems and sensitive data
- Enables security teams to collect attack data and improve security practices
- A tool for automating and effectively defending against new types of attacks
Monitoring Servers | Services | End Stations
The solution is based on a dedicated VPS for the customer and a license of the Wazuh monitoring software. The scope of the service is continuous monitoring of the behavior of servers, services and end devices in the organization.
Service detail
- Collection and analysis and storage of device logs
- Integrity and file checking
- Audit security settings according to recommended or internal organizational guidelines
- Automated response to violations of set rules
- Conduct internal audits to meet legal obligations nZKB, NIS2, ISO 27000
Network Traffic Security Monitoring and Analysis
Service detail
- IDS | Intrusion Detection System
- DPI | Deep Packet Inspection for finding threats and signatures in packet content and packet connections
- NBA |Network Behavior Analysis analyzes network behavior using artificial intelligence
- Encrypted Traffic Analysis analyzes and detects threats in the gray zone of encrypted traffic
- NPM, APM module monitors network and application performance
- EC | Event Correlation is designed to analyze a large number of events and their correlations in order to identify the essential event, i.e. security threats
- RA | Risk Assessment module to identify and assess network traffic risks
- VSD| VIP security database collects and processes attack signature sources from a larger number of paid external databases
- IP | Identity pack is integrated with MS Active Directory and Cisco ISE to match user, network traffic and device identities
- RP | Response pack enables launching response plug-ins for integration with firewalls, Cisco ISE and other security agendas
