Cyber Security
We help to keep reputation, data and clients.
Your digital security — is the trust of your clients.
We provide it constantly.
Your digital security — is the trust of your clients.
We provide it constantly.
trust starts with
security
We provide professional managed cybersecurity services: monitoring, reports, systems configuration and vulnerability management.
Managed
cybersecurity services
cybersecurity services
Managed Services
SIEM
Monitoring
Monitoring
Remote monitoring of cybersecurity context events of your IT infrastructure using our cloud Wazuh instance.
● Monitoring
SIEM
Analytics
Analytics
Selective incident analytics: threat hunting and vulnerability analysis, integrity control, setting up tickets and elimination recommendations.
● Monitoring
● Analytics
SIEM
Management
Management
Full remote monitoring and administration of the security context of your IT infrastructure.
● Monitoring
● Analytics
● Management
SIEM Monitoring
- connecting of IT infrastructure cybersecurity context to cloud based monitoring wazuh instance (log flows from network devices, system and application log flows, critical files checksums tracking and more);
- customization of decoders and alerts;
- sending email alerts to customer's recepients;
what's within the service:
- automated notification tool about cyber security events in your IT infrastructure
what you get:
24/7 monitoring
AUTOMATIC
Support 5/8
MSK / UTC
Data Storage
DC RU / EU
(Security Information and Event Management)
SIEM Analytics
SIEM Monitoring
+
+
- selective analytics: threat hunting, vulnerability analysis and management, integrity control and more;
- our helpdesk system tickets creation for the most critical incidents;
- analysis participation and elimination recommendations;
WHAT's within the service:
- automated notification tool about cyber security events in your IT infrastructure plus critical incidents analytics and elimination recommendations
what you get:
24/7 monitoring
AUTOMATIC
Support 5/8
MSK / UTC
Data Storage
DC RU / EU
(Security Information Event Management)
SIEM Management
SIEM Monitoring
+
SIEM Analytics
+
+
SIEM Analytics
+
- remote administration and management of cybersecurity context
what's within the service:
- full monitoring, administration and management of cybersecurity context in your IT infrastructure
what you get:
24/7 monitoring
AUTOMATIC
Support 5/8
MSK / UTC
Data Storage
DC RU / EU
(Managed Security Service Provider)
SIEM INTERNALS
SIEM Solution Components and Functionalities
Monitoring and correlation of cybersecurity events within IT infrastructure:
Monitoring of ALL Application log-files using standard and custom decoders with security events recognition and respective alerts tuning:
As a result of detection of any event it's possible to automatically block the source address of the threat/attack, sign out and block the compromised user, launch any custom script on any set of managed hosts to prevent further spread of the attack.
This functionality (SOAR - Security Orchestration, Automation and Response) provides full protection coverage from any brute-type attacks (user enumeration, password/keys brute-force, directory traversal and more).
Regular CIS Security Benchmarks analysis for given OS:
Log-files monitoring of the following network devices with automatic detection of cybersecurity context events:
- File Integrity monitoring
- RootKit Checker
- Shell commands execution monitoring
- Scheduler Jobs monitoring
- Packets installation/removal monitoring, version control and automatic CVE-based mappings
- Executables permissions monitoring
- Monitoring of ALL AUTH events (pass/fail) across all services and endpoints with recording of source IPs, protocols and usernames
Monitoring of ALL Application log-files using standard and custom decoders with security events recognition and respective alerts tuning:
- For example detection of the following types of attacks using web-server logs: SQL-injection, File inclusion, Shell Execution in URL, PHP Tags, Directory Traversal and more (detection of hundreds of web-attack types "out-of-the-box")
- PHP errors recognition
- Proxy-applications log-files monitoring
- Full monitoring of SQL queries
- System log-files monitoring with security events automatic recognition
As a result of detection of any event it's possible to automatically block the source address of the threat/attack, sign out and block the compromised user, launch any custom script on any set of managed hosts to prevent further spread of the attack.
This functionality (SOAR - Security Orchestration, Automation and Response) provides full protection coverage from any brute-type attacks (user enumeration, password/keys brute-force, directory traversal and more).
Regular CIS Security Benchmarks analysis for given OS:
- Regular CIS Security Benchmarks analysis for given OS
- From 200 to 300 automatically verified checkpoints for every OS.
Log-files monitoring of the following network devices with automatic detection of cybersecurity context events:
- Cisco PIX, ASA, and FWSM (all versions)
- Cisco IOS routers (all versions)
- Juniper Netscreen (all versions)
- SonicWall firewall (all versions)
- Checkpoint firewall (all versions)
- Cisco IOS IDS/IPS module (all versions)
- Sourcefire (Snort) IDS/IPS (all versions)
- Dragon NIDS (all versions)
- Checkpoint Smart Defense (all versions)
- Bluecoat proxy (all versions)
- Cisco VPN concentrators (all versions)
- Huawei USG
- pfSense
- Junos devices
- Mikrotik
Real-time network traffic analysis:
- More than 50k "out-of-the-box" rules — trojan activities detection, web-attacks detection, viruses and miners signatures detection and more;
- Notifications on traffic to/from addresses with bad IP reputation, detection of DNS queries for badly scored domains and more;
- Real-time detection of executable/dll files downloads and passwords traversal in plain text;
- IDS Suricata events are integrated into Wazuh central console with further joint reporting options and centralized SOAR (e.g. the threat is detected by Suricata -> relevant information is passed towards Wazuh kernel -> the source of the threat is blocked in real-time);
Solution for Linux-platforms
- Set of automated scripts to dynamically create and track the lists of networks and IPs to be blocked with instant integration at the firewall level. The source of intelligence consists of trusted known reputation public entities and internal Wazuh-cloud. The lists are regularly updated;
- The module runs in parallel with Wazuh SOAR and accompanies it;
- The module allows to block traffic from/to known botnet networks, TOR segments, active scanning sources and more;
Real-time network traffic capture and write-to-disk:
- Captured raw packets can be used for cybersecurity incident analysis and forensic queries investigation;
- If agreed, collected captures are automatically transferred into our cloud and are stored there with certain retention. Thus captured information can be used to investigate an incident even when the original endpoint was compromised and the captures were deleted;
Instant reaction to host compromise
Different types of tokens are used to instantly detect the compromise fact of the host, endpoint or service and to respond respectively.
Different types of tokens are used to instantly detect the compromise fact of the host, endpoint or service and to respond respectively.
Project solutions
cybersecurity project solutions
Cybersecurity Solutions — from audit and basic recommendations issue to implementation professional services of complex solutions.
Strictly followed SoW, aligned to your requirements and regulations.
Strictly followed SoW, aligned to your requirements and regulations.
Includes analysis of the query, initial audit, deep investigation of the subject and related technologies, preparation of report.
WHAT YOU GET:
Resulting report containing fully-dimensional professional recommendations and actions milestone corresponding to the initial focus of the query.
FORMAT:
🌐 Off-site
🏢 On-site
WHAT YOU GET:
Resulting report containing fully-dimensional professional recommendations and actions milestone corresponding to the initial focus of the query.
FORMAT:
🌐 Off-site
🏢 On-site
Infrastructure audit, design, PoC, implementation and support of custom CMDB / SIEM / SOAR / UEBA / GRC / TVM / XDR solution on-premise to be used by Customer's security team/SOC.
WHAT YOU GET:
Fully operational on-premise CMDB / SIEM / SOAR/ UEBA / GRC / TVM / XDR solution. The different options for software to be used are chosen based on the project landscape and audit results. Further support assumes solution operational consulting, upgrades, creation of custom decoders and rules, resolving issues with the solution itself (does not include actual production incidents investigation).
FORMAT:
🌐 Off-site
🏢 On-site
IMPLEMENTED SOLUTIONS:
- Wazuh + Suricata
- SecureVisio
WHAT YOU GET:
Fully operational on-premise CMDB / SIEM / SOAR/ UEBA / GRC / TVM / XDR solution. The different options for software to be used are chosen based on the project landscape and audit results. Further support assumes solution operational consulting, upgrades, creation of custom decoders and rules, resolving issues with the solution itself (does not include actual production incidents investigation).
FORMAT:
🌐 Off-site
🏢 On-site
IMPLEMENTED SOLUTIONS:
- Wazuh + Suricata
- SecureVisio
Includes identification of vulnerabilities in servers, services and network devices available from Internet and their further exploitation.
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
Includes identification of vulnerabilities in servers, services, network devices available from internal network and their further exploitation.
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
Includes identification of vulnerabilities in application application's environment. The analysis could include "black box" mode (application is tested as black box), "grey box" mode (application is tested with registered accounts), "white box" mode (full access to application source code, documentation, environment).
APPLICATION TYPES:
— Web-app
— Mobile-app
— Desktop-app
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
🏢 On-site
APPLICATION TYPES:
— Web-app
— Mobile-app
— Desktop-app
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
🏢 On-site
The service incudes identification of vulnerabilities in the source code of the application, the presence of undocumented functionalities, "bookmarks" or other points that could be used by potential attackers to compromise application behavior. Different ways of code analysis are used: static, dynamic and manual..
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
🏢 On-site
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
🏢 On-site
Verification of the system users (employees) awareness of information security issues and policies. We design and execute various types of agreed attacks like phishing, vishing, creation and deliver of undetectable dropper, trojan, etc.
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
🏢 On-site
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
🏢 On-site
Includes deep analysis of existing anti-fraud system. Checking for fraud possibilities in the system.
WHAT YOU GET:
Resulting report and anti-fraud mitigation plan development. Retest of vulnerabilities after mitigation plan is completed..
FORMAT:
🌐 Off-site
🏢 On-site
WHAT YOU GET:
Resulting report and anti-fraud mitigation plan development. Retest of vulnerabilities after mitigation plan is completed..
FORMAT:
🌐 Off-site
🏢 On-site
INCLUDES:
- ATM security configuration analysis and pentest
- ATM network security configuration analysis (remote access, network connection type)
- ATM software security analysis
WHAT YOU GET:
Resulting report and incident mitigation plan development. Retest of vulnerabilities after mitigation plan is completed.
FORMAT:
🏢 On-site
- ATM security configuration analysis and pentest
- ATM network security configuration analysis (remote access, network connection type)
- ATM software security analysis
WHAT YOU GET:
Resulting report and incident mitigation plan development. Retest of vulnerabilities after mitigation plan is completed.
FORMAT:
🏢 On-site
Performing an assessment of SWIFT payment and wire transfer processes, controls and governance against SWIFT Customer Security Program (CSP) Objectives, Principles and Controls.
WHAT YOU GET:
Resulting report containing current cimpliance status and recommendations..
FORMAT:
🏢 On-site
WHAT YOU GET:
Resulting report containing current cimpliance status and recommendations..
FORMAT:
🏢 On-site
INCLUDES:
- Network refactoring
- Network optimization
- Planning and implementation of network architecture with security context at design phase
- Review of network devices configuration including FW, IPS, IDS, WAF, etc
- Creating documentationи
WHAT YOU GET:
Resulting report containing recommendations for configuring network, administrator guides, information security recommendations, documentation.
FORMAT:
🌐 Off-site
🏢 On-site
- Network refactoring
- Network optimization
- Planning and implementation of network architecture with security context at design phase
- Review of network devices configuration including FW, IPS, IDS, WAF, etc
- Creating documentationи
WHAT YOU GET:
Resulting report containing recommendations for configuring network, administrator guides, information security recommendations, documentation.
FORMAT:
🌐 Off-site
🏢 On-site
INCLUDES:
- An active attack on the access point or client device
- Passive interception process with managed crypto analysis of captured data
- Creation of rogue access points and data collection
- Connection to wireless network and determining all available corporate network resources
- Interception of network traffic of other devices connected to wireless networkв
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
🏢 On-site
- An active attack on the access point or client device
- Passive interception process with managed crypto analysis of captured data
- Creation of rogue access points and data collection
- Connection to wireless network and determining all available corporate network resources
- Interception of network traffic of other devices connected to wireless networkв
WHAT YOU GET:
Resulting vulnerabilities report and its mitigation plan. Retest of vulnerabilities report after the Customer completes mitigation plan.
FORMAT:
🌐 Off-site
🏢 On-site
Includes Emulation of Smart DoS and DDoS attacks.
WHAT YOU GET:
Resulting report containing recommendations for configuring network devices, applications, security devices.
FORMAT:
🌐 Off-site
WHAT YOU GET:
Resulting report containing recommendations for configuring network devices, applications, security devices.
FORMAT:
🌐 Off-site
The type of work depends on the incident. Main target is to minimize damage and find root cause of the incident:
- Investigation of any type of digital media, internal network, mobile assets, PCs, Internet located content
- Breach investigation
- Corporate fraud and insider activities investigation
- Corporate espionage investigation
- Data recovery
WHAT YOU GET:
Resulting report and incident mitigation plan development. Retest of vulnerabilities after the mitigation plan is completed.
FORMAT:
🌐 Off-site
🏢 On-site
- Investigation of any type of digital media, internal network, mobile assets, PCs, Internet located content
- Breach investigation
- Corporate fraud and insider activities investigation
- Corporate espionage investigation
- Data recovery
WHAT YOU GET:
Resulting report and incident mitigation plan development. Retest of vulnerabilities after the mitigation plan is completed.
FORMAT:
🌐 Off-site
🏢 On-site
INCLUDES:
- SCADA systems security analysis
- PLC security analysis
- HMI security analysis
- Network security analysis
- Application code security analysis
- Compliance check for (NIST SP 800-82 Rev.2, ISA/IEC 62443, NERC CIP))
WHAT YOU GET:
Resulting report with related issues found and mitigation plan. Retest of the issues report after the mitigation plan is completed.
FORMAT:
🌐 Off-site
🏢 On-site
- SCADA systems security analysis
- PLC security analysis
- HMI security analysis
- Network security analysis
- Application code security analysis
- Compliance check for (NIST SP 800-82 Rev.2, ISA/IEC 62443, NERC CIP))
WHAT YOU GET:
Resulting report with related issues found and mitigation plan. Retest of the issues report after the mitigation plan is completed.
FORMAT:
🌐 Off-site
🏢 On-site
Is designed to check the security of the remote users and includes:
- Checking user access level to the network
- Checking the security measures for the possibility of bypassing
- Checking remote user access architecture for security issues
WHAT YOU GET:
Resulting report contains vulnerabilities mitigation plan development. Retest of the issues report after the mitigation plan is completed.
FORMAT:
🌐 Off-site
🏢 On-site
- Checking user access level to the network
- Checking the security measures for the possibility of bypassing
- Checking remote user access architecture for security issues
WHAT YOU GET:
Resulting report contains vulnerabilities mitigation plan development. Retest of the issues report after the mitigation plan is completed.
FORMAT:
🌐 Off-site
🏢 On-site
INCLUDES:
— DeFi
— DEX
— Blockchain protocols
— Oracles
— Staking and Yield Farming;
— Custody solutions (multi-signature schemes, cold storage and more)
— Compliance (KYC, AML, etc)
— Smart-contracts, Crypto-wallets (creation, usage, etc)
— Keys/Seed (generation, storage, usage, etc)
— Data Sanitization
— Privacy Measures (zk-SNARK, zk-STARK and more)
WHAT YOU GET:
Resulting report contains the description of the current state of Crypto-Ecosystem and security improvement recommendations.
FORMAT:
🌐 Off-site
🏢 On-site
— DeFi
— DEX
— Blockchain protocols
— Oracles
— Staking and Yield Farming;
— Custody solutions (multi-signature schemes, cold storage and more)
— Compliance (KYC, AML, etc)
— Smart-contracts, Crypto-wallets (creation, usage, etc)
— Keys/Seed (generation, storage, usage, etc)
— Data Sanitization
— Privacy Measures (zk-SNARK, zk-STARK and more)
WHAT YOU GET:
Resulting report contains the description of the current state of Crypto-Ecosystem and security improvement recommendations.
FORMAT:
🌐 Off-site
🏢 On-site
