SOC with threat management intelligence

Backed by TIC DEFENSE, the world’s first private CSIRT accredited by Carnegie Mellon, which will provide information protectionservices and control of digital identity spoofing.

Our mission is to prevent, detect and manage incidents that affect institutions against cyber criminals who try to compromise theirstrategic information systems.

Services

Service managed in real time for the detection and defense of situations of external and / or internal attacks with respect to the security of the Institution, allowing:

  • Detection of intruders and behaviors anomalies
  • Security analytics, event correlation and log management
  • Identifying computer findings and vulnerabilities
  • Vulnerability management

Digital security strengthening services, the following components can be enabled:

Strengths

  • Strategic partnership with TIC DEFENSE
  • Immediate response team
  • Certified staff
  • Self-security infrastructure
  • Own cyber intelligence platforms
  • Cyber scans engines
  • Allied with major national and international cybersecurity agencies.
  • Adhered to international standards for compliance, definition, implementation and certification: PCI, ISO 27001, COBIT, ISO 3100, NIST, OWASP, Cloud

Security information management

  • Security Event Analysis
  • Integrity monitoring
  • Amazon AWS Security, Microsoft Azure and Google Cloud

Auditing and monitoring policies

  • Policy monitoring
  • Assessing security settings
  • Operating system audit
  • Inventory of system components
  • OpenSCAP
  • Rootcheck

Detecting Active Threats and Responses and Role Based Access Control (RBAC)

  • Website monitoring
  • Monitoring system performance
  • Network Monitoring (NIDS)
  • Intrusion detection
  • Vulnerability Detection
  • Incident Response

Compliance Assessment

  • PCI DSS
  • GDPR
  • NIST 800-53
  • HIPAA

Security analytics

Component to collect, aggregate, index, and analyze security data, helping organizations detect intrusions, threats, and behavioral anomalies.

Intrusion detection

Have agents that scan systems monitored on malwares, rootkits, and suspicious anomalies.

Analysis of log data

Using agents, you can read the operating system and application logs, and securely send them to a central administrator for analysis and storage based on rules.

File Integrity Monitoring

Monitor the file system, identifying changes in the content, permissions, property, and attributes of the files that need to be monitored. In addition, natively identify users and applications used to create or modify files.

Vulnerability detection

Agents extract inventory data from the software and send this information to the server, where it correlates with CVE databases (common vulnerability and exposition) that are continuously updated, to identify known vulnerable software.

Configuration assessment

Monitor system and application configuration settings to ensure they comply with your security policies, standards and/or strengthening guides. Agents must perform periodic scans to detect applications that are known to be vulnerable, unpatched, or unsafely configured.

Response to the incident

Provide active responses to listings to perform various countermeasure to address active threats.

Compliance

Provide some of the necessary safety controls to comply with industry standards and regulations.

Cloud security monitoring

Help monitor cloud infrastructure at the API level, using integration modules that can extract security data from well-known cloud providers, such as Amazon AWS, Azure, or Google Cloud. In addition, provide rules to evaluate the configuration of your cloud environment, easily detecting weaknesses.

Security analytics, event correlation and log management

It will enable you to deploy edge security solutions and identify behaviors that can compromise your organization’s security pillars. Detection should be targeted at the different network segments catalogued according to the criticality of the information and the importance of the operation. The implemented system will allow to monitor end-user computing equipment, firewalls or user computers with the possibility of geographical independence allowing alerting to by a centralized management console.