Threat Detection and Security Monitoring Solution
Security events monitoring enables you to turn data from your daily logs into security intelligence that helps to protect your IT infrastructure. Security Operations Centre is a managed service that delivers 24×7 analytics and continuous security monitoring of your log data, identifying potential security and compliance issues that could be impacting your organization.
Our experts have built in the past more than five international Security Operations Centres, dealing with real time risk management challenges and monitoring more than 10,000 devices. We are proud that we were able to prevent any major incident. This was confirmed by few awards won. For every SOC there are three phases in development – design, implementation and operations. We can help you in any of these phases.
During Design phase, key success factor is choosing of SIEM technology and supporting tools, to be able to track any activity in your network and detect any threat. Also, good definition of policies and procedures for your SOC analysts, incident handlers and related management are very important for effective work. We can offer you any SIEM solution, either open source or commercial, to fit your specific needs. We even developed our own SIEM solution named ASPEN with unique functions. ASPEN can run on your old servers or in the cloud and it offers any customisation needed. Also, our experience guarantees you most effective method to be defined in your process documentation.
Implementation of SOC can be a challenge as it requires not only security knowledge, but platform specific knowledge and development skills, in order to be able to integrate all business critical systems of your corporation (e.g. your fraud detection solution, internal applications, privileged user management …). During this phase we will perform all needed trainings for your employees if you would like them to overtake daily job of SOC analysts.
For Operations phase, key success factor is regular review of people, process and technology used, and regular improvements based on clear, measurable parameters. We will define correlation rules based on your specific real business risk, allowing business risk based event prioritisation. To ensure endurance and high detection quality we perform regular test rehearsals where we simulate most challenging security incidents and we measure time and effort needed to detect incidents.
Web Site Vandalism Protection Service
Protecting against cyber vandalism is becoming a great challenge. Latest Verizon “2014 Data Breach Investigations Report” shows largest increase in Web attacks, 65% of these attacks were motivated by ideology/fun while there is no technology that can prevent web attack. Therefore, only early detection using intelligent monitoring can decrease business impact.
VANDALERT is your "cyber eyes and ears" service - it observes and analyses web page the way a human would do. Its primary purpose is to detect any kind of web vandalism (like site defacement, spam content posting, DoS/DNS attacks, malicious code injections...). Just add sites you want to watch over and always stay in touch with the slightest changes in their outlook!
VANDALERT is constantly watching your pages, and it will send you alerts by SMS and e-mails every time your site is at risk of being attacked.
It will take a snapshot of your web page and highlight to you a bad word, abnormal visual change, page structure difference, site performance degradation or any other aspect that is visible to a human visitor of your web site.
Also, it will be tracking what third party sites says about your web site and alarm you if needed.
How VANDALERT does it? It detect abnormal change using patent pending technology that builds a model for each web site describing past changes of the web page and predicting future changes. We are proud to highlight that Vandalert got EU funds 2013 reward for innovation.
VANDALERT is easy to use, allowing users without a profound knowledge to control a great number of pages. Cloud based technology allows seamless scaling with the number of customers.
We are now in Alpha testing phase of this service. Many people came to us asking for alternative use of this service - they wanted to track price changes, track web outlook at mobile platforms, spying of business oponents web sites, etc.
If you are interested in testing it or you see your specific scenario of using this “cyber eyes and ears technology”, just contact us.
Cyber Risk Analyses and Management
Proper cyber security risk management is more than a technology solution. A company, led by its CEO,
must integrate cyber risk management into day-to-day operations. Additionally, a company must be
prepared to respond to the inevitable cyber incident, restore normal operations and ensure that
company assets and the company’s reputation are protected.
Cyber Assessments key success factors are:
- Understand what information you need to protect
- Identify Threats
- Forecast the consequences of a successful attack
Following this initial risk assessment, we define most efficient set of security controls for reducing business risk, based on available budget. If you are interested, we can perform full implementation of security controls needed, like deployment of new security solutions or hardening of existing infrastructure.
Secure Infrastructure Design
IT network and security infrastructure assessment are an essential component of maintaining a secure and efficient infrastructure services, manage innovation and at the same time reduce costs. This is particularly important as the first step in legacy infrastructure transformation which is typically driven by the need for business agility, secure operating environment, performance improvement and cost reduction.
Good cyber security architecture design is a first step of minimizing number of attack vectors, while allowing maximum performance. We are building shields based cyber security architecture that uses multiple level of isolation based on business risks. This approach allows protection of core services even in the case of compromise of some IT components.
Each IT component in your network requires its own system hardening. Purpose of this process is to eliminate as many security risks as possible, while allowing business functionality and security monitoring. By removing all non-essential software components, redefining privileges and security configuration of your IT components, we can eliminate 80% of all vulnerabilities of our system. Our team has 15 years of experience of performing system security hardening for more than 40 different platforms.
Incident Response and Forensics Services
The worst time to realize that you are not prepared for a cyber-security incident is when a breach occurs. Security incidents are crisis situations that place a great deal of pressure on IT staff. Without a comprehensive incident response plan detailing roles and responsibilities, procedures and communications, pressured IT staff must make crucial decisions lacking any sense of order and priority. This leads to poor decisions that inevitably make the breach worse and delay its resolution.
AST provides rapid containment and eradication of threats, minimizing the duration and impact of a security breach. Leveraging elite cyber threat intelligence and global visibility, we can help you prepare.
Penetration Testing, Vulnerability Scanning
Vulnerability Assessment and Penetration Testing (VAPT) are two types of vulnerability testing. The tests have different strengths and are often combined to achieve a more complete vulnerability analysis. In short, Penetration Testing and Vulnerability Assessments perform two different tasks, usually with different results, within the same area of focus. Vulnerability assessment tools discover which vulnerabilities are present, but they do not differentiate between flaws that can be exploited to cause damage and those that cannot.
AST experts think like hackers, track hackers sites and track threat forecasts and trends. For special, deep in depth attacks, AST established so called "Red Team" of external experts that proven their quality by winning awards at hacking competitions like DefCons and engaged by most sufficient cyber security organisations.
Distributed Denial of Service Protection
A distributed denial-of-service (DDoS) attack is standard attack method of hacking groups looking for public visibility and reputational damage to corporations. Usual target are visible web servers and it is done from multiple compromised systems flooding the targeted system with enormous traffic.
AST DDoS Protection Services provides you solution for detection and mitigation of DDoS and application layer attacks. On top of it, we perform DDoS sustainability testing when we are performing DDoS attack against your target system, and we can test if you can survive DDoS attack and up to what level.
Benefit of our DDoS protection is improved business continuity by reducing time to respond and by maintaining performance during attack. By reducing this time, you are minimizing your business impact related to downtime risk, defacement and your negative reputation.
As we do not directly sell products, we have full flexibility of solution choice to meet your specific organization needs. Most typical solutions are:
- cloud service based,
- on-premise installation based or
- hybrid solutions
Beyond having the right protective systems in place and ensuring sufficient overflow capacity is available, much depends on an active, well-informed incident response.
We help our clients plan and prepare so that their organizations are ready to respond calmly and effectively if they ever become the target a DDoS attack.
Performance, Load and Stress Test Services
Before launching your service into production, you have to know all potential performance problems that might happen during operations when you have hundreds, thousands or millions of your customers accessing your service. If your application is not tuned properly, it will fail on very first heavy load, and it might happen at any level - application level, database level, operating system level or network level. Therefore, you have to perform sustainability test that will ensure proper behaviour of your application no matter of the level of load, and it will allow you to be proactive in preventing any break before it happens. Sustainability testing has three major phases, with different objectives:
Performance testing purpose is to eliminate bottlenecks and establish a baseline for future regression testing. We engage a carefully controlled process of measurement and analysis during performance test - we simulate increasing number of users accessing service and track any changes in performance. Number of users and activities simulated are in line with expectations of normal user behaviour. This approach will ensure that service under test is already stable enough so that this process can proceed smoothly.
Load testing is process of exercising the system under test by feeding it the largest tasks it can operate with. Load testing is some times called volume testing, or longevity/endurance testing. Load testing will expose bugs that do not surface in cursory testing, such as memory management bugs, memory leaks, buffer overflows, etc. Purpose of this test is to ensure that the application meets the performance baseline established during performance testing. This is done by running regression tests against the application at a specified maximum load.
Stress testing (or "torture testing") is intense, thorough testing used to determine the stability of a given system or entity. It involves testing beyond normal operational capacity, looking for a breaking point, in order to observe the results. Benefit of stress testing is to determine breaking points or safe usage limits. Once you know your application breaking points, you will be able to implement preventive and remediation measures, that will ensure that your service behave in acceptable way under any conditions.
Purpose of Technical rehearsals is to perform testing of people, process and technology by simulating challenging, non standard situations in your organisation - crises scenarios. Typical crises scenarios used for tech rehearsals are simulating full network going doing down, break of a power, earthquake enforcing shifting operatiions, fire in a data center etc.
A good crisis management plan rests on two distinct principles. The first is that crisis management is not about researching and planning contingencies for every possible crisis that might occur, but rather about developing the capability within the organization to
- react smoothly on most probable crises scenarios, but also
- flexibility of a team to make the right snap decisions and implement it when a crisis does happen
During tech rehearsal, each of your business components will be tested:
- you will see how people react under stress situations and if they are familiar with processes defined,
- you will see how processes are defined, if they are easy to understand and to follow and
- you will see how technology architecture and components behave from perspective of high availability, failover and configuration settings applied.
We are executing multiple different scenarios in the same time, in order to test team capability to distinguish real problem causes when symptoms are mixed and manage multiple incidents simultaneously.
This gives the service designers the opportunity to see how their designs will impact each other and to make final changes. Our experts performed complex tech rehearsals in the past and we can bring you additional value with best rehearsals scenarios for your business.
Security Compliance and Audits
Compliance is one of the greatest challenges faced by organizations today. Observing regulatory compliance audit policies is a requisite for every organization. Sensitive enterprise data is always at a risk of being compromised; therefore it has become a mandate to secure sensitive information by establishing network security processes and meeting the guidelines of regulatory bodies. Regulatory compliance standards such as PCI DSS, FISMA, GLBA, SOX, ISO 27001 and HIPAA require organizations to monitor their network in real-time, ensure high levels of security for their confidential enterprise assets and provide network compliance audit reports to auditors when demanded. It is critical for organizations to observe the regulatory compliance audit guidelines since being non-compliant to the regulatory standards can result in severe penalties.
Security Training and Awareness
We can help you prepare your employees against cyber and social engineering attacks like these. With AST Training solutions, we can help you assess your current Information Security Awareness Training programs, design new programs by top IT security advisors and provide specialized training to address areas of greatest concern to your organization. Going beyond compliance, AST Training Solutions change employee behaviour and reduce risk to your organization.