Based on the experience and competence of our team, we are ready to provide a full range of consulting services in the field of cybersecurity
Risk analysis refers to the procedure for identifying risk factors and assessing their significance. Thus, risk is the likelihood that certain undesirable events will occur that adversely affect the achievement of the goals of a particular business process. Risk analysis includes risk assessment and methods to reduce risks or reduce adverse effects associated with it.
Risk analysis can be divided into two mutually complementary types: qualitative and quantitative. Qualitative analysis aims to identify (identify) factors, areas and types of risks. A quantitative risk analysis should provide an opportunity to quantify the size of individual risks and the overall risk in general. The final results of the qualitative risk analysis, in turn, serve as initial information for conducting a quantitative analysis.
However, the implementation of a quantitative assessment meets the greatest difficulties associated with the fact that a quantitative assessment of risks requires appropriate baseline information and a well-defined jackal of assessment.
The need for a cybersecurity strategy, as a rule, arises for companies that already feel confident enough in the market to make plans for the years ahead, but have faced the following challenges:
The cybersecurity development strategy should be considered as some kind of map that defines landmarks on the ground and directs to the goal. It allows you to make achieving your goal manageable by setting limits and priorities for making tactical decisions for those who are responsible for the development of the company and / or individual areas. It is worth noting that the cybersecurity strategy should not be static and, as the uncertainty factor decreases over time, the strategy should be reviewed and, if necessary, adjusted, setting new priorities for tactical decisions.
Training employees and developing their skills in applying advanced IT security technologies is one of the key elements of an effective corporate strategy aimed at protecting against threats and minimizing the consequences of cyber attacks. The courses are aimed at companies that consider IT security one of their priority areas of activity and strive to provide a higher level of protection for their infrastructure and intellectual property. The information, safe and educational program offered by the company has a wide coverage of topics and approaches related to ensuring IT security, and offers various types of certification – from the basic to the expert level.
Technical protection measures against phishing, such as filtering and analysis of mail / web traffic, limiting the software environment, preventing the launch of attachments, are very effective, but they cannot resist new threats and, more importantly, they can not resist human curiosity and laziness. There were cases when a user, being unable to open / launch malicious content at the workplace, sent it to his home computer and started it, with all the ensuing consequences.
Therefore, no matter what solid technical security system we build, we should not forget about the main link in the entire chain – the user, and his training.
Periodic briefings and newsletters are an important component of staff training, but, as practice shows, their effectiveness is much lower than training employees on their own mistakes.
What will we do to conduct testing and training of personnel to identify phishing attacks.
We provide a full range of work on the implementation of solutions with subsequent support.
Problem: employees using unapproved software at workplaces, losing mobile devices with service information.
Solution: allows centralized management of corporate devices to ensure security, support and management of business devices.
Implementation: this solution was implemented in LifeCell UA.
Result (s) achieved: loss of confidential information was minimized, the policy of installed software was regulated.
Thunder NSI solution and implemented cases
using a cloud platform, it takes care of all the DNS queries, analyzes them and sends only trusted queries to the client’s network.
300K + threats blocked, reduction in the number of calls to the support service, the database “Big Data” 2B + data points was created, the caching speed was increased to 90%.
Collection and analysis of logs. Prioritization of information security events. Investigation of incidents. User Behavioral Analysis.
IBM Qradar, UBA, Watson.
Collection and analysis of 1.3 TB of logs per day. Prioritize all information security events. The threat response time has been reduced from 5 hours to 10 minutes. The time to investigate incidents decreased from 6 days to 4 hours. Behavioral analysis of all employees for risks to the company and infrastructure. All events from different sources of information are now in one interface.
a wide variety of network devices.
a wide variety of network devices.
Vulnerability Management. Inventory of IT assets. Investigation of incidents. Reporting to management and regulators.
Visibility picture of the vulnerability of the entire network 24/7. Inventory of all IT assets, certificates and licenses. Automatic reporting of closed vulnerabilities and the state of infrastructure today. Monitoring and compliance with regulatory requirements. Equipment settings according to world standards GDPR, PCI DSS, ISO.
Vulnerability visibility on the network 24/7. Prioritize vulnerabilities from most critical to less important. Ways to solve and patch each of the vulnerabilities found, which allows to reduce the incident closure time to 2 hours. The report preparation time for the regulator and top management was reduced to 1 hour, which saves the resources of IS employees by 1 business day. An inventory of IT assets and licenses increased the productivity of procurement and IT staff by 4 times. Investigation of incidents was reduced to 2.5 hours.
one of the leaders of DLP solutions (Data Loss Prevention).
monitors and analyzes all passing user data and identifies leaks or possible risk data.
variety of network equipment on the market.
network equipment from one manufacturer.
reduction of equipment setup time.
Publication of confidential company data on social networks; leakage of your corporate or personal data.
through its accounts and accesses, it collects information according to the criteria specified by the customer and issues a report.
unreliable employees found in companies.
consolidation of a distributed network into a single virtual network.
using a cloud platform and end physical devices allows you to build a virtual network of the enterprise.
single point of administration, simplicity of settings allowed to reduce the requirements for the qualifications of duty administrators Encrypted tunnels, DNS Security, Cloud Firewall, Load Balance are now all in one device and controlled automatically by Machine Learning.
What do system administrators, database administrators, remote programmers do on your system? Who controls them? What actions led to data loss, inaccessibility of resources?
monitors and monitors the actions of privileged users of your network.
differentiation of access by device groups, access and action control, working hours, prohibition of critical teams, all this allowed to increase the level of performing discipline among privileged users and reduce incidents with a negligent attitude to work.
to date, receiving a video image is not enough to quickly respond to threats.
allows you to process large amounts of video data, which is to obtain a protected object by quickly responding to threats.
The speed of response to incidents has increased significantly, and most importantly, the quality of incident detection has increased. If earlier the percentage of identifying unreliable visitors was 34%, then after the introduction of the system it increased to 72%.
Typical algorithm of our work:
Selection and coordination of solutions that best meet the requirements of the customer’s company and eliminate existing vulnerabilities
Formation of a proposal for identified vulnerabilities and taking into account the company’s plans for the development of network infrastructure
Auditing existing network vulnerabilities with testing
Support for implemented solutions