Axenta CyberSOC

Information under control

CyberSOC (Security Operation Center) is a service we provide to customer to ensure the safety of his environment.

The benefits that the customer receives consist in simply connecting their or outsourced infrastructure to CyberSOC security monitoring. At the same time, customer obtains the services of experts in the field of cyber security as well as consultations for the solution of communication with supervisory authorities, which result from legislative obligations.

What is CyberSOC

Processes

Processes

  • Processing of relevant information in terms of customer technology security (assets, identities, vulnerabilities)
  • Security as a Service – Cyber security as a service that complies with the GDPR and the Cyber Security Act
  • High availability of services thanks to technology located independently in two locations (CZ a SK)
  • Compliance with ISO 27 001
  • Effective protection of customer interests (corporate identity, key processes)
  • Regular search for undetected events
  • Reporting
  • Threat Intelligence
  • CyberCopter – central dashboard

People

People

  • Operation 24x7 (L1)
  • Analysts L2 a L3
  • CSIRT certified to the degree „Accredited“ according to certification authority Trusted Introducer
  • Monitoring potential threats and using zero-day security information for customers environment
  • Communication with customers
  • Work with community MISP, STIX / TAXII, Cluster of cyber security
  • Active search for new or unknown threats
  • Analysis of phishing attacks on organization

Technology

Technology

  • Complex security monitoring of customers environment
  • IT, OT (SCADA), IOT, physical infrastructure
  • Incident detection using analytic tools
  • UBA, NDR, Real time correlation
  • SOAR
  • EDR
  • Vulnerability Management
  • Ticketing tool for ensuring reaction to incidents
  • Operational monitoring
  • Collection, secured transfer, log encryption, and preservation of audit records
  • Advanced search and analysis capabilities

Services

AXENTA CyberSOC is specialized centre of cyber security, which provides elimination of risks associated with cyber threats.
This centre is equipped with the latest powerful technology by world producers (Eset, IBM, Micro Focus, One Identity, Progress/Flowmon, etc.), which can handle effective protection of concerns and key processes of all its clients. Even the basic service provides professional tools such as Log Management, SIEM, SOAR, ticketing and central dashboard in combination with the team of experts and processes over the entire service.

In addition to the basic service, the following additional CyberSOC Modules can be ordered:

DLP/Endpoint Audit

DLP (Data Loss Prevention) solutions to protect sensitive data such as customer databases or construction drawings. It takes hours to prevent important documents from leaving your business. In addition, it allows you to perform a security audit so you can find out what's going on inside your organization.

Read more

 

  • Immediate data protection

Find out where your company is leaking files and where the security risks are. Deploying DLP will not delay your business and you will immediately get an overview of all security issues.

  • Easy to use and easy to understand

DLP clearly informs how sensitive documents are protected. Even without expensive training and certificates, you will perform a security audit or find out how much different licenses for expensive software are used.

  • Multiplatform security

Manage all your business devices from one place. Data Loss Prevention also allows you to protect mobile devices such as tablets and mobile phones. So you can work with company documents without worrying about data leakage in case of device loss.

Vulnerability Management

Vulnerability management is considered a key element in addressing system security for a simple reason. The attacker's effort is always to find a weak point and use it to penetrate the organization, so without a suitable tool that would detect vulnerabilities, this area cannot be addressed well. Vulnerability Management (VM) tools allow you to audit the environment, detect vulnerabilities and, most importantly, help IT staff prioritize their activities.

Read more

Vulnerability Management is not just a tool. It is a process involving the detection, analysis, evaluation and design of the correct procedure for their eliminatio

  • VM is built on scanning elements of infrastructure and searching for known vulnerabilities. Scanning is performed through agents installed locally on servers or agentlessly using a scanning engine. The scanner scans all systems, detects used components, their versions and compares them with the vulnerability database.
  • Scanning is performed at regular intervals. The result is a list of detected vulnerabilities and their criticality.
  • VM tools also provide context for detected vulnerabilities and refer to external sources describing how an attacker can exploit the vulnerabilities. They also suggest how to eliminate or mitigate the effects with links to download and deploy the update.

Operation Monitoring

Based on Nagios' user-friendly monitoring console, Centreon is now a rich monitoring platform powered by Centreon Engine, Centreon Broker and Centreon Web.
A monitoring enthusiast who requires Nagios-inspired flexibility without its complexity will simply welcome Centreon for use in complex infrastructure systems and with high monitoring performance.

Read more

  • Complex

Operationally robust platform with powerful data processing and protection elements, advanced indicators and a unified control console for reliable continuous monitoring.

  • Scalable

It integrates with other environments and devices and their dependencies while maintaining homogeneous monitoring through distributed operations.

Privileged Access Management

PAM is a technology designed to monitor activities and control access to remote servers, virtual desktops, or network devices. PAM can also record the activities of users who access these systems.

Read more

  • PAM can record, for example, the activities of a system administrator who configures database servers over the SSH protocol, or transactions made by employees using thin clients in a Citrix environment. Recorded audit trails can be played back as video, so you can track events exactly as they actually took place. The content of audit records is indexed (OCR metadata), which simplifies the search for events and also allows automatic reporting.
  • It is a fully transparent proxy gateway, completely independent of end stations and servers (agentless access). When deploying PAM, it is not necessary to modify applications on servers or clients, it integrates without problems, at the network level, into the existing infrastructure.

Main features and benefits

  • Detailed and exact monitoring of employees and partners
  • Central authentication and access control
  • Higher responsibility of IT staff and unambiguous responsibility
  • Lower costs for problem detection and forensic analysis
  • Improving compliance with regulations and regulatory requirements

Network Behavior Analytics

Network traffic security analysis is another important pillar in network security efforts that adds insight into the detection of suspicious activity. For this, NDR (Network Detection and Response) tools are used, which are used to monitor computer networks and allow automated response to security events. The basis of these tools is the recording of communication within network infrastructure and its security analysis.

Read more

Anomaly Detection and Network Behavior Analysis is an advanced technology that uses continuous monitoring and evaluation of NetFlow or NTA-based network traffic statistics to detect unwanted activity. GDR systems proactively monitor and analyse network events, look for unusual relationships and behaviors, and automatically detect network anomalies, attacks, and other threats. On the side of network and security administrators, it puts advanced artificial intelligence, which suitably complements traditional security products and significantly facilitates the resolution of network incidents. Overall, the GDR takes the organization's security to a new level, enabling the transition from firefighting to active risk elimination.

User and Entity Behavior Analytics

User Behavior Analytics integrates data from Privileged Access Management technologies along with data obtained from the log record and other contextual data sources. More than 13 algorithms examine 17 behavioral characteristics that generate a behavioral profile for each privileged user. This profile is further improved / modified through machine learning.

Read more

  • Real-Time Threat Detection

It monitors and visualizes user activity in its IT environment in real time without predefined correlation rules.

  • Notify or Suspend

Closes sessions that indicate the presence of a pest and alerts authorized users to a possible breach / attack.

  • Reduce Alert Noise

Prioritizes events based on user risks and levels of deviation. Check only the most serious events.

Team

Petr Vychodil

AXENTA CyberSOC Operations Manager. He covers AXENTA CyberSOC from the perspective of operation and people management. He solves the implementation of provided services to customers.

Peter Štubňa

trained and certified risk analysis expert and designer for the implementation of corrective measures arising from the requirements of the Cyber Security and Personal Data Protection (GDPR) laws.

Lukáš Novák

Team leader of CyberSOC analytics team and AXENTA CSIRT. Together with his team, he provides L2 analysis of detected security incidents and is responsible for CyberSOC development activities in the areas of threat intelligence, incident response, automation and malware analysis.

Contact

By sending I agree with Principles of personal data processing

I am interested in the service