Log Management and Analysis
Log and machine data contain valuable information about the operating status of the IT landscape, capacity utilization, performance, service levels, user behavior, client experience, attacks and fraudulent activities, and can provide answers to many company questions. Our solutions help you
- collect, index and save this data centrally in conformity with compliance requirements
- protect confidential data with granular access policies
- explore, analyze, visualize, correlate and alert interactively, across systems and in real time with regard to this data
- enrich this data with already available information and knowledge
- put this data into a company-related context and use it for the company's benefit proactively and in real time (operational and service intelligence)
The application areas for log management and analysis include operations, security, compliance, application delivery, development and business analytics.
- One Identity (former Balabit SSB)
- Splunk Enterprise, Splunk IT Service Intelligence
Security Monitoring and SIEM
To protect corporate assets and client-relevant information against cyber crime, continuous security monitoring is necessary:
- Detection and analysis of complex external and internal attacks to minimize potential damage
- Review of compliance with statutory regulations and internal requirements and guidelines
- Detection of vulnerabilities before they can be exploited
- Reviewing of effectiveness of security control measures
Security teams need not only in-depth knowledge, but also the appropriate cyber security framework for checking effectiveness. In order to address all levels of security monitoring, including complex attacks, a multi-level security system and a combination of different solutions and functions are necessary.
The core of the security monitoring is our next generation SIEM solutions with:
- real-time monitoring and correlation of security-relevant normalized and contextualized events in all systems, applications and sensors
- risk prioritizing of events
- endpoint and network monitoring for seamless forensic data
- machine learning, behavioral profiling and statistical analyses
- threat intelligence
- incident orchestration and automation for fast incident response
- compliance automation and reporting
- visualization of key security indicators and company's security level
- Splunk Enterprise Security, Splunk UBA
- tacLOM Hybrid
- Vectra Networks
Network Based Threat Detection
A cyber security platform uses artificial intelligence, machine learning and behavioral analysis in network traffic to automatically detect basic attacker behaviors. These include remote access, hidden encryption tunnels, exploiting backdoors, misusing log-in credentials and using reconnaissance tools.
- Vectra as a source of information for our SIEM solutions
Vulnerability management continuously identifies inventories and monitors vulnerabilities, missing patches, policy compliance and changes to the IT infrastructure.
The order in which vulnerabilities are remediated is based on the following criteria: complexity of exploitation, availability of exploits and updates, and frequency of occurrence. Measurement and reporting of cross-departmental update processes makes vulnerability management a control tool for updates and misconfigurations.
- Tenable.sc on Premises
- Tenable.sc as a Service
Network, Content and Perimeter Security
Our solutions offer comprehensive protection against complex attacks and threats and allow you to network securely with partners and the outside world. Depending on the security requirements and architecture, the spectrum of solutions ranges from unified threat management solutions that combine different security functions in one central solution and extend all the way to multi-level firewall solutions with dedicated specialized security gateways.
Firewall and VPN Solutions
Our next generation firewalls are the cornerstone of perimeter and network security. They are characterized by
- high performance and advanced networking functionalities such as load balancing, ISP redundancy, QoS and many more;
- flexible device-, user- and application-specific security policies
Depending on the security architecture, these can be supplemented by additional threat prevention modules:
- IDS/IPS functionalities
- WEB filtering
- Anti-malware and threat emulation / sandboxing / extraction technologies
- Check Point NGFW
- Cisco ASA VPN
Email and Web Security
Email communication and web browsing are at some of the highest risk for infection by malware and are also used by advanced persistent threats for "command and control" connection or data exfiltration. In order to reliably stop spam, malware and phishing at the perimeter and ensure the confidentiality and integrity of email communication with clients and partners, it is necessary to have specialized security solutions with state-of-the-art technologies:
- Reliable detection of spam and malware through anti-malware scanning, reputation filtering, virus outbreak filtering, graymail detection, secure unsubscribing from distribution lists, URL filtering and many other means.
- Reliable web protection through anti-malware scanning, dynamic reputation filtering and behavioral analysis of web content, application visibility and control (AVC) to detect and control Web 2.0 micro-applications, data upload controls and much more.
- Advanced malware protection with file reputation, sandboxing, behavioral analysis and retrospective file analyses
- Data loss prevention
- Email encryption via S/MIME, PGP or secure web mail
- Cisco Email Security Appliances (ESA)
- Cisco Web Security Appliance (WSA)
Privileged Access Control (PAC) or Privileged Access Management (PAM)
PAC and PAM take care of the control and traceability of all administrative system accesses with increased privileges. This type of access involves additional risks that have also been identified by regulators and standards (e.g. ISO). Two solutions that manage privileges and create transparency have proven their worth in practice.
Depending on the client's situation, both approaches cover the regulatory requirements and massively reduce the risk of an internal attack thanks to increased privileges. The transparency achieved also helps to detect misconduct and facilitate work in conformity with policy.
- One Identity (former Balabit SCB) as a specialized firewall for administrative access protocols such as SSH, ICA, RDP, etc.
- Centrify Infrastructure Services as an agent in the system with control of all rights in the AD and central recording of activities