High End Information Security Services

Transcription

1 High End Information Security Services

2 Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company. We provide professional solutions to a wide range of clientele both as consultants and as integrators. The array of our services and solutions include: Compliance surveys, penetration tests, forensic analysis, design and deployment plans, gap analysis and implementation of regulatory requirements of information security. We provide services to a large number of clients in manufacturing, government, banking, insurance, hi-tech, and credit card globally. Trion Logics specializes in various SIEM systems (HP Arcsight, McAfee ESM) and has been behind major milestones in the information security industry. We work hard to make sure that our clients securely achieve their business objectives. We are certain that our experience in information security, in all aspects, will provide an added value to your organization. We maintain high standards, not only in providing the correct solution for your organization, but in providing service at the upmost professional level. We strive for perfection... Our Services System Hands-On Part of our services includes the following hands-on configuration and assistance on various systems: McAfee Sentrigo Intellinx Informatica ObserveIt HP SIEM Splunk Rapid 7 Securonix And much more... Vulnerability Assessment We offer full Vulnerability Assessment (VA) services which include: Vanilla vulnerability assessment (known vulnerabilities) Finding unknown / new web vulnerabilities (web applications) Social Engineering (Spear Phishing, mail crafting and more, document crafting with malicious payloads and so on) Penetration Testing (black, gray, white box): Web Application Penetration Network Penetration Test Wireless Penetration Test Station Hardening Penetration Mobile Applications Penetration Product Penetration Test Malware Forensics Classic Malware review (static, behavioral and memory) Reversing, packing, unpacking etc... Identifying new and unknown threats Identifying Bots, malicious activity on customers network Operating system forensics (while maintaining full chain of custody) Windows / Linux / OSX Variants Forensic investigation (actions, activities, operations etc...) Lost file recovery Mobile devices forensics (IOS / Android) Training (SOC) SOC training is divided into two categories: basic and advance. Both trainings provides key skills needed for the SOC operator to execute the job in the up-most professional matter (for a complete syllabus please contact us): 1. SOC Based (Analyst Line) Understanding SOC basics (who are we, what do we do) Knowing the enemy (cyber threats and common security practices) Creating actionable items (incident response) Inner and outer threat analysis Working with tools (reports, cases, channels and more) Working with outside and custom made tools 2. SIEM Based (Project Integration Line) Understanding SIEM basics Planning ahead (pre-implementation scenarios) Building from the ground up Simple / complex scenarios how to approach and tackle Customizing SIEM for proper usage Harnessing SIEM for better security view SIEM Advanced (Advanced Analyst/Builder) Taking advantage of outside knowledge sources Building complex rules and analyzing APT s / Targeted attacks Behavior analysis (pattern discovery) Flex connector authoring Advanced connector functions (map files, inner parsing and hidden features) 2

3 Securonix Activity Risk Intelligence provides the industry's first behavior based, signatureless technique to detect targeted attacks. The solution detects anomalies in activity logs and risk ranks these anomalies so you can focus your investigations on the highest risk activities and users. The Securonix Activity Risk Intelligence solution looks for patterns in log data across 120 different characteristics encompassing users, peer groups, activity frequencies, network sources and multiple time windows (daily, weekly, monthly, etc). By using the proprietary data mining algorithms, the Securonix solution quickly learns and baselines normal behavioral characteristics. The Securonix solution is able to baseline user behavior, account behavior, peer group behavior and even application behavior. Using these normal baselines, the Securonix solution continuously scans logged activities for abnormal patterns. By risk ranking each abnormal activity, the Securonix solution can provide a prioritized list of highest risk activities and users for further investigation. This advanced technique allows the Securonix solution to even detect unseen attacks. Securonix Risk and Threat Intelligence Platform is a good fit for your organization. The application is written in java and will run on any platform and supports all major relational databases. The Securonix solution provides the ability to define and monitor business specific security policies encompassing user identity, access, activity, application and alert data. The solution also ships with several security policies needed for demonstrating compliance with regulatory requirements and implementing a proactive security posture. The Securonix solution is your end-to-end forensics and investigations tool. Use the Application activity dashboard Securonix technology to see the entire user identity profile (Who is the violator?), the access privileges they hold (What else can they access?), and all security violations from other security products (what else did they trigger?). The Securonix solution gives you the intelligence information you need to make informed decisions. The HP ArcSight Security Intelligence platform helps safeguard your business by giving you complete visibility into activity across the IT infrastructure, including external threats such as malware and hackers, internal threats such as data breaches and fraud, risks from application flaws and configuration changes, and compliance pressures from failed audits. This industry-leading security information and event management (SIEM) solution enables you to collect, analyze, and assess IT security, enterprise security and non-security events for rapid identification, prioritization and response. The HP ArcSight CORR-Engine is a revolutionary solution for high-speed correlation and long-term data retention. It moves away from the limitations of a general-purpose RDBMS, to a data store that is optimized to support the extremely rigorous demands of speed, scalability and storage efficiency when dealing with large volumes of streaming log data. The HP ArcSight CORR-Engine uses a highly customized flat file repository with a "write once, read many" approach to remove the traditional RDBMS bottleneck that prevents high-speed correlation. With this bottleneck removed, the HP ArcSight in-memory correlation engine can ingest log events at much higher rates, up to three times faster under normal conditions and up to five times in burst scenarios compared to the previous version of HP ArcSight Express on similar hardware. HP ArcSight Connectors provide universal data collection from over 300 unique devices without the need to deploy agents across the enterprise. The data is normalized and categorized into the HP ArcSight Common Event Format (CEF) for easy correlation and analysis. The HP ArcSight Connector architecture enables future-proof monitoring, as the system will continue to work even when network technologies are swapped out and replaced with those from new vendors. HP ArcSight Express 3.0 enables faster compliance reporting through the use of pre-built, Report dashboard regulation-specific compliance insight packages that include rules, reports, alerts, and dashboards for specific regulations. The content necessary for audits for a variety of standards and mandates (SOX, HIPAA, PCI, NIST, and FISMA) are built in to the product in a simple, easy-to-read fashion. Security administrators no longer have to spend days or weeks merging data from several different sources for the auditor. With HP ArcSight Express, organizations gain the ability to satisfy auditors faster and more cost effectively than ever before, and are prepared for any additional mandates that may be passed in the future. 3

4 ThreatTrack Security s ThreatAnalyzer (formerly GFI SandBox software) is your best defense against Advanced Persistent Threats (APTs) and custom-targeted attacks. It swiftly and accurately vets suspicious files and URLs in a monitored sandbox environment to determine how they execute, the system changes they make and the network traffic they generate. Armed with this malware analysis, you can identify and completely eliminate these threats from your network. Block malicious inbound and outbound network traffic, remediate changes made to your network and know with certainty that your network is free of a particular threat. In addition to AV, firewalls, SIEM and strict user behavior and password policies, enterprises need to round out their defenses with advanced security tools like malware analysis sandboxes that identify, isolate, analyze and help remove cyber threats. Outright eradication may prove elusive, but these advanced malware analysis tools enable companies to derail APTs and targeted attacks by identifying suspicious code for which AV and malware signatures are not yet available. ThreatTrack Security s ThreatAnalyzer provides just the kind of protection against APTs and targeted attacks that enterprises need. Road-tested in defense, intelligence and law enforcement agencies, ThreatAnalyzer vets suspicious files and URLs in a monitored software environment. It provides a valuable added line of defense for threats designed to bypass firewalls, AV and other anti-malware systems. Using ThreatAnalyzer, security analysts observe how code samples execute, the system changes they make and the network traffic they generate. Suspicious samples are analyzed, and detailed behavioral reports provide the information enterprises need to defend their information assets and eradicate threats. Application activity dashboard Used in the most sensitive environments including government security, defense and intelligence agencies ThreatAnalyzer is an integral component of the U.S. cybersecurity infrastructure, and should be an essential tool in your enterprise cyber-defense. McAfee Enterprise Security Manager revolutionizes security information and event management (SIEM) by integrating security intelligence with information management for enterprise situational awareness. We connect a real-time understanding of the world outside threat data, reputation data, and vulnerability news with a real-time understanding of the systems, data, and activities inside your enterprise. A single McAfee Receiver can collect up to 18,000 events per second. The McAfee Enterprise Security Manager itself can support multiple distributed receivers, and is able to handle hundreds of thousands of events per second without compression or aggregation. With aggregation, a single appliance can SIEM ESM threat dashboard support tens of millions of events per second enough to address the demands of the largest enterprise networks. McAfee's ESM is highly tuned database appliance can collect, process, and correlate billions of log events from multiple years with other data streams at the speed enterprises require. McAfee Enterprise Security Manager is able to store billions of events and flows, keeping all information available for immediate ad hoc queries, forensics, rules validation, and compliance. Two-way integration with McAfee epo software extends visibility and control across your entire security and compliance management environment. McAfee Enterprise Security Manager can automatically detect and collect data from McAfee epo-managed data sources. McAfee Enterprise Security Manager can also feed events (including correlated events) back into the McAfee epo system, which can then be transferred to other SIEMs, IT governance, risk, and compliance solutions, and McAfee Security Innovation Alliance partner products. Comprehensive. Professional. Reliable. 4

5 For more information about our services, call now: +972 (0) , contact us at or visit our website at