.png){kind=small}
Security Services
Splunk ES Implementation & Tuning
Not every event source is equally useful in the context of security monitoring. Therefore, when implementing SIEM, we are guided by the organization's security risks and compliance with popular frameworks (CIS, Mitre ATT&CK, etc.). Сustomer must see the effect of each new source or alert and understand how it decreases risk.
In addition to a huge base of our custom correlation rules, we guarantee an acceptable level of false positives for any alert we develop. No more thousands of pointless brute force alerts from an account with an expired password.
Cloud Security Monitoring
If you want to increase cloud security or the auditor requires cloud monitoring for PCI DSS, SOX, etc., you have come to the right place. We know the main cloud attack vectors and how to monitor them properly. Network, IAM, Authentication, and other types of logs. Ready-made Splunk applications and alerts for AWS and GCP. Clear and understandable integration instructions and detailed documentation.
​
Additionally, we can audit your configurations and point out specific settings that are risky in terms of security.
PCI DSS Compliance
PSI DSS regulates what sources of events and how often the security team should check. It is usually difficult for a small team to determine which requirements to fulfill and how they can be automated.
​
We know which PCI DSS requirements and how to monitor them with the help of SIEM properly. Which sources, rules, and dashboards allow you to protect yourself and simultaneously reduce the time the team spends on compliance. As a result, our clients constantly pass the certification, including audits from the "Big Four" companies.
Vulnerability Management
We have extensive experience in developing systems for vulnerability assessment. How to analyze the results of vulnerability scanners, track the life cycles of vulnerabilities, which metrics to use to evaluate the remediation process, and how to report it all.
​
We will help you find common ground with IT support, prioritize vulnerabilities for a fix and build a monitoring process for such a fix. Analytical dashboards and useful alerts are included.
Security Intelligence
We develop global analytical systems for the analysis of security processes. We will help to answer questions about the need to purchase new security tools, evaluate the operation of current systems using simple and understandable KPIs for business, and highlight the most relevant risks.
​
We can build systems that help assess the organization's cybersecurity level in accordance with popular security frameworks, such as Cyber Killchain, CIS, NIST, or MITRE ATT&CK / D3FEND.