Cyber Defense Center

Cyber Defense Center

Securing the confidentiality, integrity and availability of data in modern enterprises comprises several tasks, ranging from systems management, change and configuration management, and also a cybernetic security strategy.


 


Our story

Key persons left the client’s security team in a short time span, whereas it was very difficult to find a qualified replacement for them on the job market. The temporarily weakened team was furthermore facing a growing number of cybernetic attacks on their network, which it could not systematically deal with.

In spite of the initial mistrust in the decision to entrust protection to a third party, the client in the end contacted our Cyber Defense Center. We immediately carried out a risk analysis and maturity assessment. We offered the client a plan for the reimplementation of security monitoring, and they agreed to it. During the reimplementation, security anomalies were detected at the client’s perimeter. An in-depth analysis with the use of EDR detected that internal and protected data are being mined from the client’s CRD.

Based on our findings and subsequent elimination of attacks, the client decided to make use of combined company protection via SIEM and EDR technologies. The implementation of EDR took 3 weeks and covered all end devices including production servers. The reimplementation of a SIEM solution was carried out simultaneously – the events from the perimeter, backbone elements and application databases were redirected here.

The client also saved a significant part of their costs compared to the option of purchasing individual licenses and searching for appropriate specialists on the job market. At the AEC Cyber Defense Center we offer advanced technologies which go beyond standard security solutions and which would otherwise also be costly to purchase and operate in-house. By outsourcing, the client only spent a fraction of these costs while obtaining the best possible protection for their company and without the need to expand their team.

The solution’s description

The CDC is run by a team of experienced analysts and SIEM administrators with practice from global SOC, experience with the use of state-of-the-art technology and with handling large-scale incidents as well as APT attacks on local and global levels.

CDC services

Log Management – collection, normalization and storage of logs (optional retention).

Security Monitoring – implementation and development of detection rules, analysis of security events and incidents.

Incident Response – recommendations on how to proceed in order to solve security incidents and help with handling them.

Threat Hunting – active search for new threats and suspicious anomalies over collected events from the client’s environments.

Threat Intelligence – detection rules are enriched by IOC from external information sources/feeds.

Advanced Detection and Protection for Assets – an agent-based solution with unique prevention and especially detection capabilities and reactionary functions which also allow for the remote solution of incidents on devices.

Cyber Brand Protection – monitoring of external information sources with the aim of detecting leaks of defined sensitive data from the client’s environment (login data, internal documents etc.).

Malware and Forensic Analysis – analysis of the behavior and possible impacts of harmful code, forensic collection and analysis of data using procedures and outputs that are acceptable in court proceedings.

Professional Services – impact analysis, proposal and support for the implementation of corrective measures after extensive cybernetic incidents or APT attacks (impact analysis is conditioned by the installation of agents on end devices).

Forms of service provision

Complete outsourcing – you receive complete service, including not only CDC services but also the price of all required licenses and HW. CDC SIEM is operated in a so-called multi-tenant environment, where events from individual clients are strictly separated from each other. If you require logs to be saved in your own infrastructure, the data storage can be operated on your (the client’s) side.

Hybrid model – you own the licenses for SIEM and the hardware, we deliver the services.

 


The contributions of our solution

Cyber Defense Center provides stronger protection, with less things to worry about and lower costs

Significant reduction of risks – Above-standard client protection thanks to continuous monitoring and development of detection rules. Our highly experienced CDC team efficiently and independently handles detected events.

Lower costs – CDC services are of high quality but also allow clients to save operating costs compared to running the same services internally. No more worries with finding, raising and the retention of expert employees.

State-of-the-art technology – the used tools are among TOP products on the market (SIEM, EDR, Threat Intelligence). We continuously keep track of the development of new products and deliver carefully tested and verified functionalities.

We make use of our many years of experience and collaborated through all AEC divisions

Security Assessment Division – we utilize the experience of our pentesters from real environments and to this end adapt the composition of correlation rules; we also regularly test our detection capabilities including the work of our analysts.

Risk & Compliance Division – we work with process specialists on the creation and documentation of processes on the interface between clients and the CDC.

Security Technologies Division – our colleagues help you with fixing problems detected on the client’s security solutions (configuration of the FW, IDS/IPS, DLP etc.).

Want to be sure you’re not making a mistake? Try us!

  • We offer a trial mode for CDC services.
  • We’ll demonstrate our state-of-the-art detection and reaction capabilities on your selected asset. We can detect, among others:
            • Infected servers and stations in your network,
            • Defective communication between your end devices and Command and Control servers on the internet (Botnets etc.),
            • Connections to Bitcoin miners from your network,
            • Misuse of privileged accounts.
  • We will show you the real threats you are facing and also propose ways to reduce them.

  Maturity assessment

  • We will carry out a quick maturity assessment of your SIEM/SOC.
  • We will assess the level of your detection and reaction capabilities.

References

We cooperate with companies and organizations across the entire market for the long-term. Our customers not only include international companies, but also small businesses and entrepreneurs. We offer maximal cooperation to all of them and we provide them tailored services regarding their size and the sphere of their activity. We’ll gladly provide concrete references upon request.