Cybersecurity systems

Our organization has been designing and implementing SIEM systems for 20 years. We are the market-leaders in this area in Hungary, and we have also completed multiple significant projects on a European level.

Implementation is owned by the engineering organization of the SOC Platform, which can do everything in this area from system measurement to planning and implementing the required integration tasks to unique parser development. In addition to simple cases, we also have experience in building and supporting systems that require hundreds of servers and have hundreds of thousands of users.

The goal of our vulnerability management service is to continuously monitor and maintain our customers’ systems in order to keep them as safe as possible from ever-evolving cyberattacks. To do this, we use a complex vulnerability management platform called Skybox Security Suite. By using its different modules, we can achieve network oversight, vulnerability prioritization, firewall rule optimization, as well as transparency and automation in change management processes in both IT and OT environments.

In our daily work, we use the most outstanding tools such as Trend Micro’s Apex One platform, which is featured among the leading endpoint protection solutions in market analyst Gartner’s Magic Quadrant.

The XDR technology we use is based on AI and can be managed on a single platform. By using and complementing these tools, we can offer outstanding protection for our customers.

As part of our operation service, we can provide comprehensive support for our customers’ complex – even multi-vendor – environments. We tailor our service fully to the needs of the customer, which we can ensure from L1 to L3, ranging from periodical operation to guaranteed 24/7 availability. Thanks to this, we can provide help with every-day tasks, as well as troubleshooting complex network errors, which takes a lot of burden off the organization’s own employees. Furthermore, we can also help with remote supervision, on-site support, dealing with vendor ticket related tasks, as well as creating monthly C-level reports.

In every organization, protecting corporate e-mails is critical as they contain sensitive data and information. By implementing e-mail security measures, we can prevent information leakage and unintentional breach of applicable regulations.

To do this, we use Trend Micro’s Cloud App Security module, which also offers comprehensive protection for the Office365 and Google Workspace cloud platforms. Its integrated DLP solution enhances the security of frequently used services (Teams, Sharepoint, GDrive) as well.  FortiMail, its Fortinet Fabric compatible solution, can be ideal for customers whose infrastructure is based on Fortinet products.

The safety of our solutions can also be attributed to the fact that we use sandbox tools of market-leading vendors in our daily work. The sandbox technology runs the malicious codes in a separated environment and analyzes them based on their behavior. This provides us with a secure way to learn about the threats and use them to strengthen our customers’ defense systems. Among the used tools, Palo Alto’s Advanced Wildfire is an outstanding solution that analyzes Zero Day type attacks in real time, thus protecting the infrastructure of each customer. In addition, Trend Micro’s Deep Discovery solution offers comprehensive protection against C2 and Zero Day attacks, as well as known and unknown malware.

If the SIEM has already been implemented, but according to the analyses, the system could perform much better, it is sensible to keep it and introduce enhancements. This can be done through our SIEM expansion service. We provide consulting services to help keep up with changes and engineering work to enhance existing SIEM systems. The expansion includes major system updates, analyzing and fine-tuning the configurations of the existing system, as well as the integration of new features or applications into the deployed system. The new features can include user and system behavioral analyses, network analyses, or processing and inputting endpoint data for hunting purposes. Further important improvements could include the integration of a SOAR solution or threat detection data flows.

Our service ensures the integration of MFA (multi-factor authentication) solutions tailored to the needs of the customer.

The applied SecurID product is available both on-premise and as a cloud solution. One of its advantages is that in addition to traditional software and hardware tokens, it is also equipped with a FIDO2-compliant token. Thanks to the subscription model, it is easily scalable from microbusinesses to corporate environments, making it an excellent option for any company. In addition, it can be integrated with most vendors’ VPN solutions, and it is also suitable for protecting critical internal resources. In the case of an existing Fortinet environment, the vendor’s MFA solution can be a great alternative, as it can be easily integrated with Fortinet Fabric.

The efficiency of the entire defense system depends on the reliability of the security systems. We have gained experience in proactive, active, and passive system architecture design at financial institutions, government organizations, and industry players operating critical infrastructures. First, our engineering team conducts an analysis on the current state of the defense toolset and the capabilities governed by the appropriate methodology. Next, based on the cybersecurity strategy and current risk analysis, they design and implement the architectural components of an advanced security tool system.

The goal of XDR platforms is to ensure a more comprehensive oversight and better detection of security events and threats across enterprise networks, cloud-based environments, and endpoints.

XDR simplifies the spectrum of processes – both from an administrative and operational aspect – to the extent where a security-conscious organization, either by itself or with the help of a vendor, can defend itself against cyber threats and mitigate the risks caused by these attacks.

• XDR collects and analyzes the data from multiple sources such as network devices, applications, cloud services, and endpoints to ensure more sophisticated detection capabilities.
• It unifies alert management, incident investigation and response processes into one platform, enabling faster and more efficient measures.
• It automates threat detection, investigation, and management, lowering the burden on security teams and improving response times.
• Instead of focusing only on reactive alert management, it proactively helps identify and remedy security gaps and network anomalies.
• XDR systems are often cloud-based, which lets them leverage analytic, machine learning, and artificial intelligence capabilities in the areas of threat detection and response.

While the SIEM system ensures alerts and oversight, the SOAR system provides responses and automation. In cooperation, the two can improve the efficiency of security operations and decrease the time needed for managing potential incidents. By using the two simultaneously, we can ensure maximum oversight and defense against cyber threats.

Due to the increasing number and complexity of cyber threats, Security Operation Centers often face challenges in four areas in their daily operations. SOC analysts receive too many alerts every day, they use too many tools for incident investigation, they spend too much time doing boring, repetitive tasks, and they do not have a complete, comprehensive oversight on incident information. These together create the so-called “SOC problem”.

SOAR supports the harmonization of SOC’s people-process-technology pillars, speeding up incident response times using standardized and automated playbooks.

Of all the SOAR-type systems on the market, we find Palo Alto Networks’ Cortex XSOAR platform to be the most outstanding. We have used its features successfully for years to remedy the four SOC problems.

By utilizing SOAR, organizations can collect the inputs monitored by the SOC team and define incident analysis and response procedures in the form of digital workflows. Through implementation, we can provide a central platform for SOC analysts for end-to-end incident management, and automate numerous monotonous and repetitive activities. This way, analysts can focus on more complicated tasks which in fact require human workforce.

In addition to customized, greenfield network planning and design, we also provide comprehensive operational services. We integrate different cybersecurity components and technologies into a single synchronized system to achieve more efficient defense, faster threat detection, as well improved response.

In addition, we secure the existing systems with next-generation, machine learning supported defense mechanisms to help them combat increasingly sophisticated attacks. Our security solutions inspect signatures in real time and detect malicious codes based on behavior.

We tackle modern challenges with NGFW (next-generation firewall) solutions which enable us to control the access of network segments granularly. Following the increased need for working from home, we have also put more focus on providing remote access, for example through VPN concentrators integrated into perimeter firewalls, and their related endpoint agents.