Managed Security Service Provider
Expertware allows you to fill the gaps in your security capabilities to ensure 360 degree protection from all cyber-security threats.
End-to-end security
A chain is as strong as the weakest link. We've seen (too) many times organizations which defended very well their borders with state-of-the art firewalls, multi-layered protection, real-time vulnerability assessment while leaving allowing weak/leaked applications accounts.
The investments might be jeopardized by a single overlooked configuration item.
Therefore, we propose a holistic approach ensuring hardening for each of the layers involved:
- Border, layered security
- Application publishing and reverse proxies
- Hypervisor security
- Container-based security (Kubernetes), network interconnects to remote Data Centers, Clouds, SaaS apps
- NAC: Access to internal network and Wi-fi
- Authentication & Federation: LDAPs, AD-FS
- OS hardening: server and workstations group policies
- Authorization: SSO, Privileged Access Management and Audit, On-demand Privileged Access, Application-Aware Firewalls, segregation of duties (SAP GRC, Archer GRC), credential Vault
- Encryption: Certificate Management (PKI infrastructure and certification authorities), always encrypted server to server communication, disk/database / backup/archive.
- Security Information and Events Management (SIEM): correlations of security events and alerts from multiple sources (Elasticsearch, Splunk, Apache Metron).
Security Operations Center
Managed Security Operations
It becomes common to have organization using IT components spread across multiple private DCs and cloud vendors. Therefore, our engineers evolved from single stack certification to complex multi-layered capabilities.
We manage your on-premises firewalls, the cloud counterparts virtual appliances (Azure, AWS), configure VPN among the different locations and ensuring that only specific traffic and authenticated flows are allowed evaluating continuously the vulnerabilities (known & new) against the customer's IT landscape and processes.
What we actually do?
- Deployment, configuration and operational management for Firewalls
Vendor-independent:
- Palo Alto, Checkpoint, FortiGate
- Open source: IPtables
- Reverse Proxies: F5, Apache module, Nginx, IIS rules
- Multi-Cloud interconnect, VPN configuration, NAC configuration, private key infrastructure and LDAP integration.
- Design, configuration, and monitoring for network and security appliances in Azure, AWS.
- Identity Federation: ADFS, Oauth, SAML, Okta
- SIEM proactive and continuous monitoring and analysis (new flows, events, rules, alerts).
- SOC 24/7 monitoring, incident response and forensic investigations.
- Evaluation of potential risks --> RSA Archer GRC | SAP GRC (AccessControl)
Identity & Access Management
Gain control & visibility within your organization system.SIEM & SOC
Prevent potential security breaches while you increase efficiency.Identity & Access Management
Give access to the right users at the right time. Increase your productivity and improve the User Experience while reducing your IT costs.
- Network segmentation (Front end, Back-End DMZ, separation of instances, isolation for critical systems), privileged Access Management, continuous monitoring, privileged access workstations, federation (ADFS, OAuth)
- Identify weak or compromised accounts. Ensure standard and privileged accounts do not share the same password.
- Automate user activity and privileged access audit reports.
- Automate compliant user provisioning and removal based on user profiles (see Xpert.IAM app)
- Correlate and maintain identities across multiple directories/apps Example: when a user leaves the company, we make sure that all user-related identities are disabled from all LDAP or applications.
- Audit service accounts, implementing managed service accounts, automatic password change processes.
SIEM & SOC
- Design and deployment of integrated SIEM solutions.
- Define sensitive events that must be captured, configure the log aggregation, multi-source correlations, translate, prioritize and configure vulnerability use-cases based on the MITRE ATT&CK framework.
- Leverage Elasticsearch partnership and collect events from multiple sources and logs, aggregate and visualize them in custom Kibana dashboards.
- Configure multiple indexes based on the source data types.
Network Access Control
We believe in your network’s integrity and we keep it secure.Host Intrusion Detection Systems
Keep your work flow efficiently while we permanently prevent intrusions.Network Access Control
Every day, we encounter cyber-attacks and cyber threats.
In order to be prepared, the implementation of the NAC system has become a necessity, as no one wants to compromise their company’s system or/and its data.
Day by day, a multitude of devices used within the company are connecting to the company’s network. Are they safe?
- Design & Deployment and Operational Management for Network Access Controlled solutions for wired and wireless LAN and various client OSS (Windows, Linux, Android, iOS).
- Segregation of traffic flows (guest, captive portal, remediation, mobile, intranet), hardening, deployment of dot1x setting to endpoints, automation for endpoints which are not compliant.
- Integration of HID and NIDS solutions with NAC.
- Customization and deployment of security policies (WMI rules, GPO settings).
Host Intrusion Detection Systems
- Enhance customer end-points protection, streamline and automate remediation actions based on security alerts.
- Plan, deploy and manage deployments of HIDs agents to end-user devices and integrate them in with SOC / SIEM / NAC.
- Monitor the configuration and the dynamic behavior, show performance and services baseline, and detect anomalies and trigger alerts.
- Configure correlation with live threat sources, set up checksum for relevant objects (binaries, files, registries).
- Continuous assessment for MITTRE attack vectors and translation to HIDS detection rules/alerts.
- Solutions covered: OSSEC, Tripwire, Wazuh, Endgame.
Copyright © 2020 - All Right Reserved.