DERUUA

Your reliable cybersecurity partner

Wide, deep and unique experience and competence in IT and corporate security. Both in GRC (Governance, Risk management, and Compliance), and in technical security. Both in Defensive Security and Offensive Security

About us

H-X Technologies started as an independent team of cybersecurity professionals. We gradually grew to the level of an international Managed Security Service Provider (MSSP). We are highly qualified, flexible and reliable:

What makes us different

1. Experience in information security

Since 2001, we have gained a lot of experience in IT, particularly in information security assessment and management, in various spheres (industrial, medical and pharmaceutical, telecommunication, retail, financial, SaaS, IT outsourcing, etc.) and in different countries. Read about our case studies.

2. International security certifications

The specialists of H-X have earned and maintain internationally recognized certifications (CISSP, OSCP, CISA, ISO 27001, CEH, CLPTP, ISA/CFS, etc.). These certifications cannot be obtained without verified years of experience and successfully passing rigorous exams. The certifications prove our high professionalism and do not allow for illegal or unethical behavior, otherwise, they are immediately revoked.

3. Highest quality

H-X uses modern, comprehensive methodologies and development tools for IT and cybersecurity. We are attentive to details. In each project, we develop suggestions for continuous improvement and track changes in our customers’ security 24/7.

4. Highest customization and flexibility

Our slogan is “professional services for any budget”. We even provide free services. We study every customer’s needs carefully before we embark on a project. Unlike other companies, our pre-engagement documentation includes a comprehensive set of detailed project parameters. Our approach allows the customer to understand exactly what they pay for. We have a great deal of experience and are continually improving our methodology. This is what distinguishes us from our competitors.

5. Absolute legitimacy and confidentiality

We value our longstanding reputation, so we strictly adhere to laws, regulations, and our corporate Code of Ethics. Our legal support takes into account the rights and interests not only of our clients and partners but also the legitimate rights and interests of third parties. Our specialists sign your commitment forms personally, just like your employees. Such reliability is usually unreachable with small companies, let alone freelance or bug bounty platforms.





History and Mission

Since 2001, we have gained a vast amount of experience in information technologies, cyber and corporate security in various spheres: industry, finances, retail, IT, etc. We have worked at state-owned and private enterprises, in various engineer and management positions; developed, deployed, and administered security systems and various services, systems, and networks; performed audits and penetration tests; certified systems and organizations; ourselves, received specialists’ certificates and various awards; trained the personnel; performed full cybersecurity life-cycle for systems, networks, and organizations.

In 2016, we decided to come together and set up the company H-X Technologies in order to combine our skills and boost our potential. We created a powerful team to attain the synergy effect and pass our experience on to the next generation, and to realize our economic and social goals.

Penetration testing, implementation of ISO 27001, and teaching secure software development were our first services, and they are still an important part of our portfolio.

Over the past several years, we have supplemented it with other services, such as security analysis of source code, the security of car IT systems, cyber forensics, monitoring and responding to security incidents, development and audit of smart-contracts, cloud security, system integration of security solutions, and others. We have also extended and improved our services in industrial IT and OT security.

Like in the 90s, 2000s, and 2010s, our first clients in 2016-2017 were SaaS and IT outsourcing companies, automotive and other industrial enterprises, telecoms, banks, e-commerce, and the blockchain industry. These industries are still the bulk of our customers.

Over time, our customers have also included medical and pharmaceutical, construction and insurance companies, gaming industry, retail, and other companies. We have improved our services in IT development and virtualization, and also learned how to win tenders and other competitions for IT and security service providers.

We are especially proud of the fact that large international information security companies from different countries are among our clients, and, in particular, that we train security specialists from these companies.

In mid-March 2020, we not only effectively responded to the coronavirus epidemic and quarantine, and seamlessly switched to remote work, but also helped our clients to make such a transition, as well as everyone who follows our news.

We are looking into the future with confidence, increasing our staff, and developing SOC (Security Operations Center), MDR (Managed Detection and Response) services, system integration, and security of industrial information and operational technologies.

From the very beginning of our work, we have been actively developing our partner network on all continents. We complement our partners’ services with security services, expand their portfolio of services, cover urgent security requests, and are planning to open branches in different countries.

Our mission is:

- to help our customers and the entire planet develop secure information technologies. We get great satisfaction from making this world more comfortable and safer.

- to help our team members self-actualize. We are convinced that professional achievements and constructive communications allow us to achieve not only career and material goals, and improve intellectually, but also grow spiritually.

- to learn and to teach what is wise, what is good, what is true, by doing charity work, supporting emerging talents, and helping disadvantaged people.





Values and Code of Ethics

Values

- People. The main value is our team. This is our “family” that we care about, develop, protect, support, and inspire. We also value our partners and customers on all continents and build long-term relationships with them.

- Reliability. We value our experience, reputation, and good name, which is synonymous with reliability. We are unfamiliar with the word “force majeure” because we are stronger than crises, and we always deliver on our commitments because our business continuity plans are designed to be challenged. We are happy to broadcast our reliability to our customers and partners.

- Development sustainability. We stand steadily on the ground and move forward, always having reliable support underneath: our intellectual, emotional, and financial capital. Both in life and in business, we choose reliable solutions and if we take risks, then it is always controlled and justified.

- This allows us not only to develop in the seething stream of planetary changes but also to feel comfortable in it.

- Harmony in development. We care about the harmonious, balanced development of our staff and our services, as well as strengthening our customers. We are broad-minded and erudite, and that helps us to be in the right place at the right time. Our team members harmoniously complement each other to obtain synergy in our work.

- Global responsibility. Our business exists not only to make money but also to help the planet. We are socially and environmentally responsible. We are involved in charity work and especially support family values. We do not serve clients whose business destroys people, family, nature, or their harmonious connection, for example, military organizations, tobacco, alcohol, or porn industries.

- Honor. We are law-abiding, and we value ethical principles even more. We do not allow conflicts of interest within the company, with partners and clients. We do not lure away employees from other companies and we act honestly with competitors. We respect and study all forms of morality, from ancient religions to modern social norms.

Code of Ethics

Corporate ethics are the norms of conduct for our team members, based primarily on our values, corporate culture, business ethics, and also on human rights.

The principles of corporate ethics at H-X Technologies are general and binding on all team members, regardless of their position. This also applies to any other person acting on behalf of the company.

Our specialists not only share the values of the company and are guided in their lives by these norms of behavior, but also contribute to the further improvement of our corporate culture.

We value the atmosphere of goodwill, friendliness, trust, and mutual support. The high quality of our services and products is associated with a salutary psychological climate in the company.

We strive to create the conditions necessary for high productivity and performance, for open and timely communication, for a healthy working climate, professional and personal growth, as well as self-realization.

We respect the dignity and personality of everyone. Intimidation, threats, insults, humiliation, or manifestations of intolerance are unacceptable in our team.

We adhere to a policy of equal opportunities: everyone’s success depends only on their knowledge, technical and social skills, experience, as well as on the results of their work.

H-X Technologies’ specialists work honestly and conscientiously, are responsible for the results of their work, and observe labor discipline.

H-X Technologies operates per generally accepted international human rights standards. We have no discrimination based on gender, age, color, nationality, race, or religion.

H-X Technologies is committed to contributing to the planet’s environment and the health of our employees and all people.

We value our reputation, comply with laws, ethical standards, and rules of fair business conduct. We strictly fulfill our obligations to customers, partners, specialists, and colleagues.

Each specialist of the company signs a confidentiality commitment, which remains in effect even after the cooperation with the company has been terminated.

We follow a client-oriented approach in all our projects and tasks, both external and internal.

Respect and understanding are at the core of our relationship with customers. We strive to provide the best quality of services and products and do it within the agreed time frame. The main factors of our competitiveness are of high quality and fair prices.

H-X Technologies maintains fair and open competition. We do not violate antitrust or competition laws. We do not use the prohibited methods of competition.

HX Technologies’ accounting ensures that all accounting transactions are carried out correctly by the law and generally accepted accounting standards.

H-X Technologies is against corruption. We do not offer or accept gifts or rewards to obtain an illegitimate benefit.

H-X Technologies is against money laundering. We take measures to combat financial transactions for money laundering.

H-X Technologies does not support any political parties or factions, and neither any armed conflicts, regardless of their goals.

Each member of our team is personally responsible for compliance with all of the above principles, rules, and restrictions, as well as relevant laws, regulations, and standards.





Social responsibility

H-X Technologies attaches great importance to the harmonious interaction and development of man, society, and nature. We understand that over the decades of technological progress, humanity, unfortunately, has largely lost this harmony. We are talking about physiological, psychological, social, and environmental problems.

Attempts to solve these problems by individuals and organizations in individual countries have been disproportionately weak compared to the global nature of the problems. The trends of these problems can threaten the very existence of civilization in the coming decades. It is not difficult to understand that the causes of these problems are in the minds and culture of people. People’s shortsightedness is caused by their selfishness, lies, excessive consumption, and indifference.

The arrival of the COVID-19 virus explicitly shows all the mentioned problems. We are convinced that the coronavirus is not a purely medical or even social problem. Quite the contrary, the coronavirus epidemic and quarantine may be one of the solutions to the more serious global problems listed above. Every month we understand more and more the gravity of these problems; we realize that Nature is much stronger than man; we learn to limit consumption and do without unnecessary things; we learn to be disciplined; we learn to make peace and get along in a confined space; learning to help those who are weaker.

At H-X Technologies, we strive, within our powers, to restore the lost harmony with Nature, to help those in need, and to bring light. We supported family values, motherhood, childhood and spirituality, and did charity work even before the coronavirus epidemic. We continue to engage in all these activities, donating part of our profits.

Our employees share the social and environmental values of the company: they follow the discipline of consumption, use recyclable materials, do not litter physically and psychologically, save salutary psychological climate, show compassion, help those in need, get to know themselves in this world and establish harmony with nature.

These views reflect our social and environmental responsibility and are part of our corporate culture.





Audit and testing

Compliance audits

Your organization’s compliance with international security standards provides significant market and competitive advantages.

This shows the maturity of your management, adherence to modern best practices, and proves that you care about information privacy, the resilience of IT systems, business continuity, responsibility, manageability, and other security-related business requirements.

The standard delivery process for the implementation and support of ISO 27001, TISAX, etc.

1. Confidentiality. We sign a Non-Disclosure Agreement and are committed to maintaining confidentiality.

2. Scope of service and prioritization. We carry out this stage for you free of charge.

3. The deal. We send you a detailed commercial proposal including a high-level project plan. We sign a Service Agreement.

4. Initial audit, gap analysis, and detailed project planning. We interview your staff, check the documents, assess the physical security perimeter, etc.

5. Implementation of security processes and operations. We implement an Information Security Management System (ISMS) for you.

6. The certification process. This stage includes the selection of a certification body, pre-audit, corrective actions, and a certification audit.

7. Ongoing support of the ISMS. The ISMS should be developed, maintained, and optimized. We will make sure that your ISMS is up to date.

When building an ISMS, we actively use security standards and frameworks, if it is appropriate in your organization, or if you or your customers explicitly require it:

- VDA ISA (Verband der Automobilindustrie Information Security Assessment), ENX TISAX® (Trusted Information Security Assessment Exchange), ISO / TS 16949, ASPICE (Automotive Software Performance Improvement and Capability dEtermination);

- ISO 27001/27002

- PCI DSS (Payment Card Industry Data Security Standard), SWIFT Customer Security Controls Framework (CSCF);

- HIPAA (Health Insurance Portability and Accountability Act), HITECH (Health Information Technology for Economic and Clinical Health), HITRUST (Health Information Trust Alliance);

- GDPR (General Data Privacy Regulation);

- SOC 2 (System and Organization Control);

- ISF SoGP (Information Security Forum Standard of Good Practice for Information Security);

- COBIT (Control Objectives for Information and Related Technologies);

- KSZI (comprehensive information security system) according to ND TZI (normative documents for technical information security), etc.

Penetration testing

Testing penetration is the most effective assessment of information security

– Are you releasing a new version of your website, mobile or desktop application?

– Are you migrating a server or publishing a service?

– Have you fired a software developer or system administrator?

– Are you preparing for an audit, merger, acquisition, IPO, ICO?

– Have you been overlooking how securely your employees work?

– Not sure if your specialists measure your security correctly and promptly?

– Have you avoided carrying out penetration testing (pentest)?

You are in the right place at the right time!

WHY PENETRATION TESTING and what is it?

In short, because:

- you get confidence in the future;

- you do not need to hold the truth back from your clients or evade auditors anymore;

- you get a new solid status — successfully passed pentest;

- it helps you find and fix vulnerabilities in your product or network before cybercriminals do;

- in the eternal struggle of good and evil, you are winning a new powerful victory over the world of cybercrime.

Interested? Then let’s dig deeper! Here is the definition:

Penetration testing (pentest, pen-test, pen test) — is a security assessment of IT systems, personnel, or the whole organization, using ethical hacking methods (“white hat”). Security experts simulate the behavior of computer criminals to assess whether unauthorized access, leakage of confidential information, interruption of service, physical intrusion, or other security incidents are possible. Pentest is not only an automated vulnerability scan but mostly manual work. Depending on your preferences, the pentest may include interaction with your staff (social engineering).

Pentesting a website, application, network, and organization provides the most reliable, specific, and effective recommendations for improving security.

We have a wide experience, deep and unique expertise in IT and corporate security. At all levels and in all areas. Both in GRC and technical security. Both in Defensive Security and Offensive Security.

We are highly qualified, flexible, and reliable:

- Experience in information security.

- International safety certifications.

- Absolute legitimacy and confidentiality.

- The highest degree of customization and flexibility.

- Highest quality.

Audit of application code

Analysis of the source code will help you eliminate vulnerabilities even before your project sees the world.

Our experts use both automatic and manual verification methods. This allows you to find unsafe or obsolete features, hidden logic bombs and traps, backdoors, undocumented features, bad techniques in coding, 10 OWASP vulnerabilities, etc. (+ взять таблицу с доступными языками со старого сайта)

Get an exceptional level of security with our automatic and manual analysis of the source code of your applications, services, and software components!

You will never achieve this level of assurance through penetration testing, purely automated code validation, or any other security measure. This service can be provided as a stand-alone project, in conjunction with white-box penetration testing, or as part of Application Security or Security Assessment services.

The objective of this analysis is the source code security assessment of your systems or applications: checking the integrity and consistency of your code, secure coding principles, finding unsafe or deprecated functions, hidden logical bombs and traps, backdoors, undocumented features, non-optimal coding practices, and OWASP top 10 vulnerabilities:

- A1: 2017 – Injection

- A2: 2017 – Broken Authentication

- A3: 2017 – Sensitive Data Exposure

- A4: 2017 – XML External Entities (XXE)

- A5: 2017 – Broken Access Control

- A6: 2017 – Security Misconfiguration

- A7: 2017 – Cross-Site Scripting (XSS)

- A8: 2017 – Insecure Deserialization

- A9: 2017 – Using Components with Known Vulnerabilities

- A10: 2017 – Insufficient Logging&Monitoring

To achieve the objectives, auditors use two methods:

- SAST (Static Application Security Testing), which allows the auditor to analyze source code for known vulnerabilities using automated tools.

- Manual source code review and analysis, to reveal unsafe and non-optimal coding practices, hidden logical bombs and traps, backdoors, and undocumented features.

We support the following Languages:

- .Net/ASP.Net

- Java EE (JBoss, Tomcat и т. д.)

- Java/Kotlin Android

- Objective-C/Swift iOS/MacOS

- PHP

- Javascript

- Python

- C/C++/Assembler

- Solidity

- Golang

- Lua

Audit of smart contracts

We review and verify project specifications and the source code of smart contracts to assess their overall security, with a focus on weaknesses and potential vulnerabilities. We complement our findings with solutions that mitigate the risk of future attacks or loopholes.

Learn more about the problems that we solve, the methods and tools we use, and the deliverables we provide.

Problems of smart contracts

- Inconsistency between specification and implementation

- Flawed design, logic, or access control

- Arithmetic overflow operations (integer overflow and underflow)

- Reentrancy attacks, code injection attacks, and Denial of Service attacks

- Exceeded limits on bytecode and gas usage

- Miner attacks on timestamp and ordering, transaction-ordering dependence (TOD)

- Race conditions, other known attacks, and access control violations

Methods and tools

Our audits of smart contracts comply with the following requirements: 1.

The goal of the smart-contract audit is a meticulous code analysis to find security flaws and vulnerabilities. 2.

The security audit is performed using a combination of manual and automated tools and techniques to identify vulnerabilities within the target environment and to model their exploitation. 3.

The smart contract audit includes the following stages:

- An overall analysis of the code and application

- Documentation review

- Brief code overview: quick analysis of the smart contract functionality, main .sol classes, etc.; analysis of cryptography, third-party modules, and library structure

- Detailed analysis of the application, each of its actions, all requests, input fields, and nested modules

- Bug scanning: scanning the application on appropriate binary and source levels to identify potential deviations from coding guidelines and security practices

- Scanner results verification: in this phase, the team reviews the scan results to identify which of them are false positives and which of them can affect the application’s security 4.

The tests are conducted by a team of specialists with more than 17 years of experience in different IT security domains; CISSP, OSCP, CISA, and CEH certification holders. 5.

In general, the code review follows the best practices: Solidity Style Guide and Ethereum Smart Contract Security Best Practices.

The tools we use: Slither, securify, Mythril, Sūrya, Solgraph, Truffle, Geth, Ganache, Mist, Metamask, solhint, mythx, etc.

We are passionate about what we do because we believe that we make this world safer and give people reassurance and confidence

Configuration audit and cloud security assessment

The purpose of a configuration audit is to make sure that your system, cloud, or product fully meets modern security requirements.

During the audit, we analyze AWS accounts, network configurations, data encryption, security incident response, and more. We use top-ranked sources such as CIS AWS Foundations, security policies based on HIPAA, the FedRAMP, etc.

AWS Audit Plan

- Identifying assets in AWS.

- AWS account analysis.

- Governance audit. Understand what AWS services and resources are in use and ensure that the Customer’s security or risk management program has taken into account the use of the public cloud environment.

- Network configuration management audit. Verifying missing or inappropriately configured security controls related to external access/network security that could result in a security exposure.

- Asset configuration and management audit. The management of the Customer’s operating systems and security applications is verified to protect the security, stability, and integrity of the assets.

- Logical access control audit. Focuses on identifying how users and permissions are set up for the services in AWS, ensuring that the Customer securely manages the credentials associated with all AWS accounts.

- Data encryption audit. Understand where the data resides, and validate the methods that are used to protect the data at rest and in transit (also referred to as “data in flight”).

- Security logging and monitoring audit. Validating if audit logging is performed on the guest OS and critical applications installed on Amazon EC2 instances and that the implementation is in alignment with your policies and procedures, especially as it relates to the storage, protection, and analysis of the logs.

- Security incident response audit. Incident management controls are checked for operational effectiveness.

- Disaster recovery audit. Disaster recovery controls are checked for operational effectiveness.

Incident Investigation

Incident investigation helps you find out who, how, and why entered your system.

We provide detailed forensic examination and analysis of computers, hard drives, mobile devices, and digital media. We know how to investigate difficult cases and employ cutting-edge techniques such as analysis of Random-Access Memory (RAM), registry, shadow volumes, timeline analysis, and other methods.

Over the last few years, we have witnessed an increase in computer crimes. Criminals are becoming more aware of digital forensic and investigation capabilities, therefore use more sophisticated methods to commit their crimes without leaving the usual evidence. To identify, respond, examine, analyze, and report computer security incidents, computer forensics, and digital investigation methods are constantly evolving.

Our skills include but are not limited to:

- Acquiring Data and Evidence

- Live Incident Response and Volatile Evidence Collection

- Advanced Forensic Evidence Acquisition and Imaging

- File System Timeline Analysis

- Advanced File & Registry Analysis including Unallocated Metadata and File Content Types

- Discovering Malware on a Host

- Recovering Files

- Application Footprinting and Software Forensics

- Data Preservation

- System Media and Artifact Analysis

- Database Forensics

- Mobile Forensics.

Our capabilities and responsibilities

During the computer security incident response and investigation, we perform the following actions: 1.

Conducting technical analysis of large amounts of structured and unstructured data, including user activity data and alerts, to uncover anomalies. 2.

Discerning obscure patterns and attributes to produce investigative leads, identify indicators of compromise, and uncover loss events. 3.

Leading highly sensitive, complex, and confidential threat investigations into technology misuse, incidents of data loss and intellectual property theft, conflict of interest, counterintelligence concerns, and security policy violations. 4.

Reviewing data in support of security inquiries and loss prevention efforts, and compiling results of analyses into a variety of finished intelligence products to support stakeholders’ decision-making, and assist in creating detection and mitigation strategies. 5.

Providing timely notice of imminent or hostile intentions or activities that may impact the objectives of your organization, resources, or capabilities. 6.

Creating new tools, tactics, and procedures (TTPs) for identifying insiders, including proactive identification of new collection methodologies and briefing security team members on emerging threats to support the continued improvement of the customer’s Threat Management Program. 7.

Building threat models to quantify the security risks against known adversarial and malicious behaviors and campaigns. 8.

Completing risk assessments, communication campaigns, post-incident follow-ups, and any special analytical projects according to the customer’s objectives. 9.

Collecting and preserving evidence admissible in court.

SCADA and ОТ audit

SCADA and OT audit will help you assess the security of your industrial infrastructure.

We provide Industrial IT/OT Security audit, implementation, and training services together with our partners AT Engineering (ATE). This is a team of software, electrical and industrial process engineers who specialize in the field of industrial automation. The experience in industrial automation and software of ATE’s staff begins in 1995, and they have completed more than 150 projects. Since 2005, they have completed more than 100 projects with an average capacity of 500 man-hours each.

Listed below are the levels and assets of industrial systems that we analyze during audits. The layer and asset structure is per ISA/IEC 62443, which is not significantly different from the Purdue model. These classifications are used in the design and implementation of industrial IT/OT information security systems, as well as in assessing the current level of security.

Level 0 – Physical process

sensors

actuators

motors

network devices

other physical-level assets

Level 1 – Basic control

soft starter drives

VFD drives

PID regulators

PLC and RTU

other basic control assets

Layer 2 – Supervisory control

HMI touch panels

HMI PC and SCADA-computers

engineering workstations

other supervisory control assets

Level 3 – Site operations

DB servers

file servers

application servers (web, report, etc.)

domain controllers

HMI servers

industrial DMZ proxy servers

industrial DMZ DB replication servers

industrial DMZ remote gateways

industrial DMZ patch management

other site operations assets

Level 4 – Enterprise systems (business planning and logistics)

database servers

application servers

file servers

email clients

supervisor desktops

other site business and logistics assets

other enterprise network assets

Red Team, Blue Team, Purple Team

It is not enough today to simply build up a wall using information security solutions. Even the most sophisticated and modern security system will be useless if your employees cannot detect a cyberattack. There is a solution — training. For example, you can organize an unexpected covert attack on your own company.

What is Red Team, Blue Team, Purple Team and why does your organization need it?

The Red Team’s main task is to conduct the deepest analysis of your organization’s security systems. Red Teaming allows you to understand how prepared your security department is for real threats. Unlike pentesting, this service implies a deep assessment of possible attack vectors at all levels, from social engineering and a web application to physical access into your server room.

The Blue Team’s main task is to protect the organization’s infrastructure and assets: the defense team is not warned about an attack. This is one of the best ways to test both the defense systems and the ability of security specialists to identify and block attacks, and subsequently investigate incidents. After the exercise is completed, it is necessary to compare the applied attack vectors with the recorded incidents in order to improve the infrastructure protection system and controls.

So who are the Purple Team? They combine the skills of Red and Blue Teams. Both teams work together to provide an ultimate audit. The Red Team provides detailed reports of all the performed operations, and the Blue Team documents all corrective actions that were taken to resolve the problems found during testing.

Carrying out such cyber exercises allows you to close several tasks at once:

- – tests the readiness of information security employees for real threats, checks their ability to detect potentially dangerous activity behind familiar processes;

- – evaluates the efficiency of your information security solutions;

- – provides reports and recommendations on how to improve information security maintenance after the exercise is completed.

Find out more about these services by contacting us today.




Security implementation

Server hardening

Strengthen your IT infrastructure by reducing possible attack paths! When using any complex system, some functionality is inevitably left unused or incorrectly configured, which can become a breach in the protection of your virtual fortress. Removing and correctly configuring this functionality will allow you to close the hidden pathways before the enemy uses them.

Strengthening systems and networks, also called hardening, often becomes one of the first steps towards improving the cybersecurity of an organization, and mainly consists of disabling some of the functions, limiting their capabilities, modernizing and improving components, etc. This significantly limits the capabilities of attackers, since it reduces the attack surface, i.e. the number of potentially vulnerable spots.

Server administrators often have a blurry view of their systems. Therefore, the key role in strengthening systems is played by the “view from the outside”, which is easiest to get with our help. 1.

Best Practices. As MSPs, we have a lot of experience and are constantly learning new things, so our recommendations are up to date. We are guided by CIS Benchmarks, NIST 800-53, and other standards. 2.

Wide coverage.Our experience and qualifications allow us to successfully protect almost any system and technology, from Windows NT/95 to the most modern cloud solutions, DevOps and CI/CD technologies. 3.

With stability in mind. We analyze the potential impact of each recommendation to ensure the continuity of your business processes. We help with testing and secure implementation of changes. 4.

Independent assessment. The absence of a conflict of interest allows us to speak directly about the problems we have found and look for ways to solve them. Such efficiency and completeness of coverage is often unattainable when customers perform the hardening with their own resources, since their system administrators are overwhelmed with the routine that they consider more important.

Our services will allow you to take an objective look at your IT landscape and identify the changes that will have a lasting effect, reducing the work of monitoring security events, responding to incidents and mitigating the consequences of attacks.

DoS/DDoS protection

What are DoS and DDoS attacks … And why is it necessary to configure effective protection against DDoS attacks on the server

DoS-attack (“denial of service”) is a violation of the system availability requirement, which leads to business downtime, reputational and financial losses.

A distributed denial of service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a target server, service, or network by overloading the target or its surrounding infrastructure with a stream of Internet traffic.

DDoS attacks are effective because they use multiple compromised computer systems as sources of attack traffic. The employed machines can include computers and other network resources such as IoT devices.

A DDoS attack is like an unexpected traffic jam clogging up a motorway, preventing regular vehicles from arriving at their destination. In general terms, DoS and DDoS attacks can be divided into three categories:

Bulk attacks

Includes UDP floods, ICMP floods, and other spoofed packet flows.

The goal of the attack is to fill the bandwidth of the attacked site, and the value is measured in bits per second (bps).

Protocol Layer Attack

Includes SYN flood, fragmented packet attacks, Ping of Death, Smurf DDoS and others. This type of attack consumes actual server resources or the resources of intermediate communication equipment such as firewalls and load balancers, and is measured in packets per second (Pps).

Application Layer Attacks

Includes small and slow attacks, GET / POST floods, attacks targeting the web server, Windows or OpenBSD vulnerabilities, and more. Consists of seemingly legitimate and innocent requests, the purpose of these attacks is to crash the web server, and the value is measured in requests per second (Rps).

Thus, DoS/DDoS protection will help keep your systems available and minimize the impact of such attacks.

We offer a comprehensive approach at each level of DoS/DDoS protection: 1.

Basic level – Install and debug Cloudflare to hide real IP addresses for the Internet. 2.

Application level – analysis of problematic requests. We check the application source code and profiling results, we find bottlenecks that, for example, are not automatically scaled by means of the Kubernetes cluster. 3.

We conduct testing. Our team of specialists conducts an attack simulation to test the solution and make sure that your application is ready for a real DoS/DDoS attack

Implementation of cloud security

The security implementation for cloud systems and services by H-X Technologies effectively complements the security mechanisms of cloud providers by applying modern regulatory standards, policies, technologies and tools.

We can help you ensure that your cloud resources and storage are in compliance with corporate and data protection regulations, as well as with international regulations such as GDPR, HIPAA, ISO and others.

H-X professionals:

- Will audit your cloud solution and analyze any found deficiencies

- Perform a security risk analysis

- Prepare a list of recommendations and a plan for their implementation

- Implement cloud security implementation

- Verify its effectiveness

Our services include:

- Cloud security assessment

- Audit of AWS, Azure or Google Cloud infrastructure

- Cloud security hardening

- Cloud migration and optimization

Telecommunication security

Our experience in telecommunications security

- More than 80 projects on security assessment and penetration testing of IP networks.

- Permanent work in the information security department of one of the leading telecom operators in Ukraine.

- Testing various kinds of mobile VoIP clients.

- Testing of corporate IP-PBX phone systems.

- Penetration tests of IMS operators, including 4G, with signaling via SIM over IPv6 and with traditional GSM/SS7 signaling.

- Continuous cooperation with the cyber police of Ukraine, GosSpetsSvyaz and other government agencies.

- Telecommunications protection services.

Services for protecting telecommunications from TDoS attacks

Analysis and testing of telecommunications security 1.

The IP interface of PBX tested in the gray-box mode. Simulation of various attacks on VoIP. 2.

Analysis of the configuration in the white-box mode. The report includes recommendations for addressing security vulnerabilities and configuration flaws.

Implementation of call filtering and voice menu

Development and implementation of a system for recognizing suspicious incoming calls based on Machine Learning. Building an interactive voice response (IVR) where suspicious calls will be automatically redirected.

Implementation of a fault-tolerant telecom platform

Development of a fault-tolerant platform with the use of several trunks to different operators. Consultations on how to make arrangements with operators so that they would filter calls and put them in a blocklist from their side too.

Security of industrial IT and OT

We provide assessment recommendations and security audits for SCADA and other industrial systems as separate projects. We provide seamless refactoring, design and safely implement physical and logical security controls into production environments.

Industrial IT and OT security services

Industrial IT/OT infrastructure and SCADA security audit

We identify security threats and vulnerabilities. We evaluate physical and logical security, access control, passwords, source codes, encryption, video surveillance, intrusion protection systems, etc. Manual analysis of SCADA systems. We develop recommendations for improving security.

Implementation and improvement of the industrial IT/OT systems’ security

We provide assessment recommendations and security audits for SCADA and other industrial systems as separate projects. We provide seamless refactoring, design and safely implement physical and logical security controls into production environments. Complete reporting on implementation.

Disaster Recovery and Business Continuity Management

We implement comprehensive continuity programs including quality assurance systems, backup and recovery measures, training, testing, advanced change management, incident monitoring and incident response.

Standards, frameworks and methodologies:

- ISO/IEC 27001, VDA ISA, ENX TISAX®

- ISA99, ISA / IEC 62443

- North American Electric Reliability Corporation (NERC) Reliability and Security Guidelines

- NIST SP 800-82 Guide to Industrial Control Systems (ICS) Security, NIST Framework for Improving Critical Infrastructure Cybersecurity

- DHS guidelines for critical infrastructure protection and the Critical Infrastructure Protection framework

Vendors and special tools:

- we work with Siemens PLCs using Step7 and TIA Portal,

- with Schneider Electric equipment – using Concept, UnityPro, and SoMachine,

- with Mitsubishi using GX Works,

- with Omron using CXOne,

- with Carel using 1tool,

- with Wago using CoDeSys.





Application security

Product security

To deliver this service, we perform interviews, consultations and analysis to obtain:

- Identification and clarification of security requirements;

- Threat modeling and risk analysis;

- Development of security architecture of the IT system or solution;

- Implementation of secure coding, static and dynamic security testing of applications;

- Automated and manual security review of the source code;

- Definition of security controls for all stages of software life cycle;

- Assurance that the systems are built, distributed, deployed, used and disposed of securely.

At each phase, its own set of deliverables (documents and other artifacts) is produced.

Security DevOps Services If you require the highest quality and security for your software releases and operations at the maintenance stage, you should use our Security DevOps (also referred to as DevSecOps) services, which are much more secure than occasional penetration tests and which can be ordered as a monthly subscription:

Quality and Security Gate. This is a simplified express service especially suitable for multiple products. The security checks can be done for monthly product releases, for instance. To estimate the man-hours for this service, we need you to provide the information about the technologies you use, the number of lines of source code, etc.

Extended Product Security DevOps (cyber security experts as your team members). This service is intended for deep, comprehensive security testing and monitoring of your products. Especially if they are updated often. We can manage even daily updates. To estimate the man-hours for this service, we need you to provide the information about the technologies you use, the number of lines of source code, number of weekly or monthly changes, etc.

Express Security Operations Center (SOC). This service includes the implementation and/or maintenance of information security event monitoring and incident response processes and controls. We integrate security vulnerability and source code scanners into your infrastructure, configure the round-the-clock scanning and security incident response procedures. On demand, we configure a Security Information and Event Management (SIEM) system for your environment. We have a positive experience of relatively quick implementation of and effective results from the customized solutions based on Syslog-ng, Graylog, Wazuh, OSSEC, ElasticSearch, Logstash and Kibana. To estimate the man-hours for this service, we need the details about the infrastructure of your solution, services, API and support team. See also our service of Website Protection, Monitoring and Incident Response.

To guarantee the best results, H-X strictly adheres to international standards, regulations and best practices (e.g. ISO 27034, ISO 15408, NIST 800-64, ISF SoGP, OWASP, Microsoft Security Development Lifecycle, Payment Application Data Security Standards, and others).

Secure software development training

We help you to establish a structured system development methodology. It applies to all types of business applications and related technical infrastructure. This methodology is supported by specialised, segregated development environments and involves a quality assurance process:

- System Development Methodology. Development activities should be conducted adhering to a documented system development methodology to ensure that systems (including those under development) meet business and information security requirements.

- System Development Environments. System development activities should be performed in specialised development environments, which are isolated from the live and testing environments, and protected against unauthorised access to provide a secure development process, and avoid any disruption to business activity.

- Quality Assurance. Quality assurance of key security activities should be performed at each stage of the system development lifecycle to assure that security requirements are defined adequately, agreed security controls are developed, and security requirements are met.

We help you to develop business applications in accordance with an approved system development lifecycle. It includes applying industry best practices such as ISO, NIST, ISF SoGP, OWASP (ASVS, SAMM, etc.), CIS, vendors’ methodologies (Microsoft, Apple, Oracle and so on), etc. and incorporating information security during each stage of the system lifecycle:

- Specifications of Requirements;

- System Design;

- Software Acquisition;

- System Build;

- System Testing;

- Security Testing;

- System Promotion;

- Installation Process;

- Post-implementation Review;

- System Decommission

IT services

Smart contract development

A smart contract is a computer program that ensures and monitors the fulfillment of obligations. The interested parties specify the transaction terms and the sanctions for their non-fulfillment, and then applyput their digital signatures. A smart contract independently determines if all the conditions are met, and if all the requirements have been fulfilled, and makes a decision: to complete the transaction and issue the required assets (money, real estate, stocks), or to impose penalties on the participants, and close access to assets.

The elements of smart contracts are:

Parties of the transaction who have digital signatures and accept or refuse the fact that the service or product complies with the previously set requirements

Subject of the contract – services or product that will be provided in exchange for money

Conditions under which the exchange of goods will be automatically made, for example, when compliance ofthe supplied product satisfy the quality standards.

Decentralized platform in which the program code of the smart contract itself is specified.

The use of the concept

Storage of medical data

Operations with securities

International and global settlements

Personal identificatio

Financial statements

Loan payments processing

Accounting and transfer of material rights

Drafting and transfer of bequests

Checking for compliance of the supplied goods with established standards

Transfer of other valuable digital assets

We offer our clients such services as:

Architecture Design of the architecture for your newly developed or existing software solutions using blockchain platforms and smart contracts Bitcoin, Side Chains, NXT, Ethereum smart contracts.

Development Development of stereotyped and unconventional smart contracts of any complexity, for a variety of projects for your area of business, using the most popular programming languages - Solidity, Vyper and Serpent, LLL, Mutan. Integration of smart contracts into existing solutions.

Audit Audit of smart contracts using manual and automated tools to find errors and potential vulnerabilities in the security of smart contracts.

Contact us and get advice on how to start using smart contracts in your business.

Virtualization

Reliability of the IT infrastructure is one of the main requirements of up-to-date business activities in the era of globalization. Enterprise virtualization is a set of measures and steps to virtualize the IT infrastructure: servers, user workstations, computer applications, and data transmission networks, that is, all available information resources. Virtualization provides tangible advantages and benefits for small, medium, and corporate businesses in this sphere.

Business Benefits

Virtualization

Allows to reduce purchase costs and upgrade of servers and workstations to 60-80%.

No capital costs

You don’t need to worry about purchasing and replacement of equipment and components, these costs are borne by the cloud provider services.

Improved security

Protecting critical company data in a world-class cloud environment, such as Amazon AWS, Microsoft Azure or Google Cloud, and use security tools such as encryption and unified entrance.

Flexible scalability

Only pay for what you need when you need it: easily scale your business without the need to rebuild or update technological infrastructure.

Business continuity

Setting upof all systems in the cloud provides ease of management, easy backup and data recovery if necessary.

Simplified support

FewerLess technical specialists are required for system maintenance.

Audit of the existing IT landscape and planning

We will estimate current Infrastructure capabilities and define the weaknesses.We suggest enhancement solutions and plan the migration work.

Testing and launching

We will check the designed solution selectively before moving into test operation. We will take into account all the nuances in advance so that the migration it would go smoothly.

Transferring applications and the start of operation

We will consistently transfer the necessary services to the cloud, minimizing inaccessibility time of information systems.

Infrastructure maintenance and staff training We will inspect your infrastructure and monitor its work. We will conduct training for your employees in a convenient format.

Software development

OUR SOFTWARE ENGINEERING TEAM

We have a strong software engineering team of 10 specialists. The team performs non-security-related software development projects, as well as non-trivial security assessment and security development tasks for our customers. Learn about our software engineering competencies and case studies.

WHY ARE WE STRONG? Because we:

— have broad and deep experience

— are very motivated and passionate

— have completed complicated and sophisticated projects within tight deadlines

— know how to develop software securely and how to make your solutions secure

— are flexible in terms of business requirements, project management, and performance

OUR KEY SOFTWARE ENGINEERING COMPETENCIES:

Programming languages: PHP, JS, Python, Golang, Lua, Solidity, C/C++ Blockchain: Bitcoin Core, Trezor, Mist / Ethereum wallet, Metamask, MyEtherWallet, Gnosis, Solidity, TruffleJs

Payment gateways: Stripe, Paypal, Webmoney, YandexMoney, PerfectMoney, Payeer, LiqPay, Privat24, Bitpay, Bitaps, etc.

Containers: Docker stack (Compose, Swarm, Machine, Registry), GCE Kubernetes, AWS ECS, Terraform, Vault

Virtualization: Virtualbox, VMwareVmWare. Xen, Vagrant, Packer

OS: Ubuntu / Debian, RHEL / CentOS, FreeBSD, CoreOS, MacOS, Windows, Android, IOS

Frameworks and technologies: NodeJS, Socket.IO, WebRTC, PhantomJS, YF framework, Yii, Laravel, Symfony components

Frontend: Angular 2, AngularJS, ReactJS, JQuery, Less/Sass, Grunt/Gulp/Webpack, Bootstrap 3/4, etc.

Mobile development (hybrid): Cordova, Ionic framework 1-4, NativeScript, ReactNative

Desktop development (hybrid): Electron, NWJS, ReactNative

Automated testing: Phpunit, Codeception, Phantomjs/Casperjs, Selenium

SCM: GIT (github, bitbucket, gitlab)

RDBMS: MySQL / MariaDB / Percona, PostgreSQL, Oracle

NoSQL: Redis, CouchBase, MongoDB, Cassandra, GCloud Datastorage

Queues: RabbitMQ, Kafka, Redis, Beanstackd, AWS SQS

Web servers / proxy: nginx / ngx_lua / openresty, haproxy, varnish, squid

Mail: Postfix, AWS SES, Mailchimp, Sendgrid, Mandrill, Mailgun, Sendinblue

Cloud services: GCloud, AWS, DigitalOcean, Heroku, Cloudflare, etc.

Dedicated servers hosting: OVH, RackSpace, Heitzner, etc.

Automation / CI / CD: Jenkins, GitlabCI, TravisCI, CircleCI, Ansible, Bash scripting

Monitoring: Zabbix, Grafana, ELK, Cacti, Nagios, Munin, PM2

Backup software: BorgBackup, Rsync/Rsnapshot, Xtrabackup, Bacula

Project tracking and collaboration: Trello, RedMine, Jira, Worksection, Mediawiki, Slack, Telegram, etc.

3rdparty services: Firebase, Getresponse, Twilio, Onesignal, Zendesk, Kayako, etc.

Other experience: high-load website and platform optimizations, scalable architectures, anti-DDoS techniques and negotiation, infrastructure cost optimizations, hybrid cloud solutions

DevOps

The practice of bringing together software development and IT operations teams, known as DevOps, has become a benchmark for many organizations. It allows you to respond more quickly to market changes by reducing the time required to release an updated product while maintaining its quality. Compared to the traditional approach, DevOps has fewer issues related to deploying and testing applications, as well as their compatibility with the platform. With our help, you can become one of those who are already enjoying the benefits of DevOps.

More free time. Working closely together will help you achieve a better understanding and avoid the problems of mismatching expectations. When you don’t need to figure out application dependencies or platform specificities, you can put more effort into what really matters.

The freedom to change. By making it easier to deploy and release updates, you can experiment more. Make incremental improvements and collect feedback to better serve your customers.

Safety. The combined efforts of the teams will reduce the number of vulnerabilities in the final product, and the fast-track release of updates will allow you to make fixes before the damage occurred. Implement the DevSecOps principle to integrate security throughout the entire software lifecycle to address threats in the most effective way.

If you require the highest quality and security for your software releases and operations at the maintenance stage, you should use our Security DevOps (also referred to as DevSecOps) services, which are much more secure than occasional penetration tests and which can be ordered as a monthly subscription:

Quality and Security Gate. This is a simplified express service especially suitable for multiple products. The security checks can be done for monthly product releases, for instance. To estimate the man-hours for this service, we need you to provide the information about the technologies you use, the number of lines of source code, etc.

Extended Product Security DevOps (cyber security experts as your team members). This service is intended for deep, comprehensive security testing and monitoring of your products. Especially if they are updated often. We can manage even daily updates. To estimate the man-hours for this service, we need you to provide the information about the technologies you use, the number of lines of source code, the number of weekly or monthly changes, etc.

Express Security Operations Center (SOC). This service includes the implementation and/or maintenance of information security event monitoring and incident response processes and controls. We integrate security vulnerability and source code scanners into your infrastructure, configure the round-the-clock scanning and security incident response procedures. On demand, we configure a Security Information and Event Management (SIEM) system for your environment. We have a positive experience of relatively quick implementation of and effective results from the customized solutions based on Syslog-ng, Graylog, Wazuh, OSSEC, ElasticSearch, Logstash and Kibana. To estimate the man-hours for this service, we need the details about the infrastructure of your solution, services, API, and support team. See also our service of Website Protection, Monitoring, and Incident Response.

To guarantee the best results, H-X strictly adheres to international standards, regulations and best practices (e.g. ISO 27034, ISO 15408, NIST 800-64, ISF SoGP, OWASP, Microsoft Security Development Lifecycle, Payment Application Data Security Standards, and others).


SOC as a Service

There are many moving elements when it comes to keeping a business secure. H-X puts all of the parts together so you don’t have to. Buying external services is an effective and efficient alternative to running your own SOC.



We base our SOC as a Service on Skout/FortiSIEM platform. It is a managed solution that collects, aggregates, and normalizes log data from hundreds of sources for AI-enabled analysis using an analytics platform, threat intelligence, SIEM, and 24/7 365 Security Operations Center. Identify threat like behavior in your systems such as impossible logins, coordinated attacks, multi-factor bypass, and rogue agents.

“Three pillars” of our SOC

• Technology: log management, security event, and incident management, event sources, security orchestration automation & response, user behavior analytics and machine learning, threat hunting, etc.

• Processes: technological, business, analytical, operational, communications, etc.

• People: IT and security engineers, security analytics, incident response team, etc.



Technology capabilities

• Log management platforms

• User behavior & Entity analysis

• Machine learning

• Orchestration & Response

• Digital Forensics

• Distributed cloud platform with high availability architecture, etc.

Our capabilities include monitoring the most popular server platforms, network technologies, applications, databases, virtualization platforms, storage, backups, cloud platforms, etc.

SOC levels

1. Tier 1 (Level 1) – Alert Analysts continuously monitor the alert queues; triage security alerts; monitor the health of security sensors and endpoints; collect data and context necessary to initiate Tier 2 work.

2. Tier 2 (Level 2) – Incident Responders perform deep-dive incident analysis by correlating data from various sources; determine if a critical system or data set has been impacted; advice on remediation; provide support for new analytic methods for detecting threats.

3. Tier 3 (Level 3) – Subject Matter Experts and Threat Hunters possess in-depth knowledge of network, endpoint, threat intelligence, forensics, and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure; act as an incident “hunter”, not waiting for incidents to occur; closely involved in developing, tuning and implementing threat detection analytics.



We will design the most suitable defense apparatus to fit your specific risk profile.

Base SOC service

• Monitoring, detection, and analysis of potential intrusions in real-time and through historical trending on security-relevant data sources.

• Response to confirmed incidents, by notifications about security incidents (escalations) with information about the attacks, threats, vulnerabilities, affected systems, and recommendations on how to mitigate the incidents and vulnerabilities.

• Participation in resource coordination, and taking of timely and appropriate countermeasures for incident response.

• Tier 1 (alert analysts), Tier 2 (incident responders), and Tier 3 (subject matter experts and threat hunters).

• Technologies: FortiSIEM, Kubernetes, Graylog, Elasticsearch, Logstash, Kibana, syslog-ng, Ansible, Splunk, etc.

Get our help to implement your own SIEM or SOC.

Learn more about our business cases and fill in the form below to order SOC as a service or to get a consultation.




Implementation of your SIEM and SOC

“The average time to identify a breach is 206 days. The average lifecycle of a breach is 314 days from the breach to containment” (based on IBM global reporting)

Threats are increasing, that’s why SOC matters. A Security Operations Center, or “SOC”, is a company’s cybersecurity nerve center. It is the company’s defense command post for the control of cybersecurity risk. SOC can be a physical setting on-premises or off-premises. It can be in-house, co-managed, or fully outsourced. Also, a SOC can effectively work in the clouds. But no matter how the SOC is configured, its basic functions are the same: to wit, monitor, detect and respond to security issues and incidents in real-time.

The mission of a SOC is comprehensive continuous management of cybersecurity risks, vulnerabilities, threats, and incidents, including Advanced Persistent Threat (APT) and covert ongoing cyber incidents. The mission statement includes the following five proactive and reactive practical goals:

1. Prevention of cybersecurity incidents.

2. Monitoring, detection, and analysis of potential intrusions in real-time and through historical trending on security-relevant data sources.

3. Response to confirmed incidents, by coordinating resources and using timely and appropriate countermeasures.

4. Situational awareness and reporting on cybersecurity status, incidents, and trends in criminal behavior, provided for appropriate organizations (customer, authorities).

5. Engineering and operating Computer Network Defense.

SIEM and SOC audit

Our team of professionals has experience working with deployments of different sizes and complexity across a variety of use cases. We can help you to improve any SIEM scenario or instance, including Security, Fraud, Compliance, IT Operations, IoT/IIoT, Industrial Data, Utilities, Business Analytics, DevOps, and others.

We will consult you on the most optimized solutions needed for your SOC. We audit, select, plan, implement, and configure SIEM for your setup, maintain your SIEM, build new correlation rules for your deployment.

Options:

• Maturity model assessment and plan

• SIEM design

• SIEM tuning and log acquisition

• Runbooks, training methodology, catalogs, and use cases

• KPI development and analytical models

• Comprehensive product evaluations

• Automation script development

• Data lake, analytics, and machine learning

• Treat intelligence fusion

SOC implementation delivery workflow

Confidentiality. We sign a Non-Disclosure Agreement and commit to confidentiality.

Engagement. You answer our questions about the conditions and environment to help us better define your requirements and expectations. Where is your IT infrastructure? Onsite, at a data center, on a cloud, or is it a combination of them? Where would you like to have the SOC teams placed? Are they your staff, ours, or a combination? What SOC Service Level Agreement (SLA) is the most suitable for your needs? Where would you like to place the main SIEM systems: in your office, in the cloud, or at our data center? And some other questions. Once we receive your answers, we assign the implementation project team, setup communications, and get initial access and permissions.

Discovery. We make the asset discovery for you. We define all your objects to be monitored and prepare an asset inventory. Then we outline the event entries, incident response and support procedures. Next, we estimate the monitoring capacity in Events Per Second (EPS). After that, we analyze all inputs and develop a Statement of Works and a Project Plan.

Deal. We send you a detailed Commercial Offer including a high-level implementation project plan. These documents define all detailed conditions and parameters of the implementation project and maintenance delivery. After you accept our offer and approve the documents, we will sign a Service Agreement.

Implementation. We deploy the SIEM system, connect your assets, develop and implement rules and procedures, train your personnel, and develop an Implementation Report.

Support. If this option is chosen, we start the security operations including, but not limited to, monitoring the security events inside and outside your IT infrastructure, responding to the security incidents and consulting your staff. Depending on the agreed SLA, you get 24/7 or 8/5 availability of our Tier 1 SOC team and guaranteed availability of Tier 2 and Tier 3 teams. See also SOC as a Service.

Why we are special

Our features and unique selling points are:

1. Our SOC assessment, implementation, and optimization is based on modern scientific research in the field of cybersecurity threat management.

2. Wide experience with the solutions of multiple vendors.

3. Experience of SOC/SIEM optimization and scaling.

4. High flexibility and competence working with SIEM components.

5. Combination of the defensive and offensive security methods, and combination of the DevOps and security engineering functions.

Therefore, we:

• make an asset inventory, assess and optimize the event logging and estimate event capacity and your regular expenses even before signing the contracts;

• audit any legacy or existing SOC capabilities, effectively find gaps, refactor code and optimize methods and processes;

• design and implement distributed, scalable, and fault-tolerant SIEM architectures;

• analyze assets deeply before connecting them to the SIEM: configure required controls, logging levels, and risks assessments, flexibly define appropriate ways of collecting logs (with or without an agent);

• develop custom parsing rules for non-standard or in-house developed applications;

• simulate real attacks and vulnerability exploitations to model deep analysis of logs and to minimize false positive alerts after implementation;

• make modern vulnerability scanners;

• provide public reputation and security tracking services for you continuously;

• deploy automatic incident handling tools;

• implement not only monitoring SOC but also operational SOC or control SOC, to respond to your business needs better.

Thus, we have a comprehensive set of SOC technologies, processes, and staff to satisfy the business needs of small and medium companies, and enterprises.

Read also about our SOC as a Service, which does not require your capital investments, unlike SOC implementation.

Contact us today to order a SIEM or SOC implementation or to get a consultation.




Our certificates:

(ISC)2
CISSP
Offensive Security
OSCP
ISACA
CISA
CISM
Microsoft
PECB
LPTP
Qualys
PECB
LPTP
BSI
LPTP
BSI