MDR (Managed Detection and Response)
We provide our customers with the best response to a variety of threats, including real time analysis
MSSP (Managed Security Service Provider)
We manage through our SIEM, or that of our clients, the Incident Response chain, from log management to detection rules, to the event correlation
Through our team of experts, we are able to create and manage virtual polygons where you can carry out training and simulations of attacks, allowing our customers, already in possession of a SOC, to be able to train their internal staff to new types of attacks and threats
We manage protection and monitoring on OT IoT devices
The SOC of Atlantica Cybernext is based on ETSI standards, harmonised ICT security and Incident Management standards and internationally recognised ISO certifications.
The solution represents, in terms of architecture, platforms, products, performance, configuration, functionality and technological choices, the best the market can offer today.
Everything is compatible in terms of import automatisms, automatic incident reporting, in relation to detection rules, automatic versioning of detection rules, automatic ticket opening based on certain triggers, incident reporting by extrapolating data from the platform, etc.
ADD ON SERVICES
The Early Warning service has as its first objective in the timely identification of the main IT threats, relating to customer cases, which could have a significant impact on the IT infrastructure and on the business.
The purpose of the Early Warning service is to quickly acquire adequate countermeasures to combat threats.
Early Warning activities – the sending of periodic official communications (security bulletins) to promptly alert the contacts appointed by the Customer on information relating to vulnerabilities (malicious software, targeted phishing campaigns (spear phishing).
Vunerability Assessment/Penetration Test
The SOC provides Vulnerability Assessment and Penetration Test services, both in synergy with threat monitoring activities, and in stand-alone mode.
These activities can be carried out manually or through the use of automated tools that allow you to plan periodic tests over time.
The Penetration Test activities, which differ in terms of methods and techniques from those of Vulnerability Assessment, are aimed at attempting to exploit known, or unknown, vulnerabilities in a network in practice.
The Threat Intelligence service is aimed at collecting, sharing and identifying information relating to threats, strategies and actors behind the threats themselves.
The intelligence team is responsible for researching, through public and non-public information, any activities of actors or groups (Advanced Persistent Threat) that have specific organizations as their main target.
The Info Leak and Data Breach Detection service includes different types of elements. It is mainly aimed at discovering the presence of “Data Leak” (“Data leak” intentionally made public) containing more or less sensitive information such as:
- Corporate account credentials compromised and / or exposed
- Bank credentials and / or other payment methods
- Confidential business information and documents
– OSINT (Open Source Intelligene) investigations
– Dark Web Monitoring
The Forensic service aims to identify, extract, store and protect documents for evidential purposes without compromising their integrity (chain of custody).
Forensic analysis allows the acquisition of information from compromised digital devices following a cyber incident.
Security Awareness activities include training and awareness actions that are provided to specialist and non-specialist personnel in the IT sector.
The main purpose is to increase awareness and knowledge on the main and most common cyber threats (Phishing, Vulnerability, Policy, use of weak passwords, web browsing on unlawful sites) trying to decrease the possibility of human error which usually and in the most cases represent the most critical vulnerability.
Security Awareness activities can be carried out through webinars and / or face-to-face seminars.
Brand Protection/Fraud Management
Through the use of the Brand Protection and Fraud Management service, it is possible to identify and possibly counter the illegal use of the customer’s brand.
Brand reputation monitoring is carried out 24 hours a day through the use of automatic tools, and subsequently, through the analysis carried out by the SOC.
The service allows you to analyze malware or suspicious files in controlled environments and with the most advanced techniques of dynamic and static analysis.
Dynamic analysis is aimed at understanding the behavior of malware, such as: external connections (network traffic analysis), creation of registry keys, process injections, use of system libraries usually linked to unlawful activities, creation of anomalous processes or children of legitimate processes. Everything is analyzed in a controlled and isolated environment (Sandbox).
Static analysis aims to analyze the code of malicious software through debugging and reverse engineering in search of behavioral anomalies in the structure of the code itself.