Hardsecure created in 2016 a dedicated structure (technological resources, human resources, processes/procedures, and certified facilities) designed to guarantee a Security Incident Response Methodology that allows managing, control, monitor and report Security Incidents (detection and response to known threats and zero-day / zero-hour) in the Information Systems of the organization called h-SOC (Hardsecure - SOC as a Service). In addition, this capability provides essential security features to maximize security visibility and compliance management: asset discovery, vulnerability assessment, intrusion detection, behavioral / heuristic monitoring and Security Information Event Management (SIEM).
The h-SOC has technological resources against the latest threats with continuous intelligence updates in the face of new attack vectors, in a 24x7x365 format.
In a succinct way, we will be able to identify the incident response capacities and methodologies to be installed in the organization that allows:
- Integration of technologies and systems to prevent, protect, detect and respond to threats;
- Monitoring, management, correlation and analysis of cybersecurity events for the entity's entire information system;
- Intrusion detection and mitigation;
- Existence of isolated environments for forensic and malware analysis;
- Auditing IT structures;
- Integration with PTES logs, external DLP’s, Honeypots and other connectors, giving a 360º view to the organization;
- Analyze the organization's perimeter protection and unified threat management policies;
- Vulnerability detection and management;
- Support tools for Forensic Analysis and Evidence Management;
- Prevention of leakage of confidential data (integration with DLP mechanisms);
- Long-term data retention and indexing, enabling subsequent forensic analysis;
- Real-time, centralized and consistent access to all security logs and events, regardless of the type of technology and manufacturer;
- Correlation of heterogeneous technology logs, linking common and/or significant attributes between the sources, in order to transform the data into useful information;
- Identification of behaviors, incidents, fraud, anomalies, and breakdowns of baselines defined by the IT team;
- Alerts and notifications that can be carried out automatically in case of non-compliance with security policies and/or regulatory standards, or even according to pre-established business rules;
- Issuing sophisticated reports on security conditions.
With a Security Incident Response Team dedicated to the organization, there are clear benefits and capabilities appropriate to the IT structure. H -SOC integrates and shares information with different national and international organizations, in order to maximize and obtain a response to new attack vectors.
There are different areas where it is possible to act, with emphasis on the following:
- Issuing sophisticated reports on security conditions.
- Malicious network behavior
- Website Defacement
- Windows / Linux Malware Detection
- Blackmail
- Smartphone Malware
- Social engineering
- Phishing
- Intellectual Property Infringement
- Cyber Attack
- Social Media Hacking
- Social Media Defamation
- Wire Fraud / Financial Fraud
- Phone Call Scam
- Ponzi Schemes
- Ransomeware Attacks
- Corporate Data Leak
- Cryptocurrency Fraud
- Credit Card Fraud
- Mobile Intrusion
- Wireless Attack