“IT-Integrator” is the largest developer
and a provider of IT solutions for corporate
and public sectors
in Ukraine.

Tier 3: Repeatable

Send request
1. Active Directory Enhanced security

Purpose: Systems for monitoring and ensuring enhanced security of Active Directory services:

  • agentless scheme of work, without changing AD settings, there is both On-Prem and SaaS deployment options
  • a large and constantly updated database of attack patterns and dangerous configurations
  • constant monitoring of AD security status, change tracking, establishing trust relationships, etc
  • data collection and analysis based on authentication protocols (Kerberos, DNS, RPC, NTLM, etc.)
  • correlation of disparate events/changes to detect complex targeted ART attacks (Pass-the-Ticket, Pass-the-Hash, Overpass-the-Hash, Golden ticket, etc.)
2. Network Detect & Response, NDR

Purpose: Deep analysis of network traffic:

  • use of Deep Packet Inspection / Deep Session Inspection technologies and/or NetFlow / IPFIX protocols
  • detection of network anomalies that may indicate the beginning of a “zero-day” attack
  • detection of attempts to exfiltrate data from corp. network, which may indicate insider activity
  • long-term storage of a log of recorded network sessions for retrospective analysis and incident investigation
  • integration with NAC class solutions to simplify monitoring of compliance with network security policies and segmentation
  • integration with the Cyber Deception System and EDR to speed up response and increase the complexity of incident analysis
3. Database Firewall, DBF

Purpose: Monitoring, auditing and access control to information processed in the database

  • analysis of user / process activity, verification of requests to the DBMS, blocking of obvious threats (for example, SQL injections) and potentially dangerous / atypical requests to the DB
  • creating policies for creating and blocking records in the database
  • protection, management and control of access to privileged accounts
  • management of user and application privileges on end devices
4. Web Application Firewall, WAF

Purpose: Profile protection of WEB applications:

  • inspection of all web page content including HTML, DHTML, CSS and HTTP/HTTPS content delivery protocols
  • blocking abnormal requests to the web application, protection against XSS attacks and SQL injections
  • implementation of multifactor authentication in the web application by means of the WAF itself
  • control over delimitation of access rights for web application users
  • SSL termination (reducing the load on the web server)
  • load balancing on web servers
5. Enterprise Mobility Management, ЕММ

Purpose: Centralized management of mobile devices:

  • integration into the corporate environment of any devices running on any platforms (including personal ones, according to the BYOD concept)
  • providing secure access to corporate resources from mobile devices (“containers” with data and applications, forced shutdown of the camera, Bluetooth, modem during work, etc.)
  • user identification management based on unified corporate policies
  • audit, monitoring and control of compliance of devices and applications with corporate policies
6. Data Loss Prevention, DLP

Purpose: Prevention of data leakage:

  • continuous monitoring of web and e-mail channels mail (when integrated with SWG, SEG), file repositories, workstations, databases, export to removable media, etc.
  • blocking attempts of unauthorized access to confidential information
  • prevention of unauthorized export of data through any channels, including printing
  • detection of attempts at disguised exfiltration of confidential data – image recognition, control of digital prints
7. Security Information and Events Manager, SIEM

Purpose: Centralized collection, long-term storage and analysis of event logs (the basic tool of the corporate Security Operation Center):

  • support for collecting logs from all possible sources in the corporate network (network screens and other network equipment)
  • long-term storage of logs in an unchanged state (Compliance task)
  • analysis of collected information according to defined criteria and scenarios, detection of deviations from the norm, cyber security incidents and suspicious activity
  • implementation and automation of incident management processes (incident – notification – response – analysis – improvement)

    Do you want

    send

    request?




    *Privacy Policy