{"id":4941,"date":"2024-02-13T11:03:10","date_gmt":"2024-02-13T09:03:10","guid":{"rendered":"https:\/\/it-integrator.ua\/platforms\/tier-3-repeatable\/"},"modified":"2024-03-12T11:16:33","modified_gmt":"2024-03-12T09:16:33","slug":"tier-3-repeatable","status":"publish","type":"platforms","link":"https:\/\/it-integrator.ua\/en\/platforms\/tier-3-repeatable\/","title":{"rendered":"Tier 3: Repeatable"},"content":{"rendered":"<h6><span style=\"color: #a30404;\"><strong>1. Active Directory Enhanced security<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Systems for monitoring and ensuring enhanced security of Active Directory services:<\/p>\n<ul>\n<li>agentless scheme of work, without changing AD settings, there is both On-Prem and SaaS deployment options<\/li>\n<li>a large and constantly updated database of attack patterns and dangerous configurations<\/li>\n<li>constant monitoring of AD security status, change tracking, establishing trust relationships, etc<\/li>\n<li>data collection and analysis based on authentication protocols (Kerberos, DNS, RPC, NTLM, etc.)<\/li>\n<li>correlation of disparate events\/changes to detect complex targeted ART attacks (Pass-the-Ticket, Pass-the-Hash, Overpass-the-Hash, Golden ticket, etc.)<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>2. Network Detect &amp; Response, NDR<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Deep analysis of network traffic:<\/p>\n<ul>\n<li>use of Deep Packet Inspection \/ Deep Session Inspection technologies and\/or NetFlow \/ IPFIX protocols<\/li>\n<li>detection of network anomalies that may indicate the beginning of a &#8220;zero-day&#8221; attack<\/li>\n<li>detection of attempts to exfiltrate data from corp. network, which may indicate insider activity<\/li>\n<li>long-term storage of a log of recorded network sessions for retrospective analysis and incident investigation<\/li>\n<li>integration with NAC class solutions to simplify monitoring of compliance with network security policies and segmentation<\/li>\n<li>integration with the Cyber Deception System and EDR to speed up response and increase the complexity of incident analysis<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>3. Database Firewall, DBF<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Monitoring, auditing and access control to information processed in the database<\/p>\n<ul>\n<li>analysis of user \/ process activity, verification of requests to the DBMS, blocking of obvious threats (for example, SQL injections) and potentially dangerous \/ atypical requests to the DB<\/li>\n<li>creating policies for creating and blocking records in the database<\/li>\n<li>protection, management and control of access to privileged accounts<\/li>\n<li>management of user and application privileges on end devices<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>4. Web Application Firewall, WAF<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Profile protection of WEB applications:<\/p>\n<ul>\n<li>inspection of all web page content including HTML, DHTML, CSS and HTTP\/HTTPS content delivery protocols<\/li>\n<li>blocking abnormal requests to the web application, protection against XSS attacks and SQL injections<\/li>\n<li>implementation of multifactor authentication in the web application by means of the WAF itself<\/li>\n<li>control over delimitation of access rights for web application users<\/li>\n<li>SSL termination (reducing the load on the web server)<\/li>\n<li>load balancing on web servers<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>5. Enterprise Mobility Management, \u0415\u041c\u041c<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Centralized management of mobile devices:<\/p>\n<ul>\n<li>integration into the corporate environment of any devices running on any platforms (including personal ones, according to the BYOD concept)<\/li>\n<li>providing secure access to corporate resources from mobile devices (&#8220;containers&#8221; with data and applications, forced shutdown of the camera, Bluetooth, modem during work, etc.)<\/li>\n<li>user identification management based on unified corporate policies<\/li>\n<li>audit, monitoring and control of compliance of devices and applications with corporate policies<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>6. Data Loss Prevention, DLP<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Prevention of data leakage:<\/p>\n<ul>\n<li>continuous monitoring of web and e-mail channels mail (when integrated with SWG, SEG), file repositories, workstations, databases, export to removable media, etc.<\/li>\n<li>blocking attempts of unauthorized access to confidential information<\/li>\n<li>prevention of unauthorized export of data through any channels, including printing<\/li>\n<li>detection of attempts at disguised exfiltration of confidential data &#8211; image recognition, control of digital prints<\/li>\n<\/ul>\n<h6><span style=\"color: #a30404;\"><strong>7. Security Information and Events Manager, SIEM<\/strong><\/span><\/h6>\n<p><strong><span style=\"color: #a30404;\">Purpose:<\/span><\/strong> Centralized collection, long-term storage and analysis of event logs (the basic tool of the corporate Security Operation Center):<\/p>\n<ul>\n<li>support for collecting logs from all possible sources in the corporate network (network screens and other network equipment)<\/li>\n<li>long-term storage of logs in an unchanged state (Compliance task)<\/li>\n<li>analysis of collected information according to defined criteria and scenarios, detection of deviations from the norm, cyber security incidents and suspicious activity<\/li>\n<li>implementation and automation of incident management processes (incident &#8211; notification &#8211; response &#8211; analysis &#8211; improvement)<\/li>\n<\/ul>\n","protected":false},"featured_media":0,"template":"","class_list":["post-4941","platforms","type-platforms","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/platforms\/4941","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/platforms"}],"about":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/types\/platforms"}],"wp:attachment":[{"href":"https:\/\/it-integrator.ua\/en\/wp-json\/wp\/v2\/media?parent=4941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}