Information security of governmental and commercial organizations is one of the most critical and dynamically developing trends in the IT industry. Mass digitalization, growth in the number of remote employees, surge of cybercrime, deep expertise of cybercriminals, constant sophisticated targeted attacks on governmental and commercial organizations, as well as persistent lack of qualified information security specialists are just a few factors that push our company to develop its own expertise in the field of information security. Our goal here is to help our customers build an effective IT infrastructure protection system, as well as to provide them with the proper level of service to protect their IT infrastructure and repel attacks in cases where the customer organization lacks in qualified information security specialists.
GREENNET's portfolio of information security solutions and services is constantly being reviewed and upgraded in line with new risk trends and the changing information security threat landscape.
The main tasks of the Information Security Department of any organization, as well as the Security Operations Center (SOC), are continuous monitoring of security incidents, analysis and study of the details of detected incidents, elimination of false positive alerts generated by various information security systems, detection of complex and targeted attacks, repelling of detected attacks and restoration of IT infrastructure elements affected by the attack to their initial working state. For successful implementation of these tasks, Information Security and SOC specialists have to use information security systems that will provide the collection of the necessary information from the entire IT infrastructure, the analysis of this information, and maximally automated measures to respond to detected incidents and attacks. For the effective implementation of the above mentioned tasks, GREENNET suggests using SIEM, SOAR and XDR class solutions.
SIEM (Security Information and Event Management) is a class of information security systems designed to collect and analyze information from security logs of network devices, end-point devices, operating systems, applications, etc. The collected information is converted to a unified format, enriched through integration with Threat Intelligence systems, filtered and recorded in a single repository. The built-in correlation algorithms analyze various information security events received from various sources and, based on the analysis performed, identify facts of attacks on the IT infrastructure of the victim organization from a huge number of disparate events.
SOAR (Security Orchestration, Automation and Response) is a class of information security systems designed to orchestrate security systems, that is, their coordination and management. SOAR class solutions allow you to collect data on information security events from various sources, process them and automate typical response scenarios. SOAR class solutions integrate other security ones into a single system, eliminating the need for security specialists to manage each of them separately, and help to focus on the analysis of complex incidents. Based on information about the incident, SOAR takes a set of actions necessary to eliminate the threat or minimize its consequences. These can be commands to other information security products, remote removal of malicious objects, restoration of registry keys, and other actions. SOAR works mainly on signatures and typical response scenarios and provides reactive protection.
XDR (eXtended Detection and Response) is a class of information security systems designed to automatically proactively detect threats at different infrastructure levels, respond to them and counter complex attacks. XDR includes a wide range of tools that integrate with other existing information security systems and provide data monitoring at the endpoint, network, cloud and email servers, as well as analytics and automation to detect and eliminate current and potential threats. Unlike SOAR and SIEM, XDR collects a wide variety of telemetry from integrated information sources, primarily from endpoints, tightly integrates with EDR systems and provides pro-active protection for the IT infrastructure.
GREENNET provides our customers with the implementation, configuration and maintenance of SIEM, SOAR and XDR systems in any combination of these solutions, depending on the tasks and interests of the customers.
One of the main goals of attackers, after successfully penetrating the infrastructure of the victim organization, is to steal essential, valuable confidential information. The same goal is pursued by insiders, who may be disloyal employees or agents embedded in the organization. One of the most important tasks of the organization's information security specialists is to arrange its effective protection from leaks of confidential information.
To solve this problem, we offer our customers to use DLP (Data Loss/Leak Prevention) systems. DLP systems create a secure digital "perimeter" around an organization by analyzing all outgoing, and in some cases, incoming traffic. This controlled information should include not only Internet traffic, mail traffic, IM traffic, but also a number of other information flows: documents taken outside the protected security “perimeter” on external media, printed out, sent to mobile media via Bluetooth, documents sent and processed on mobile devices, etc.
DLP systems have built-in mechanisms for determining the degree of confidentiality of a document detected in the intercepted traffic. As a rule, there are two common methods: special document markers analysis and document content analysis. A full-fledged DLP system consists of at least two architectural components: a gateway component that runs on intermediate servers and analyzes all the traffic redirected and passed through it, and a host component (agent) that runs directly on employees’ workstations and servers.
Since the usage of mobile devices to work with corporate content is an intensively developing trend, we also use UEM (Unified End-Point Management) class systems to ensure the protection of corporate information on our costumers’ mobile devices and of the said devices themselves.
GREENNET provides implementation, configuration and maintenance of DLP and UEM systems, as well as the development and automation of rules and security policies used by DLP systems to detect leaks of confidential information.
As a rule, in the process of implementing complex and/or targeted attacks, cybercriminals try to gain access to privileged administrator and service accounts. After gaining access to passwords, SSH keys, secrets of privileged accounts, the access to target important systems and applications becomes a very easy task for an attacker to implement. For effective protection against the use of privileged accounts, we suggest using PAS (Privileged Accounts Security) class security systems. PAS systems provide reliable storage of passwords, SSH keys, secrets of privileged accounts in an isolated secure storage; issuing them only in accordance with the regulations agreed upon by security policies; periodic passwords, SSH keys, and secrets change and rotation; monitoring, analysis and recording of privileged sessions; analysis of abnormal illegitimate use of privileged accounts, etc.
Moreover, all these functions are implemented practically without making uncomfortable changes to the modus operandi of privileged users and allow the latter to use their usual utilities and programs for target systems administration.
Architecturally, PAS systems are an intermediate software service layer providing the necessary security between privileged users and service accounts and target systems: network devices, hosts, applications, databases, etc.
GREENNET provides our customers with consulting, determination of the list of required PAS system components for solving a specific task, implementation, configuration and maintenance of PAS systems, development and automation of rules and policies for using privileged accounts in a customer’s specific infrastructure.
One of the most important IT assets of almost any organization are databases containing the data, crucial to its functioning. Therefore, it is very important for cybercriminals to gain access to database servers and databases.
This is why the protection of database servers and the databases themselves is an important part of building an information security system. Specialized database protection solutions have more efficient functionality than standard DBMS tools.
Specialized database security systems mainly include DAM (Database Activity Monitoring) and DBF (Database Firewall) class solutions. DAM systems monitor user activity in database management systems. At the same time, the systems do not require changing the settings or configuration of the DBMS themselves, they can work independently of them. DAM processes a copy of the traffic without affecting business processes. DAM systems allow you to classify SQL queries by belonging to certain groups, analyze the traffic of user interaction with databases, and conduct a full audit of SQL queries and responses to them.
In addition, DAM systems have a deep filtering system that allows you to identify potential incidents in a huge number of requests and save a complete archive of user actions. DBF system is, in fact, a kind of network gateway, which can be built into the gap or operate in a passive mode to process a copy of the traffic. This system allows you to block unwanted requests.
GREENNET provides our customers with the implementation, configuration and maintenance of DAM/DBF systems and their integration with the customer’s IT security systems.
The specifics of cybercriminal attacks detected and studied in recent years shows that cybercrime uses a multi-vector approach in attacking the IT infrastructure of a victim organization. Cybercriminals are looking for an opportunity to penetrate the internal network, using all of its touch points with the outside world. Attempts to hack into the network, using web and mail traffic to penetrate the IT infrastructure of the victim organization; hacking or massive DDOS attacks on the organization's Web resources; hacking cloud resources or applications - all these facts make us look at the task of protecting the organization’s network and perimeter (which can be “blurred” due to the abundance of remote work opportunities and cloud resources) as one of building an integrated layered security system that combines security systems of different classes.
To solve these problems, we use solutions of the following classes:
To solve these problems, we use solutions of the following classes:
- Next Generation Firewall/Next Generation IPS - for network protection and intrusion prevention
- Web Application Firewall - to protect Web-applications from intrusions and DDOS attacks by analyzing HTTP/HTTPS traffic and XML/SOAP semantics
- Web-gateway and Mail-gateway - to provide secure access to Internet resources, control web and mail traffic in order to prevent malicious code infiltration and intrusion, control the presence of malicious URLs in traffic, filter malicious and unwanted traffic, etc.
- Network Traffic Analyzer - for analyzing traffic anomalies in the internal network of an organization, identifying signs of malicious code activity in network traffic and signs of an attack by intruders
- Cisco Identity Services Engine (ISE) - to create an organization-wide trusted environment based on a single, centralized information security policy for all types of users, devices, and connections.
- Cloud Access Security Broker - to control activities and enforce security policies and rules in the cloud infrastructure.
GREENNET provides our customers with the implementation, configuration, and maintenance of all of the above mentioned systems individually or in combination, depending on the IT infrastructure architecture and identified information security issues.
GREENNET provides our customers with a set of services that will allow them to assess the degree of security of their IT infrastructure, the degree of its vulnerability, the degree of effectiveness of the existing information security system, the need to implement new information security systems, the degree of compliance with security standards and regulatory requirements, protect IT assets from sophisticated and targeted attacks. The services offered include information security consulting and auditing, vulnerability analysis, penetration tests (both manual and automated), evaluation of the effectiveness of existing protection tools, and a service for protecting against targeted and complex attacks based on XDR class systems.
IBM, Cisco, Palo Alto Networks, Elastic NV
DLP and Mobile Devices Protection
Privileged Accounts Security
Cisco, Palo Alto Networks
Network and Perimeter Security
Cisco, Palo Alto Networks, Radware, Imperva, Teanable