
cyber defense advisory services
The defense consultant team provides the hereby following range of services to our customers. The specialty in this expert area is that consultants have extensive background both in systems and network engineering, practical defense skills and regulatory compliance frameworks.
Detect & Respond Maturity Assessment
After evaluating the information source and reliability of IoCs, they are analyzed through rigorous and structured techniques, and then commented by those with expertise and access to all sources. Using CTI as a service or building up an own both requires analysts to identify discover a vast amount of information, accurately and, timely.
When properly implemented, threat information updates can help you maintaining the quality your detection and response capabilities.
SOC process development
As described in SIEM implementation service description we mastered in building SOC processes for our customers and also do this practice within our own SOC organization. We share this expertise with our kind partners targeting all relevant organizational processes.
SOC ROADMAP DEVELOPMENT
Based on an assessment of security operations and technology our consultant team designs and plans the roadmap of SOC development journey. The order of these steps must be carried out in a prudent manner, to take into consideration the skillset level of analysts, human aspects and the complexity of systems and current process map.
KPI CONSULTATION
The biggest challenge for organizations - whenever new or old - is to find out how well they are performing. A wise first step is to set up a measurement system. Our balance scorecard methodology is based on utilizing a KPI tree and a decision matrix. This method supports how to select key metrics to evaluate organizational performance.
The consultants provide well-aggregated, visualized and easy-to-read numbers which can be generated automatically. Reach out to our experts who will help you to find the most suitable KPI metrics.
Defense team development
One crucial aspect of a well performing security team is to have the latest knowledge on the new technics and tactics. What we provide is a practical experience based-, and role specific capability development for professionals.
SECURITY ANALYST TRAINING
Up-to-date dynamic training course for engineers and analysts operating, and using the SIEM systems. We train professionals to have a better understanding of detection and response tools, dive deep into a number of use cases to analyze different types of threats and attacks.
Reporting, dashboard design, event source and content tuning are also subject of this course.
SITUATIONAL GAMES
We organize several types of cyber security situational games for training and capability testing. These games are typically red team - blue team campaigns, capture the flag and SOC awareness testing by simulative attacks.
APT ATTACK SIMULATION
An APT (advanced persistent threat) simulation system is a next-generation network security tool that execute a real attack-like operation whilst giving the ability to measure the detection and response time, and by providing detailed reports it helps learning from the attack and further developing the defense processes and systems.
Several testing tools are available to regularly test the tooling or the team processes.
CTI service & consultation
By CTI (Cyber threat intelligence) consulting we help you to find and build in the right model of external CTI knowledge or create your own, specific IoC database and procedures.
After evaluating the information source and reliability of IoCs, they are analyzed through rigorous and structured techniques, and then commented by those with expertise and access to all sources. Using CTI as a service or building up an own both requires analysts to identify discover a vast amount of information, accurately and, timely.
When properly implemented, threat information updates can help you maintaining the quality your detection and response capabilities.
Incident response service
During the response chain several tasks can be provided or supported by the SOCWISE expert team. Firstly the response coordination is an important role provided based on methodological and technical background. Secondly the analysis - including sandboxing and forensic analysis - can also be provided by SOCWISE. Let that be a critical level incident or an OT network related threat is to be analyzed, then we offer our OT or the IT advanced malware sandbox lab environment to make forensic analysis and understand the key characteristics of the detected malicous component.
Offensive testing services
Regular preparedness testing by ethical offensive forces can be a compliance necessity, but in most of the cases gives very useful feedback for the defense team. We design and execute several active defense testing activities as follows.
PENETRATION TESTING
Wholistic penetration tests are performed in several different levels. Black-, grey or white box testing can be run under well designed and securely realized circumstances. It is always run in accordance with strictly defined conditions, where target area can be external IP addresses, private network segments or specific business applications.
The found vulnerabilities, threats and the unprotected attack surfaces are reported in a detailed documentation including suggested fix actions.
VULNERABILITY TEST
Vulnerability testing can be performed separately on IT and OT networks by the manual work of cyber defense engineers. In these projects we build on several scanner and analysis tools.
Wholistic vulnerability analysis is carried out with a professional caution to the productive IT environment, so that operation must not be harmed, and also strong cooperation is prepared with the customer IT team.
The testing result is fed back in a detailed digital report, with guidance for the operations teams to be able patch the vulnerable system components or redesign the affected system architecture.
INDUSTRIAL CONTROL SYSTEM ASSESSMENT
By the use of a fully passive network based OT network analysis tool we provide on-demand or regular assessments.
The first result of the assessment is a precise inventory list of the devices communicating on network - including computers, network components, PLCs, HMIs or others. We attach to each item a vulnerability status, based on their current firmware / OS status.
We determine the network connections and sessions between all communicating entities, drawing and providing layer 2 and layer 3 topology maps. Based on an automatically built baseline traffic pattern the unusual, suspicious behavior can be highlighted. On the basis of pre defined and tailored rules the threats or adversarial activities on the OT network can be pinpointed and we propose the response steps to be taken.
Malware analysis
We offer in 7x24 service hours our malware analysis service based on our sandboxing and malware laboratory. Depending on the specific requirements we provide quick and deep analysis of the suspicious elements.
The received data is subjected to a scanning process, which ultimately determines the actual threat posed to the system. The investigation will provide information that can help you uncover details and possibly identify adversary sources that may help in further develop the defense. We provide forensics, malware analysis at onsite or remote locations depending on the necessary and available sandboxing capabilities.