SOC as a Service

1. SOC (Security Operations Center) as a service:

We offer full SOC services, especially for the Gulf region (UAE, Oman, Saudi Arabia, Qatar, Bahrain, Kuwait and Iraq) and beyond. 

We have a dedicated COSMOS Cyber Security SOC:

SIEM - The core system of the SOC​

In the SIEM (Security Information and Event Management), information and logs from your infrastructure are collected and processed 24 hours a day. Real-time processing enables cyber-attacks to be recognized immediately so that targeted countermeasures can be taken. 

7×24 MDR (Managed Detections & Response)– The core service of the SOC 

Our security analysts evaluate the cyber security alerts generated by the SIEM 24 hours a day and initiate measures if necessary. Our analysts act according to the following tiering. 

Our security analysts evaluate the cyber security alerts generated by the SIEM 24 hours a day and initiate measures if necessary. Our analysts act according to the following tiering. 

In the event of an escalation through a TIER I, the TIER II carries out in-depth analyzes of the security incidents by checking the systems and data sets for compromise. In addition, emergency measures are initiated by TIER II if necessary. 

Security Incidents Workflow​

Detected cyber incidents are immediately dealt with by our analysts using a predefined workflow. In addition, the resilience of the infrastructure is improved in a processing of the incident.
security incident workflow

Extra SOC as a services:

2. Threat Hunting

As part of threat hunting, security analysts search the log recordings of your systems for abnormalities and anomalies. These abnormalities usually result in specific information on security gaps and suggestions for improvement, which are forwarded to your IT managers. In addition, as part of threat hunting, the coverage of the Security Operations Center (SOC) is regularly compared with your entire IT infrastructure in order to identify blind spots early and to continuously minimize them. 

Threat hunting process

3. Vulnerability Management

Attackers can use the Internet to automatically search systems that are accessible from the outside (such as firewalls or routers) for publicly known vulnerabilities. If attackers have detected a system with known vulnerabilities, they can exploit them with little effort. In particular, organizations that use partially outdated system versions are a very easy target. 

Vulnerability Management
The way we work:

1.  Inventory 

First, your systems are inventoried so that they can be specifically monitored.

2.  Monitoring

Information about security gaps and security-relevant system updates of the previously inventoried systems is continuously collected from various sources (including NIST NVD). 

3.  Detection

As soon as security gaps are detected, it is checked whether they affect your systems. For this purpose, among other things, the current software versions of the potentially affected systems are evaluated and compared. 

4.  Fix

If a version is affected, an escalation is sent to your IT manager with specific instructions on how to mitigate the security gaps. If you need support, our security support services can also be obtained. 

4. Threat intelligence

DeepWeb:

Information leaked about your organization on the internet (including stolen credentials) can be used to launch a successful attack with minimal effort. Publicly available information should be monitored so that you are informed about the existence of this data at an early stage and can take appropriate countermeasures. 

The swisspentest® automatically and continuously scans the Internet 7×24 for publicly available information in order to then show the results in a clear report. 

Threat intelligence
Attack Surface:

The externally accessible systems of all organizations should be checked regularly for misconfigurations and security gaps so that they can be closed before an effective attack. 

 The swisspentest® automatically and continuously scans your infrastructure externally 7×24 in order to make the results available to security analysts. 

The swisspentest® automatically and continuously scans the Internet 7×24 for publicly available information in order to then show the results in a clear report. 

5. swisspentest®

DeepWeb:

Information leaked about your organization on the internet (including stolen credentials) can be used to launch a successful attack with minimal effort. Publicly available information should be monitored so that you are informed about the existence of this data at an early stage and can take appropriate countermeasures. 

The swisspentest® automatically and continuously scans the Internet 7×24 for publicly available information in order to then show the results in a clear report. 

Pentesting
Increased security through AI support
Aim of the swisspentest® :

With several hundred fully automated security tests, the swisspentest® engine offers comprehensive vulnerability detection for network and web applications. By continuously simulating attacks on a target, misconfigurations, vulnerable libraries and incorrect infrastructure hardening protocols can be found in real time. 

The platform is available as an isolated container (SaaS) or containerized on Kubernetes (on-premise). By efficiently cloning a target and using a deep learning module to mitigate false positives, the best possible precision is achieved. 

Deep learning using TensorFlow :

The TensorFlow AI was developed by the Google Brain team and has a wide range of applications. Nowadays it is used in many applications such as Twitter, Airbnb, Google Search, as well as in the swisspentest. By using TensorFlow, the security gaps can be detected more efficiently and with a very high hit rate. 

Training of the TensorFlow models :

The TensorFlow models were trained with the source code of the Alexa Top 1,000 websites, consisting of a total of 30,000 JavaScript and other program codes. Classified and examined by hand by our specialists, the neural network learned to understand and assess them after a few thousand scripts. Through hundreds of iterations over the samples, it increased the detection of the trained vulnerabilities to over 96%. Together with the contributing hardcoded keyword algorithm, the swisspentest system achieves a precision of 97.6%. 

Test data security:

In order to guarantee the security and anonymity of our customers, we have integrated our own TensorFlow instance into our internal infrastructure in Switzerland, in which the models are trained independently of the World Wide Web and without any communication with Google and then implemented in the swisspentest. 

Phase of development :

With the help of the patch codes, which are displayed in the portal for the vulnerabilities, engineers can close the vulnerabilities found without having to read deeply into the existing vulnerabilities. 

Test Phase :

Since a failure of the target would be tolerable during the test phase, intrusive scans can also be performed. These have been trained to actively penetrate an application and thus offer the best possible detection.

Productive phase :

Intrusive security scans can be deactivated so that the usability of a target is not endangered by attacks. This minimizes the risk to the operative business and can continue to monitor the security level of the target in silent mode.​ 

6. Red Teaming (How secure is your organization)

We simulate a multi-stage, realistic and complete attack on your entire organization. The following elements of your organization are checked (infrastructure, people and physical intrusion attempts). 

The following elements of your organization will be checked 

  • External Attack 

In the first step, the entire external perimeter of the target company is scanned for vulnerabilities. A suitable attack path is then compiled based on the security gaps found. 

  • Spear phishing 

Open Source Intelligence (OSINT) is used to specifically identify employees with many access rights. An attempt is then made to gain control of your account using phishing and Trojans. 

  • Physical intrusion 

In addition to the attack from the Internet, our analysts also penetrate the internal perimeter on site to steal information or install Command & Control servers.  

  • Security support 

After the end of the Red Teaming Event, you will receive a detailed report, which will be presented to you in a debriefing. We then support you in the planning and implementation of suitable measures. 

6. Security Support

We simulate a multi-stage, realistic and complete attack on your entire organization. The following elements of your organization are checked (infrastructure, people and physical intrusion attempts). 

We support you in all areas of IT security with unconventional and effective solutions. 

 Examples of our IT security support services 

secure networking 

We support your IT system engineers in developing secure connectivity solutions, as well as network zone concepts and planning. 

Secure Architecture 

Since the focus in system engineering is often on usability, security requirements are often neglected. We help you to prioritize and close the most serious security gaps. 

legacy devices 

Critical core systems of many organizations are often out of date because their maintenance can result in disruption. We will work out safe handling with you. 

migration support 

Our specialists support you in patch management of critical security gaps and emergency migrations.