SOC as a Service
1. SOC (Security Operations Center) as a service:
We offer full SOC services, especially for the Gulf region (UAE, Oman, Saudi Arabia, Qatar, Bahrain, Kuwait and Iraq) and beyond.
We have a dedicated COSMOS Cyber Security SOC:
- 1). based in the UAE, Abu Dhabi
- 2). based nearby Zürich, Switzerland, in collaboration with the Kastgroup AG
SIEM - The core system of the SOC
In the SIEM (Security Information and Event Management), information and logs from your infrastructure are collected and processed 24 hours a day. Real-time processing enables cyber-attacks to be recognized immediately so that targeted countermeasures can be taken.
7×24 MDR (Managed Detections & Response)– The core service of the SOC
Our security analysts evaluate the cyber security alerts generated by the SIEM 24 hours a day and initiate measures if necessary. Our analysts act according to the following tiering.
Our security analysts evaluate the cyber security alerts generated by the SIEM 24 hours a day and initiate measures if necessary. Our analysts act according to the following tiering.
In the event of an escalation through a TIER I, the TIER II carries out in-depth analyzes of the security incidents by checking the systems and data sets for compromise. In addition, emergency measures are initiated by TIER II if necessary.
Security Incidents Workflow
Detected cyber incidents are immediately dealt with by our analysts using a predefined workflow. In addition, the resilience of the infrastructure is improved in a processing of the incident.

Extra SOC as a services:
2. Threat Hunting
As part of threat hunting, security analysts search the log recordings of your systems for abnormalities and anomalies. These abnormalities usually result in specific information on security gaps and suggestions for improvement, which are forwarded to your IT managers. In addition, as part of threat hunting, the coverage of the Security Operations Center (SOC) is regularly compared with your entire IT infrastructure in order to identify blind spots early and to continuously minimize them.

3. Vulnerability Management
Attackers can use the Internet to automatically search systems that are accessible from the outside (such as firewalls or routers) for publicly known vulnerabilities. If attackers have detected a system with known vulnerabilities, they can exploit them with little effort. In particular, organizations that use partially outdated system versions are a very easy target.

The way we work:
1. Inventory
First, your systems are inventoried so that they can be specifically monitored.
2. Monitoring
Information about security gaps and security-relevant system updates of the previously inventoried systems is continuously collected from various sources (including NIST NVD).
3. Detection
As soon as security gaps are detected, it is checked whether they affect your systems. For this purpose, among other things, the current software versions of the potentially affected systems are evaluated and compared.
4. Fix
If a version is affected, an escalation is sent to your IT manager with specific instructions on how to mitigate the security gaps. If you need support, our security support services can also be obtained.
4. Threat intelligence
DeepWeb:
Information leaked about your organization on the internet (including stolen credentials) can be used to launch a successful attack with minimal effort. Publicly available information should be monitored so that you are informed about the existence of this data at an early stage and can take appropriate countermeasures.
The swisspentest® automatically and continuously scans the Internet 7×24 for publicly available information in order to then show the results in a clear report.

Attack Surface:
The externally accessible systems of all organizations should be checked regularly for misconfigurations and security gaps so that they can be closed before an effective attack.
The swisspentest® automatically and continuously scans your infrastructure externally 7×24 in order to make the results available to security analysts.
The swisspentest® automatically and continuously scans the Internet 7×24 for publicly available information in order to then show the results in a clear report.
5. swisspentest®
DeepWeb:
Information leaked about your organization on the internet (including stolen credentials) can be used to launch a successful attack with minimal effort. Publicly available information should be monitored so that you are informed about the existence of this data at an early stage and can take appropriate countermeasures.
The swisspentest® automatically and continuously scans the Internet 7×24 for publicly available information in order to then show the results in a clear report.

Increased security through AI support
Aim of the swisspentest® :
With several hundred fully automated security tests, the swisspentest® engine offers comprehensive vulnerability detection for network and web applications. By continuously simulating attacks on a target, misconfigurations, vulnerable libraries and incorrect infrastructure hardening protocols can be found in real time.
The platform is available as an isolated container (SaaS) or containerized on Kubernetes (on-premise). By efficiently cloning a target and using a deep learning module to mitigate false positives, the best possible precision is achieved.
Deep learning using TensorFlow :
The TensorFlow AI was developed by the Google Brain team and has a wide range of applications. Nowadays it is used in many applications such as Twitter, Airbnb, Google Search, as well as in the swisspentest. By using TensorFlow, the security gaps can be detected more efficiently and with a very high hit rate.
Training of the TensorFlow models :
The TensorFlow models were trained with the source code of the Alexa Top 1,000 websites, consisting of a total of 30,000 JavaScript and other program codes. Classified and examined by hand by our specialists, the neural network learned to understand and assess them after a few thousand scripts. Through hundreds of iterations over the samples, it increased the detection of the trained vulnerabilities to over 96%. Together with the contributing hardcoded keyword algorithm, the swisspentest system achieves a precision of 97.6%.
Test data security:
In order to guarantee the security and anonymity of our customers, we have integrated our own TensorFlow instance into our internal infrastructure in Switzerland, in which the models are trained independently of the World Wide Web and without any communication with Google and then implemented in the swisspentest.
Phase of development :
With the help of the patch codes, which are displayed in the portal for the vulnerabilities, engineers can close the vulnerabilities found without having to read deeply into the existing vulnerabilities.
Test Phase :
Since a failure of the target would be tolerable during the test phase, intrusive scans can also be performed. These have been trained to actively penetrate an application and thus offer the best possible detection.
Productive phase :
Intrusive security scans can be deactivated so that the usability of a target is not endangered by attacks. This minimizes the risk to the operative business and can continue to monitor the security level of the target in silent mode.
6. Red Teaming (How secure is your organization)
We simulate a multi-stage, realistic and complete attack on your entire organization. The following elements of your organization are checked (infrastructure, people and physical intrusion attempts).

The following elements of your organization will be checked
- External Attack
In the first step, the entire external perimeter of the target company is scanned for vulnerabilities. A suitable attack path is then compiled based on the security gaps found.
- Spear phishing
Open Source Intelligence (OSINT) is used to specifically identify employees with many access rights. An attempt is then made to gain control of your account using phishing and Trojans.
- Physical intrusion
In addition to the attack from the Internet, our analysts also penetrate the internal perimeter on site to steal information or install Command & Control servers.
- Security support
After the end of the Red Teaming Event, you will receive a detailed report, which will be presented to you in a debriefing. We then support you in the planning and implementation of suitable measures.
6. Security Support
We simulate a multi-stage, realistic and complete attack on your entire organization. The following elements of your organization are checked (infrastructure, people and physical intrusion attempts).

We support you in all areas of IT security with unconventional and effective solutions.
Examples of our IT security support services
secure networking
We support your IT system engineers in developing secure connectivity solutions, as well as network zone concepts and planning.
Secure Architecture
Since the focus in system engineering is often on usability, security requirements are often neglected. We help you to prioritize and close the most serious security gaps.
legacy devices
Critical core systems of many organizations are often out of date because their maintenance can result in disruption. We will work out safe handling with you.
migration support
Our specialists support you in patch management of critical security gaps and emergency migrations.