Device protection

Attacks start and end on end devices. No matter how well protected the services or networks are, if an attacker gets access to the PC, they get access to all the services: VPN, mail, admins, 1C, Bank, etc. If the attacker has access to the server, they get access to all data and the ability to spread the attack to the rest of the infrastructure. 

Work computers

We understand the importance of protecting your PC, and that is why we install two antivirus programs and an automated update system:

This set allows you to safely use your PC without the risk of catching malware, even when using an account with administrator rights. A few hours after the installation, you will receive the first report on deleted viruses and the confidence that they will never show up again.

Servers

Antivirus is useless with regard to servers, because the main threat for the server is not a malicious file, but a vulnerability that an attacker might take advantage of. Our task is to find and eliminate this vulnerability before the attacker gets access to it, or to fix and investigate the attack. To this end, we need to do the following:

  • Regularly scan ports and services, just like hackers do it.
  • Find the vulnerable software, determine if it needs to be updated, and give instructions on how to fix it.
  • Collect logs so that the hacker could not delete them after the hacking.
    Log the traffic to better understand where and how much data is leaking.
  • Record manipulations with files.
  • Record the actions of users and admins on the servers.
  • Look for signs of compromise if you have already been hacked.
  • Find configuration errors made by admins.

We implement the task at hand using: wazuh, osquery, suricata, filebeat, graylog

We look at the server "under the microscope", so to speak, and we can always answer the following questions: "who did it, when and what was done?", "is there any vulnerable software on the server?", "did data leaked anywhere?".