Server protection

Antivirus is useless with regard to servers, because the main threat for the server is not a malicious file, but a vulnerability that an attacker might take advantage of. Our task is to find and eliminate this vulnerability before the attacker gets access to it, or to fix and investigate the attack. To this end, we need to do the following:

  • Regularly scan ports and services, just like hackers do it.
  • Find the vulnerable software, determine if it needs to be updated, and give instructions on how to fix it.
  • Collect logs so that the hacker could not delete them after the hacking.
    Log the traffic to better understand where and how much data is leaking.
  • Record manipulations with files.
  • Record the actions of users and admins on the servers.
  • Look for signs of compromise if you have already been hacked.
  • Find configuration errors made by admins.

We implement the task at hand using: wazuhosquerysuricatafilebeatgraylog

We look at the server "under the microscope", so to speak, and we can always answer the following questions: "who did it, when and what was done?", "is there any vulnerable software on the server?", "did data leaked anywhere?".

Services

Облачные сервисы почти всегда безопаснее, чем свои сервера, хоть и не приватнее. Но их надо правильно настроить, чтобы не произошло случайного слива. Мы внимательно изучаем облачные и self-hosted решения, даём рекомендации по повышению безопасности, и собираем логи.

Cloud services are almost always safer than their own servers, though not more private. But they need to be properly configured so that no accidental leak takes place. We carefully study cloud and self-hosted solutions, make recommendations for improving security, and collect logs.