Early detection and rapid investigation are critical to deterring attackers and responding to threats. But a myriad of alerts, insufficient information, and a lack of visibility can prevent you from taking these important actions. That’s where we come in. We provide 24/7 monitoring of your IT resources, both from a cybersecurity perspective (threat intelligence and threat hunting) and rapid incident response (DFIR) perspective. We invite you to learn more about SOC as a service provided by the Security Operations Center (SOC) team.
- We provide specialized digital forensics services called DFIR (Forensics and Incident Response). We use highly specialized commercial equipment and tools to perform forensic analysis.
- Our digital forensics lab, which handles dozens of data mining and information extraction cases every month, consists of a number of professional and reputable software, including FTK Forensic Toolkit and X-Ways Forensics, which allows you to analyze evidence through documentation.
- Properly securing digital traces allows for in-depth incident analysis and allows you to determine the details of how the attacker performed the operation. Over time, if evidence is not properly secured, system logs will be lost even if the user is working on it and the system is simply running.
- On the other hand, turning off the computer without prior protection will result in the irreparable loss of digital data stored in the operating system memory and specific to the attacker. This data may contain important information for incident analysis.
- Today, digital security is a requirement for every company, so the most important thing is the speed of response. In SOC, we use dynamic defense technologies that are used to identify new types of never-before-seen threats (unique patterns in targeted attacks).
- Each new sample is automatically analyzed in a Sandbox to simulate behavior and identify malicious methods. Using products like Splunk and ELK, all behavior within the network will be collected and analyzed.
- Network attack detection security products monitor communications and use hundreds of predefined rules to detect them. These products always have one major flaw, which can be considered as the lack of understanding of most of the reported alerts.
- Attackers often use obfuscation methods in the communication channels with their command center, which are not possible for network-level products to monitor. Thus, purple teams are always needed to hunt down suspicious network-level attacks and communications.
Incident Response
The most important aspect of SOC/CERT services is the competence of the technical team, as the level of knowledge of the specialists determines the cybersecurity of the organization. On the other hand, the network is directly covered using NIDS/IDS software to uniquely detect attacks made on the local network. Malicious domains, IP addresses and hash information (IoC) are provided by our Cyber Threat Intelligence System, which receives information in cooperation with other international incident response teams.
Threat Hunting
Threat hunting and threat intelligence are topics that have been around for over a decade. Their achievements include world-class threat hunting, i.e. APTs, and incident response. Advanced APT attacks are monitored by IoCs and their technical and tactical behavioral patterns are mapped in hunting techniques, which are called TTPs. The ability to identify zero-day vulnerabilities (software weaknesses for which there are no security patches) is one of the features of threat hunting.
Security Operations Center
SOC (threat hunter) and CERT team experts always strive to be active in the defensive (blue team) and offensive (red team) fields of cybersecurity, as well as implementing a professional computer forensics laboratory so that they can demonstrate appropriate actions in different situations. Hunting and rapid incident response specialists in the security operations center are always tasked with data mining from information collection databases.
Computer Security Incident Response Team
A well-known incident response team can provide cyber assistance to government agencies and institutions in emergencies. This incident response is very important when a cyber attack occurs and can help forensic teams with their investigations. For example, if an organization’s operating systems are infected with ransomware, it usually takes a short time for the ransomware to reach the Impact stage. If the digital forensic response team is quick to respond, it can respond appropriately to the attack.
Malware Analysis
Malware analysis is a very key aspect of information gathering and forensics, which can be used to neutralize anti-reverse engineering and anti-recovery methods. It can also be used to perform appropriate operations in terms of behavior analysis and signature creation for malicious file formats entered into the system, and data mining can be initiated after reverse engineering the desired area.
