DIGITAL PLANETS SECURITY SOLUTION
INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing • External Networks • SOC Hybrid • ISA for End Users • Anti-Phishing • Risk Assessment Solutions • Internal Networks • ISA for Managers • Mobile Apps • Configuration • Planning, Reviews • Web Applications • ISA for IT Admin • Social Media Designing & • Source Code • Mobile Applications • ISA for Developers • Malware Protection Building SOC Review • Social Engineering • Compliance & • DMARC • Upgrading NOC to • PCI & ISO 27001 Governance • Red Teaming SOC • Governance • Communication • Implementing Tools Security policies & • Phishing Simulator procedures
INTRODUCTION OUR PARTNERS
INTRODUCTION REFERENCE LIST
INTRODUCTION WHY DIGITAL PLANETS SECURITY SOLUTIONS? Experienced team with more than 30 years of cumulated professional experiences 100% Focused on Cyber Security professional services On board professional calibers including consultants, engineers and analysts Partnership with best of bread technology providers in the industry Professional 24/7/365 Security Operation Center (Smart Village – Egypt) Fast growing company based on exemplary project’s success rate Prestigious reference list including mission critical clients Full fledge professional security services offering Capacity to communicate in different languages including Arabic, English and French
INFORMATION SECURITY AWARENESS
INFORMATION SECURITY AWARENESS SECURING THE WEAKEST LINK
INFORMATION SECURITY AWARENESS SECURING THE WEAKEST LINK
INFORMATION SECURITY AWARENESS SECURING THE WEAKEST LINK
INFORMATION SECURITY AWARENESS CONTENT DELIVERY HAS NEVER BEEN THIS EASY
INFORMATION SECURITY AWARENESS ENSURE YOUR PROGRAMMES SUCCESS
BRAND PROTECTION & FRAUD MANAGEMENT
BRAND PROTECTION PROVEN AND TRUSTED GLOBALLY •A privately owned Internet Security company •Founded in 2003 •Leaders in the Anti-Phishing and Online Brand Protection Industry •Headquartered in Melbourne, Australia •Offices in San Francisco, Dubai and London •24x7x365 Security Operations Centre
BRAND PROTECTION ENTERPRISE BRAND PROTECTION SUITE • Brand Abuse • PAC Files • Unauthorised Mobile • Brand Impersonation • Vishing App listings • Command and Control • Executive • Pharming • Drop Zones Impersonation • Malicious Android & • LogMonitor* iPhone apps • Interceptor*
MANAGED SECURITY SERVICES
MANAGED SECURITY SERVICES SECURITY OPERATIONS CENTRE ‘SOC’ A Security Operations Centre (SOC) is a centralized unit in an organization that deals with security issues/incidents, on an organizational and technical level. SOC team operates 24/7 from central offsite location or outsourced on clients’ site. Complete & proactive in response to security incidents. Predict security attacks and minimize the impact. Implement security policies across the enterprise. Reduce cost of security support by providing centralized remote support.
MANAGED SECURITY SERVICES COMPONENTS OF SOC Our Managed SOC is designed to wrap experienced People and efficient Processes around leading Technologies . The objective is to manage security incidents, ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported. People Processes Technology
MANAGED SECURITY SERVICES Different layers of very talented candidates with a broad range of capabilities & diversity of experiences. • Monitoring TIER • Open tickets, closes false positives • Basic investigation and mitigation 1 • Deep investigations TIER • Mitigation/recommends changes 2 • Advanced investigations People • Prevention TIER • Threat hunting • Forensics 3 • Counter-Intelligence
MANAGED SECURITY SERVICES Our policy and procedure development process consist of four primary steps: Policy & Document Informatio Document Procedure Release & n Developmen Review Implementatio Gathering n t Processes
MANAGED SECURITY SERVICES A comprehensive approach of security monitoring is followed by taking care of all the administrative activities required to manage the health and availability of the SOC monitoring tools. Vulnerability Assessment Vulnerability Tracking Log Management Control Visibility Network Infrastructure Events Collection, Correlation & Analysis Technology
Our Unified Approach to Security Monitoring Unified Security Management (USM) Centralized threat detection & incident response made simple & affordable for resource-limited IT security teams. Integrated Threat Intelligence Actionable threat intelligence updates from AlienVault Labs delivered continuously to the USM platform. Correlation rules and directives written by our AlienVault Labs team and displayed through the USM interface Open Threat Exchange The world’s largest repository of crowd-sourced threat data providing a continuous view of real time threats that may have penetrated the company’s defenses.
OPEN THREAT EXCHANGE (OTX)
MANAGED SECURITY SERVICES UNIFIED SECURITY MANAGEMENT
UNIFIED SECURITY MANAGEMENT AV Components Appliances: Sensor – Server – Logger and ALL-IN-ONE USM Sensor USM Server USM Logger USM All-In-One • Log Normalization • Long-Term • Event Correlation • Sensor • IDS • Log Storage/Query • Event Storage/Query • OSSEC • Server • Netflow • UI • Logger • Vulnerability Detection • Asset Detection
AV COMPONENTS FLOW
UNIFIED SECURITY MANAGEMENT
BUILDING SOC To build an efficient SOC, it is important that realistic understanding of many constraints are considered to ensure that an effective solution is in place.
BUILDING SOC PHASES Infrastructure SOC Strategy Data Collection SOC Capabilities Maturity Assessment: Event Correlation & Data • People Analysis • Process PLAN BUILD Incident Response Plan • Technology Vulnerability Managemen Processes Ticketing System Process OPERATE Collect Measurements Continuous Assessments Incident Response
INCIDENT RESPONSE INCIDENT RESPONSE PLAN There are many levels of success in defensive work… the common wisdom is that the attacker only has to be right once, but the defender has to be right every time. When the worst-case scenario becomes reality, it’s essential to have the right plan in place, the right people on the job, and the right tools and training to remain vigilant.
APPROACH
INCIDENT RESPONSE UNIQUE APPROACH TO INCIDENT RESPONSE
INCIDENT RESPONSE UNIQUE APPROACH TO INCIDENT RESPONSE
MANAGED SECURITY SERVICES REPORTING Our SOC team provides advanced monthly, weekly and daily reports as required for compliance and visibility. Reporting from SOC team and their tools is used to maintain a view of the threat and vulnerability landscape as well as maintain oversight of service delivery; both for the service provisioned by MNZ Technology as well as the internal support team.
PERSONNEL SOC ANALYST TIER ‘1’ QUALIFICATIONS -1 A Bachelor's Degree in a relevant area of study with a preference for Information Security, Computer Science or Computer Engineering 1-3 years previous SOC Experience. Basic knowledge of client-server applications, multi-tier web applications, databases, firewalls, VPNs, and enterprise Anti-Virus products Good knowledge of IT including multiple operating systems and system administration skills Security monitoring experience with one or two SIEM technologies, and intrusion detection technologies Experience with web content filtering technology - policy engineering and troubleshooting Strong understanding of security incident management, malware management and vulnerability management processes
PERSONNEL SOC ANALYST TIER ‘1’ QUALIFICATIONS -2 Detail oriented with strong organizational and analytical skills Strong written communication skills and presentation skills Self-starter, critical and strategic thinker, negotiator and consensus builder Excellent English written and verbal skills. Shift work required & after-hours availability required
PERSONNEL SOC ANALYST TIER ‘2’ QUALIFICATIONS -1 • Three plus years of information security related experience, in areas such as: security operations, incident analysis, incident handling, and vulnerability management or testing, log analysis, intrusion detection • Must have been in a level 1 SOC Analyst role for at least 1-2 years • In depth experience with the following technologies: leading SIEM technologies, IDS/IPS, network- and host- based firewalls, data leakage protection (DLP), DAM (Database activity monitoring) • In depth, hands-on experience with at least two of the following technologies: Active Directory, Routers /Switches management, Firewall Management, IDS/HDS, System vulnerability scanning tools, Application/Database vulnerability scanning tools, mobile device analysis or Secure coding • Advanced knowledge of ‘Arcsight’ SIEM solution.
Recommend
More recommend