Our Technologies

SOC as a Service

The SOC is primarily focused on the detection of potential threats within corporate networks, ranging from hackers and malware to employees who consciously or intentionally seek access to confidential information that is not intended for their eyes.
Our SOC is designed to create a very high security level for organizations.
Datacenters in the cloud are generally very secure, but cloud providers often have little to say about what is happening in that cloud. Organizations unfortunately underestimate the specific cyber security challenges of a cloud environment. We believe that together with datacenters, we can provide a unique service that is crucial for a comprehensive cyber security strategy.
With our SOC-as-a-Service you can benefit from our cyber experts to design and deliver extraordinary high-tech cyber security solutions.

Backups

What’s the most important, irreplaceable thing in your possession? The memories of the experiences you had. If you took photos of your wedding, or a video of your child’s first steps, you trust your hard drive to store this data. For businesses, the retention of data is not only regulated by law, but these days, an increasing number of business processes are conducted via the computer and are operated/saved to digital mediums. In the event of disk/device failure, backups are key in guaranteeing business continuity.

The statistics on hard drive failure seem disheartening. A study conducted by BackBlaze found that 10% of hard drives fail after three years, and 20% after five years. Therefore, backups should be a key element in your IT security infrastructure.

NGFW

A next-generation firewall (NGFW) is the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities like application firewall using in-line deep packet inspection (DPI), intrusion detection or prevention system (IDS/IPS), TLS/SSL encrypted traffic inspection, website filtering, malware inspection and so on.

With the integration of NGFW you get a complete network visibility and extra layers of security.

  • Application Visibility and Application Control even on encrypted traffic like HTTPS
  • Identity Awareness (User and Group Control)
  • Integrated protection (IPS, Anti Malware, Web filtering, Data Leakage Protection),

Next-generation firewalls are more intelligent and can recognize an application or website regardless of IP address or port numbers. The advanced filtering technology looks deep inside packets of an application and can analyze and make intelligent decisions about which content and packets to block.

Identity Management

Securing enterprise identities against cyber threats that target today’s hybrid IT environment of cloud, mobile and on-premises is a must.

Your IAM should protect you against the leading point of attack used in data breaches – compromised credentials – by securing an enterprise’s users as well as its privileged accounts.

The thing that needs to be taken into consideration is that IAM is not only great for security purposes, but also is an excellent business tool. It allows business to share their applications with any other partner in the corporate world through a secure channel. This means that both, companies and partners, would be on the same page in terms of security and would be able to conveniently plan and grow business together. The question you might ask next is how information security can be ensured without compromising on job performance and productivity of employees? Is there an end to cyber policing? Yes. You can relieve your business from the everyday hassle of user management and security challenges with an identity and access management solution. Even though it may sound complex and too-tricky-to-handle for some, it is crucial for secure and sustainable business. Instead of giving into the darkness of cybercrimes, identity and access management (IAM) brings torch to the looming challenges of organizational security.

An (IAM) infrastructure should include a technical solution, as well as supporting business processes to enable seamless identity life-cycle management.

Application Security

For an outside cyber-criminal to steal data, she or he first has to gain access to a network and more common gain of access are through phishing and exploits. Nowadays there are almost weekly updates of OSs, office applications, internet browsers, because new software vulnerabilities are discovered almost daily, and must patched.

The fastest and cheapest way to prevent exploits is to discover them in the source code. And repair them before putting applications in production. Later this is harder and the costs of remediation or damage grow exponentially. But developer teams don’t have trained engineers specialized for security analysis. There are no people who would search for vulnerabilities and recommend changes. Developers don’t have time for that, modern DevOp teams must release multiple new application versions often daily.

But we can automate application security testing. Two well known brands are Checkmarx and MicroFocus Fortify. Those are tools or services that scan source code in different languages, or are integrated with scripting code or app servers, some even monitor running applications. Sometimes they integrate (Web) Application Firewalls. They have databases of hundreds of source code vulnerabilities, can discover them in source code, and they recommend changes to remove them. Not by searching for fixed code patterns but by intelligently following data input, processing, output, variable and memory usage, libraries and function calls, arguments passing etc. They find many more vulnerabilities much faster than a team of security analysts would.

2FA - 2 Factor Authorisation

Computers are very useful tools, but they are only secure when they can identify and distinguish between users in a reliable and secure way. What if someone steals your password, looks over your shoulder while you type it, or you simply use the same password for every service (which is a really bad idea, don’t do it!)?
Your PC just forwards the password to the service, and It checks if it matches the one on your account, if so that must be you. As far as the service is concerned, anyone who has your password is you and can act on your behalf.

A great and widely used solution to this problem is two factor authentication, which most often uses an external device alongside your password to verify your identity. This device can be your smartphone, a dedicated controller, or even a smartcard.
The service will (depending on the 2FA method) either generate a random string, to be verified by the device when the user interacts with it, or request an additional user input displayed on the device of usually 5-7 digits, which change every 30 seconds or so. This way the user can prove, beyond reasonable doubt, that they are who they say they are.

2 Factor authentication is being adopted by more and more companies as password-only authorization systems are proving to be insufficient for any normal level of security.

User Monitoring

Your people are your greatest strength, but they can also be your greatest weakness. How will you prevent critical data and assets from being compromised by your users?

To stop insider threats in their tracks, your organization must continuously monitor all user activity.

3i-solutions monitors and audits all actions taken by employees on a company’s systems to protect data and reduce risk. We identify and eliminate insider threats from employees and guarantee that your organization has clear visibility into who is doing what, when, and why.

DDoS

A Distributed Denial-of-Service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems.

Our advanced DDoS solutions protect against the most common one to sophisticated multi-vector and application layer attacks.

ATD/ATP

Aspects of ATD solutions are truly many – they can protect web, email, endpoints, network traffic, files shares and much more, from advanced threats. There might be multiple deployment options, like on-premise, cloud deployments, hybrid and so on. You might use just ATD for web, or web and email, include it also at the endpoints, file shares or orchestrate everything together in one giant well performing, integrated solution, well back-up by intelligence and services.

SIEM

How can we make sure you will be informed well to make good decisions? Fast decisions? Right decisions? You already have your data sources, the battlefield. And then you must install good subordinates through which this data will flow. Based on the data, they will give you battlefield intelligence. You will decide. A battle will be won. One step closer to winning a war.

SIEM is your battlefield intelligence officer. It collects data from all the assets in your corporate network – network equipment, servers, applications, security solutions etc. IT filters data, enriches it, aggregates it, stores it in a central location. It correlates data from multiple source types and builds actionable intelligence. It alerts you to priority issues and reports on ongoing situation, in detail or, in general. It does most of the work for you. Then you only need to make appropriate decisions. Hire Micro Focus ArcSight or McAfee SIEM as your main battlefield intelligence officer!

DEVELOPMENT

Front-end developers work on:

HTML/CSS

JavaScript/jQuery

JavaScript Frameworks

CSS Preprocessors

Responsive/Mobile Design

Cross-Browser Development

Content Management Systems

Testing/Debugging, etc

Back-end developers work on:

Php

Python

Java

Ruby

.NET

Tools

Azure DevOps; Jenkins; Visual Studio; Eclipse, NetBeans

Integration

BizTalk; SQL Server Integration Services; Apache Camel

Databases

SQL SERVER; Oracle DB; MYSQL; PostgreSQL; DB2; MongoDB

Desktop

Windows Forms; Universal Apps; Swing; JavaFX

Mobile

React Native; Xamarin; Codename ONE

Collabs, CRM, Portals

Sharepoint; WebAssembler

IT Forensics

Forensic is the application of science to criminal and civil laws, mainly—on the criminal side—during criminal investigation, as governed by the legal standards of admissible evidence and criminal procedure.

Forensic scientists collect, preserve, and analyze scientific evidence during the course of an investigation. While some forensic scientists travel to the scene of the crime to collect the evidence themselves, others occupy a laboratory role, performing analysis on objects brought to them by other individuals.

WAF

Our experts offer A WAF or Web Application Firewall that helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgerycross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model) and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools that together create a holistic defense against a range of attack vectors.

By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.

A WAF operates through a set of rules often called policies. These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.

DLP

Security solutions specialized for business data protection are known as Data Loss Prevention or DLP. They have three primary functions.

  1.  To recognize business data no matter the document type or the language in which the documents are written. This is where they perform data classification, categorization, fingerprinting, discovery, machine learning etc. Some types of data are pre-configured, like the formats of credit card numbers, keywords etc. For custom data we point the solution to an example document or lots of them and it is then scanned – DLP can learn how our business data looks.
  2.  To detect – discover – this data as it is being used, transferred or simply stored somewhere. We call this three – data in use, data at rest, and data in motion.
  3. To monitor and report about data, and most importantly to detect, alert on, and possibly block everything that is not according to pre-configured corporate security policies and business practices. For instance to block users from printing certain documents, or block a group of users from accessing a customer database, preventing any kind of document being sent by email except to white-listed addresses, or to completely block saving documents on USB media.

Additionally it is good to have advanced forensic capabilities on data incidents, those are detected events that are not in compliance with configured policies.

As we can see, this are usually quite “big”, complex solutions. They have a broad set of functionalities and must be able to “look” everywhere – monitor the networks, all the endpoints, applications, user directories, gateways to internet, storage archives etc. Most of the vendors have a complete DLP suite with an option to buy just a part of it. To get started with GDPR compliance companies could for instance use just a Discovery part of DLP solutions. Some customers need only endpoint monitoring, others don’t care about data usage on endpoints but need to monitor data transfers on local networks, web and email. Most of modern web and email content security solutions already include some DLP functionalities.

Data Classification

Data classification is the process of organizing data by agreed-on categories. Thoroughly planned classification enables more efficient use and protection of critical data across the organization and contributes to risk management, legal discovery and compliance processes.

There is no one “right” way to design your data classification model and define your data categories. For instance, U.S. government agencies often define three types of data: Public, Secret and Top Secret. NATO used a five-level scheme for the Manhattan Project. One option is to begin with a simple three-level type of data classification:

  • Public data — May be freely disclosed with public (e.g., customer service contacts)
  • Internal data — Has low security requirements but is not meant for public disclosure (e.g., organizational charts)
  • Restricted data — Highly sensitive internal data whose disclosure could negatively affect operations and put the organization at financial or legal risk (e.g., customer, patient, and employee personal information; authentication data such as logins and passwords).

Your organization can use these three categories to define an initial data classification model and later on add more granular levels based on data content (PII, PHI, etc.), relevance to compliance standards or business specifics, and other criteria.

As you can see, data classification is not a magic wand that secures data or ensures compliance with regulatory requirements by itself. Rather, it helps organizations improve their security posture by focusing their attention, workforce and financial resources on the data most critical to the business. Once you have prioritized your risks, you better understand how to ensure appropriate data protection and ongoing compliance with security policies and regulations.

UEBA

Unintentional data breaches are usually caught by DLP solutions. Intentional insider attacks are more sophisticated and harder to detect. For that we need other types of solutions besides DLP. One is direct user activity monitoring. Another one is User & Entity Behavioral Analytics or UEBA.

User monitoring tools monitor single sessions. But a sophisticated attacker might perform a malicious activity in such a way, that is not directly visible in a single session to a single system. He might do a little bit on one server, a little bit on another. Then he would lay low and do some changes on a database later or in a couple of days. And in a week he would put his findings in a file and send it via email out of the network. Such activities are impossible to catch through session monitoring tools. So UEBA tools were developed. They gather and correlate input from lots of different sources – system and application logs, security solutions, SIEM, user directories, orchestration tools, even workstations. Sophisticated algorithms and machine learning is used to define normal activities of users and entities, a kind of a very advanced baselining. Then they can detect and alert on anomalies, or security analytics can work interactively to search for something strange. What is an anomaly? Let’s say a server has 100Mb of traffic daily with internet, there is a business reason for that. Than on one day there are 5 communication sessions with 100Mb each. A UEBA tool could detect that, that is an entity anomaly. Another anomaly is a user who connects daily to his workstation and a web server, because he is a company blogger. But then one day suddenly he access a database server and on the next day he sends out a large ZIP file. That is strange and can be detected with UEBA tools.

CASB

Cloud Access Security Broker is a new kind of security solution located between corporate users and cloud applications. It allows us to detect, monitor and control the cloud services usage much more granularly and efficiently

IPS/IDS

IPS or Intrusion Prevention System is a perimeter security solution, like a firewall for instance. Network perimeter is a boundary between an organizational local network and the rest of the world. Usually that’s a connection to Internet Provider, national network, another company or something like that. Often there are at least two connections, for redundancy.

A perimeter solutions ‘sits’ on the perimeter, where it can monitor and protect all incoming and/or outgoing traffic. Some perimeter solutions watch a specific traffic type like email or web security gateways, others monitor generally all the traffic, like a firewall and IPS.

Sometimes an organizational network is split into multiple networks with single connections between them, and also can have firewalls or IPSs on such points.

A modern IPS as actually a combination of IDS and IPS, where D stands for a detection and P for Prevention. Meaninng IDS were passive solutions that could only alert, but an IPS is an active solution that can block outside attacks and threats in general traffic. IDS and IPS functionalities are a kind of higher level, much advanced or evolved firewall functionalities. So both solutions can also be combined into what we call an Advaneced or Next Generation (NextGen) firewall, or UTM solutions (Unified Threat Management). If split into two, then IPS is closer to inside the network than a firewall, usually just behind it.

IPS detects more complex threats in traffic, that a simple firewall is not able to. Often they are also split because of performance – they are inline with traffic and must perform eaxh of its functions fast so that there is no significant lag in traffic. Combined solutions are more appropriate for small and middle sized companies.

IPS uses multiple tecniques to detect traffic, such as Signature-based detection, statistical anomaly detection, high speed SSL/TLS decryption and inspection, DoS detection, anti-bot defences, stream analysis, protocol anomaly detection etc.

Once IPS detects a threat, it takes automated actions on all traffic flows that enter the network like alarming administrators (that is an IDS function), dropping the malicious packets, blocking traffic from malicious source address, resetting connections etc. Because of this automated actions it is very important for IPS to have an extremly low false positives rate.