DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED - - PowerPoint PPT Presentation

DIGITAL PLANETS SECURITY SOLUTION

INTRODUCTION

OUR OFFERED SERVICES

Vulnerability Assessment & Penetration Testing

• External Networks
• Internal Networks
• Web Applications
• Mobile Applications
• Social Engineering
• Red Teaming

Security Operation Centre

• SOC Hybrid

Solutions

• Planning,

Designing & Building SOC

• Upgrading NOC to

SOC

• Implementing

Security policies & procedures

Information Security Awareness

• ISA for End Users
• ISA for Managers
• ISA for IT Admin
• ISA for Developers
• Compliance &

Governance

• Communication

Tools

• Phishing Simulator

Brand Protection

• Anti-Phishing
• Mobile Apps
• Social Media
• Malware Protection
• DMARC

Consultancy

• Risk Assessment
• Configuration

Reviews

• Source Code

Review

• PCI & ISO 27001
• Governance

INTRODUCTION

OUR PARTNERS

INTRODUCTION

REFERENCE LIST

INTRODUCTION

WHY DIGITAL PLANETS SECURITY SOLUTIONS?

• Experienced team with more than 30 years of cumulated professional experiences
• 100% Focused on Cyber Security professional services
• On board professional calibers including consultants, engineers and analysts
• Partnership with best of bread technology providers in the industry
• Professional 24/7/365 Security Operation Center (Smart Village – Egypt)
• Fast growing company based on exemplary project’s success rate
• Prestigious reference list including mission critical clients
• Full fledge professional security services offering
• Capacity to communicate in different languages including Arabic, English and French

INFORMATION SECURITY AWARENESS

INFORMATION SECURITY AWARENESS

SECURING THE WEAKEST LINK

INFORMATION SECURITY AWARENESS

SECURING THE WEAKEST LINK

INFORMATION SECURITY AWARENESS

SECURING THE WEAKEST LINK

INFORMATION SECURITY AWARENESS

CONTENT DELIVERY HAS NEVER BEEN THIS EASY

INFORMATION SECURITY AWARENESS

ENSURE YOUR PROGRAMMES SUCCESS

BRAND PROTECTION & FRAUD MANAGEMENT

BRAND PROTECTION

PROVEN AND TRUSTED GLOBALLY

• A privately owned Internet Security company
• Founded in 2003
• Leaders in the Anti-Phishing and Online Brand Protection Industry
• Headquartered in Melbourne, Australia
• Offices in San Francisco, Dubai and London
• 24x7x365 Security Operations Centre

BRAND PROTECTION

ENTERPRISE BRAND PROTECTION SUITE

• Brand Abuse
• Vishing
• Pharming
• LogMonitor*
• Interceptor*
• PAC Files
• Command and Control
• Drop Zones
• Brand Impersonation
• Executive

Impersonation

• Unauthorised Mobile

App listings

• Malicious Android &

iPhone apps

MANAGED SECURITY SERVICES

SECURITY OPERATIONS CENTRE ‘SOC’

A Security Operations Centre (SOC) is a centralized unit in an organization that deals with security issues/incidents, on an organizational and technical level.

• SOC team operates 24/7 from central offsite location or outsourced on clients’ site.
• Complete & proactive in response to security incidents.
• Predict security attacks and minimize the impact.
• Implement security policies across the enterprise.
• Reduce cost of security support by providing centralized remote support.

MANAGED SECURITY SERVICES

MANAGED SECURITY SERVICES

COMPONENTS OF SOC

People Processes Technology

Our Managed SOC is designed to wrap experienced People and efficient Processes around leading Technologies. The objective is to manage security incidents, ensuring they are properly identified, analyzed, communicated, actioned/defended, investigated and reported.

MANAGED SECURITY SERVICES

People

Different layers of very talented candidates with a broad range of capabilities & diversity of experiences.

TIER 1

• Monitoring
• Open tickets, closes false positives
• Basic investigation and mitigation

TIER 2

• Deep investigations
• Mitigation/recommends changes

TIER 3

• Advanced investigations
• Prevention
• Threat hunting
• Forensics
• Counter-Intelligence

MANAGED SECURITY SERVICES

Processes

Our policy and procedure development process consist of four primary steps:

Document Release &

Implementatio n

Document Review

Policy & Procedure Developmen t

Informatio n Gathering

MANAGED SECURITY SERVICES

Technology

A comprehensive approach of security monitoring is followed by taking care of all the administrative activities required to manage the health and availability of the SOC monitoring tools.

• Vulnerability Assessment
• Vulnerability Tracking
• Log Management
• Control
• Visibility
• Network Infrastructure
• Events Collection, Correlation

& Analysis

Our Unified Approach to Security Monitoring

Unified Security Management (USM)

Centralized threat detection & incident response made simple & affordable for resource-limited IT security teams.

Integrated Threat Intelligence

Actionable threat intelligence updates from AlienVault Labs delivered continuously to the USM platform. Correlation rules and directives written by our AlienVault Labs team and displayed through the USM interface

Open Threat Exchange

The world’s largest repository of crowd-sourced threat data providing a continuous view of real time threats that may have penetrated the company’s defenses.

OPEN THREAT EXCHANGE (OTX)

MANAGED SECURITY SERVICES

UNIFIED SECURITY MANAGEMENT

UNIFIED SECURITY MANAGEMENT

AV Components Appliances: Sensor – Server – Logger and ALL-IN-ONE

USM Server

• Log Normalization
• IDS
• OSSEC
• Netflow
• Vulnerability Detection
• Asset Detection

USM Sensor

• Event Correlation
• Event Storage/Query
• UI
• Long-Term
• Log Storage/Query

USM Logger USM All-In-One

• Sensor
• Server
• Logger

AV COMPONENTS FLOW

UNIFIED SECURITY MANAGEMENT

BUILDING SOC

To build an efficient SOC, it is important that realistic understanding of many constraints are considered to ensure that an effective solution is in place.

BUILDING SOC PHASES

BUILD OPERATE PLAN

• SOC Strategy
• SOC Capabilities

Maturity Assessment:

• Infrastructure
• Data Collection
• Event Correlation & Data

Analysis

• Incident Response Plan
• Vulnerability Managemen
• Processes
• Ticketing System Process
• Collect Measurements
• Continuous Assessments
• Incident Response
• People
• Process
• Technology

INCIDENT RESPONSE

INCIDENT RESPONSE PLAN

There are many levels of success in defensive work… the common wisdom is that the attacker only has to be right once, but the defender has to be right every time. When the worst-case scenario becomes reality, it’s essential to have the right plan in place, the right people

• n the job, and the right tools and training to remain

vigilant.

APPROACH

INCIDENT RESPONSE

UNIQUE APPROACH TO INCIDENT RESPONSE

INCIDENT RESPONSE

UNIQUE APPROACH TO INCIDENT RESPONSE

REPORTING

MANAGED SECURITY SERVICES

Our SOC team provides advanced monthly, weekly and daily reports as required for compliance and visibility. Reporting from SOC team and their tools is used to maintain a view of the threat and vulnerability landscape as well as maintain

• versight of service delivery; both for the service provisioned by

MNZ Technology as well as the internal support team.

PERSONNEL

SOC ANALYST TIER ‘1’ QUALIFICATIONS -1

• A Bachelor's Degree in a relevant area of study with a preference for Information Security,

Computer Science or Computer Engineering

• 1-3 years previous SOC Experience.
• Basic knowledge of client-server applications, multi-tier web applications, databases,

firewalls, VPNs, and enterprise Anti-Virus products

• Good knowledge of IT including multiple operating systems and system administration skills
• Security monitoring experience with one or two SIEM technologies, and intrusion detection

technologies

• Experience with web content filtering technology - policy engineering and troubleshooting
• Strong understanding of security incident management, malware management and

vulnerability management processes

PERSONNEL

• Detail oriented with strong organizational and analytical skills
• Strong written communication skills and presentation skills
• Self-starter, critical and strategic thinker, negotiator and consensus builder
• Excellent English written and verbal skills.
• Shift work required & after-hours availability required

SOC ANALYST TIER ‘1’ QUALIFICATIONS -2

PERSONNEL

SOC ANALYST TIER ‘2’ QUALIFICATIONS -1

• Three plus years of information security related experience, in areas such as: security
• perations, incident analysis, incident handling, and vulnerability management or

testing, log analysis, intrusion detection

• Must have been in a level 1 SOC Analyst role for at least 1-2 years
• In depth experience with the following technologies: leading SIEM technologies,

IDS/IPS, network- and host- based firewalls, data leakage protection (DLP), DAM (Database activity monitoring)

• In depth, hands-on experience with at least two of the following technologies: Active

Directory, Routers /Switches management, Firewall Management, IDS/HDS, System vulnerability scanning tools, Application/Database vulnerability scanning tools, mobile device analysis or Secure coding

• Advanced knowledge of ‘Arcsight’ SIEM solution.

PERSONNEL

SOC ANALYST TIER ‘2’ QUALIFICATIONS -2

• In depth understanding of possible attack activities such as network probing/

scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.

• Experience with SOC ticketing systems and proven SOC process knowledge
• Advanced knowledge in system security architecture and security solutions
• Advanced knowledge in networking, message transport, and endpoint security
• Excellent interpersonal and organizational skill and excellent oral and written

communication skills

• Proven analytical and problem-solving skills

PERSONNEL

‘SIEM ADMIN’ QUALIFICATIONS -1

• Bachelor’s degree in Computer Science or Business Administration, or relevant

educational or professional experience.

• 2+ years of being a Level 2 Engineer
• Technical and architectural understanding of large environments
• An understanding of the following technologies: SIEM technology ArcSight, IDS/IPS,

network- and host- based firewalls, anti-virus software, data leakage protection (DLP), DAM (Database activity monitoring).

• Knowledge of risk assessment tools, technologies and methods.
• Experience planning, researching and developing security policies, standards and

procedures

PERSONNEL

‘SIEM ADMIN’ QUALIFICATIONS -2

• Professional experience in a system administration role supporting multiple platforms

and applications

• Ability to communicate network security issues to peers and management
• Hands-on experience with at least two of the following technologies: Active Directory,

Routers /Switches management, Firewall Management, IDS/HDS, System vulnerability scanning tools, application/database vulnerability scanning tools, mobile device analysis or Secure coding.

• In depth understanding of possible attack activities such as network probing/

scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.

• Excellent interpersonal and organizational skills
• Excellent oral and written communication skills

PERSONNEL

‘SOC LEAD’ QUALIFICATIONS

• 7-9 years of technical experience in Information Security, System Administration, or

Network Engineering with at least 5 years of experience in Information Security. Experience in Security Operations and Incident Response.

• Detailed practical and configuration knowledge of firewalls, load balancers, routers,

switches, intrusion detection/prevention systems.

• Ability to conduct multi-step breach and investigative analysis to trace the dynamic

activities associated with advanced threats.

• Advanced knowledge and expertise of using SIEM technologies for event investigation.
• Advanced knowledge in system security architecture and security solutions
• Excellent interpersonal and organizational skill and excellent oral and written

communication skills

• Proven analytical and problem-solving skills

THANK YOU

FOR ANY FURTHER INFORMATION PLEASE CONTACT:

55 Street 263, Maadi, Cairo, Egypt +2 010000 15 377 digital-planets.net info@digital-planets.net