SOC - Security Operation Center
Our SOC is the next-generation Security Operation Center that plays a central role in continuous security monitoring to prevent, detect, analyze, and respond to cyber threats to our Clients.
With 24x7x365 active monitoring of systems and the manning of cyber security and network security experts, we ensure monitoring and management of incidents and attacks that threaten small, medium and large enterprises. A comprehensive and effective defense requires a well-defined strategy; our approach to cyber security and network security involves a thorough analysis of the assets to be protected and a clear and timely definition of the actions to be taken in the event of a threat.
- We use SIEM, SOAR, Threat Intelligence, Anomaly Behavior Analysis and other advanced security technologies;
- Our Security Operation Centers in Italy, and Switzerland are 24×7 monitoring worldwide infrastructures of our customers
SOC - Our Services
SIEM
Security Information and Event Management is the key reference solution for threat monitoring, identification and analysis and is the core of our machine intelligence.
This tool allows us to collect, manage, in a fully automated manner, information from the system logs of all monitored devices. Making extensive use of artificial intelligence and machine learning, it allows real-time monitoring of events within your IT environment, enabling analysts to reduce the time required to perform investigations into what is happening "in the business ecosystem."
Our SIEM solution includes User and Entity Behaviour Analytics (UEBA) and Security Orchestration and Automated Response (SOAR).
EDR - XDR
We deal with managing information from endpoints, which are one of the main targets of cybercriminals: protecting any device that can connect to the Internet means preventing ransomware or malware from halting normal production activities, while also obviating the costly expense of restoring infected machines. Endpoint Detection and Response (EDR) solutions not only focus on identifying specific malware, but are designed to provide alerts on security terms to trigger additional controls. Extended Detection and Response (XDR) solutions provide greater protection and efficiency during the Cyber threat detection and response phases by integrating different security technologies cooperating with each other, delivered as Software as a Service: lower prices, increasing throughput and, most importantly, greater protection.
Email Detection
More than 90 percent of security incidents start with an email.
Fundamental for every company to have an Email Security and antispam service to counter the increasingly common phenomenon of mail phishing, which involves recreating through artificial intelligence (AI) templates and email addresses of known companies and brands to deceive the sender, triggering silent attacks and opening up gaps in corporate systems.
In addition to filtering spam, Email Security scans email attachments with file sandboxes, verifies hyperlinks, recognizes fraudulent activity, and protects email communications from DDoS attacks. The system can also detect Office365 account breach attempts,phishing and spear phishing attacks to ensure secure email use across the enterprise.
Security Monitoring
Our team of analysts performs continuous monitoring (24x7x365) of the IT ecosystem to identify a threat or system breach and activate containment and eradication activities through the Incident Response phase. We offer an efficacious and flexible service, Security Monitoring can be provided either through STIM's platforms or through technologies already deployed in the enterprise network, with no additional investment required.
Monitoring:
First containment of the incident, with facilities and applications scanning, monitoring and reporting of incident and user behavior.
-End Point (PCs, notebooks, servers)
-Network (connections, protocols, network infrastructure)
-Cloud
-Mobile (smartphones, tablets, mobile devices)
-Application (business applications)
-EMail
Incident Response
In cyber security, security incidents occur when you least expect them. We help companies anticipating and managing an emergency by quick responding when it occurs. For a quick and effective response in the event of an attack, contact us: our analysts are always ready to contain, isolate, and block the attack, 24/7, so that your business can be restored to operation, minimizing financial, brand reputation, and productivity damage.
24x7 Available
We detect, stop and contain cyber security incidents 24/7
Vertical expertise
Our analysts can handle alarms in vertical, finance, fashion, automotive, manufacturing, industrial, telco and insurance environments
Stop any cyber-attack
Our analysts are capable of dealing with all types of cyber attacks
Management and intervention for incident resolution, with Best Practices suggestions from a preventive perspective.
It all starts with an idea. Maybe you want to launch a business. Maybe you want to turn a hobby into something more. Or maybe you have a creative project to share with the world. Whatever it is, the way you tell your story online can make all the difference.
Incident Response includes 4 main activities:
1.
Preparation phase, in which our Cyber Security experts gather information about the network to be able to react promptly in case of an incident
2.
Detection and analysis phase, aimed at identifying the actual and potential effects of incidents in order to assign priorities based on the severity of the incident
3.
Containment, elimination and recovery actions
4.
Post-accident activities, including accident investigation, forensic analysis and a debriefing called "lessons learned"
The Incident Responder monitors networks and systems and performs analysis aimed at identifying intrusions and vulnerabilities, establishing protocols for intervention and communication in variable critical situations also interacting with other cyber threat analysis entities, ultimately producing detailed reports for technicians, managers and administrators."
Incident Response (IR) is a structured response process to incidents detected during the Detection phase, enabling any attacks to be addressed, with issues and anomalies resolved, so that the customer can resume normal operations.
Speed of response and response is critical to limiting damage, whatever the size of the business. STIM supports the customer and covers protection needs within hours of engagement, analyzing the entire network for malicious activity.
Response includes several phases: incident preparation, secure incident detection and analysis, containment, eradication and full recovery, and post-incident analysis and learning.
Crisis Management
The STIM Cyber Security experts collaborate with managers, legal teams and personnel to develop a plan to manage possible crises. The team is trained to lead crisis meetings and handle various types of incident, to suitably support management during the emergency.
Damage assessment: at this stage, the team identifies systems, facilities, applications, and information exposure affected by the incident (sensitivity of the data, number of users and entities impacted, number and type of assets affected, probable cause of the incident and internal propagation velocity, lateral movement).
Remedy following damage assessment: a customized containment and remediation strategy is developed from the aggressor's actions and in line with business needs. In addition to resolving the detected incident, during Remediation, the team seeks to improve the security posture of the environment in order to limit and prevent future incidents.
