The offer of Certego includes two key types of managed services: BDIR (Breach Detection, Investigation & Response) and CTI (Cyber Threat Intelligence). Both are able to effectively contrast the threats posed by Cyber Crime, the former through the analysis of anomalies detected within the networks and systems of the Client, the latter through an extensive and specific activity of intelligence carried out outside of the Client’s infrastructures to identify the attacks even before they reach their defences.
In recent years, computer attacks have progressively acquired the ability to cross the defence barriers of key IT security technologies (firewall, antivirus, intrusion prevention systems, etc.). In the new attack scenarios, the main goal of intrusion is not to create immediate damage but rather to control and identify the victim’s systems to assess the most effective and lucrative attack strategies.
For these reasons, Certego has developed a managed service able to:
- Detect the anomalies in network traffic and execution of the application processes within client-server systems;
- Carry out targeted analysis and investigation activities aimed at understanding the nature of the anomalies and identify any presence of computer attacks;
- Confirm the presence of intrusions and attempts of fraud and identify the operations to manage the incident to reduce the impacts on the client’s business.
Features of the Service
The Data Breach Detection & Response Service is able to detect the following categories of computer attacks:
- Malware & Advanced Persistent Threats (APT)
- Web Application Attacks
- Distributed Denial of Service Attacks (DDoS)
The Anomaly Detection process is performed by a specific set of sensors able to understand what is happening on the network and inside the Client’s systems.
Incident response operations are formulated based on the recommendations of the National Institute of Standards and Technology (NIST) and include the following stages:
- Detection and analysis
- Reduction, Removal and Restoration
- Analisi Post-mortem
In the event of an incident, the Certego security team (Computer Security Incident Response Team - CSIRT) formulates a detailed response plan and supports the client in carrying through the plan to resolve the problem. Furthermore, through analysis of the key security incidents, the service is able to highlight the most significant weak points of the Client's defence systems and to indicate the most suitable technological and process solutions.