Certego Managed Defence is the set of technological platforms, processes and people who make it possible to provide the security management systems. It includes the following elements:
- Certego PanOptikon: Detection, analysis and response platform for computer security incidents;
- Certego Incident Response Team: Team dedicated to Incident Response and Security Intelligence activities;
- Security Operations Center: 24 Hr operations centre to assist Clients.
The security services offered by Certego are based on the typical operating models of incident management teams (Computer Security Incident Response Team - CSIRT). To implement these operating models, Certego has developed the PanOptikon platform to detect, analyse and respond to computer security incidents and to contrast Cyber Crime.
The PanOptikon platform is a modular system composed of the following elements:
- Event Aggregation & Correlation
- Web Portal
The Sensors are positioned inside the Client’s ICT infrastructure to analyse the largest number of possible events and report the presence of anomalies (Anomaly Detection). The PanOptikon platform makes use of the following kinds of sensors:
- Network Sensor to analyse network traffic
- Endpoint Sensor to analyse the processes which are active on the Endpoints
- Syslog Collector to acquire the audit logs generated by the protection systems (Firewall, Antivirus, Secure Web Gateway, etc.)
Event Aggregation & Correlation
The presence of anomalies is reported by means of encrypted channels to the aggregation and correlation systems located within the Certego cloud. The aggregation and correlation systems report the alerts to the CSIRT function. After reporting the alerts, the analysts of the CSIRT team immediately activate the analysis procedures to understand the nature of the anomaly and determine whether it is a security-related issue.
If the analyses confirm the presence of an intrusion or Data Breach, the CSIRT opens the incident procedure on the Web Portal of PanOptikon and formulates the Incident Response plan that will include activities to Limit, Remove and analyse the event post-mortem.