Security operations

   We can provide our competent resources to monitor, support and maintain components of information security architecture, including SEIM, Log management, PKI, IDS/IPS, Identity and access management, DLP, anti-malware, etc. solutions. We can cover cloud based AWS/GCP/Azure and onpremise Windows AD/Linux/MacOS based infrastructures. The service is delivered in accordance to the ITIL practices, with mature defined Service Catalogue, SLA, HelpDesk and Operations function, Service Delivery processes.
  Project case: Log management system operation and security event monitoring The goal of the project was to configure the log management solution and conduct security event monitoring in the customer GCP/Kubernetes infrastructure. False positives were filtered out. Regular Red team exercises were analyzed and detection rules were updated. The log management was based on the Graylog/Logstash/ELK technology stack. The following sources were connected with the aid of GCP Pub-Sub connectors:
  • GCP project
  • Kubernetes
  • Falco container IDS
  • Nginx-ingress objects
  • ModSecurity WAF
  • Application logs
  • Compute instance VM