DEFENSIVE SECURITY

Context:

The protection of e-mail is an essential part of the organizations’ security: an increasing percentage of attacks is in fact transmitted by e-mail. These attacks can include:

• Malware: this type of attack is often aimed at compromising the user’s workstation in order to reach other systems or exfiltrate sensitive data;
• Spam: can interfere with employee productivity and/or carry malicious components;
• Phishing: use of social engineering techniques or “spoofed” sites with the ultimate aim of stealing users’ credentials.

Deliverables:

• Identification of the technological solution that meets the customer’s requirements
• Architectural design
• Installation and configuration (technology deployment)
• Support for the analysis of incidents recorded by the solution (SOC context)

Technological Partners:

Context:

A SOAR is a stack of software solutions that allows organizations to collect data on security threats from multiple sources and apply analytics and corresponding contrast actions without human interaction.

The goal of using SOAR is to improve the efficiency of the security management and it’s applied to products and services that help prioritizing, standardizing and automatizing incidents response functions, especially in the context of a Security Operation Center.

Deliverables:

• Identification of the technological solution that meets the customer’s requirements
• Architectural design
• Installation and configuration (technology deployment)
• Implementation of integrations with third-party solutions
• Creation of an automation playbook for incident response

Technological Partners:

Context:

They are IT security solutions that exploit machine learning and data processing technologies to detect users’ anomalous activities. They collect information on users’ typical behavioral patterns in a specific environment, and they identify activities deviating from the norm, instantly recording them and reporting the instance as a potential threat.

It allows the detection of users’ anomalous behaviors, both in the case of insider threats and possible compromises of users accounts.

These solutions allow not only the monitoring of specific behaviors attributable to suspected individuals, but also of assets in the corporate IT perimeter.

Deliverables:

• Architectural design
• Installation and configuration (technology deployment)
• Support for the analysis of incidents recorded by the solution (SOC context)

Technological Partners:

Context:

Advanced and/or targeted attacks (Advanced Persistent Treath) require a specific focus on the network environment: solutions such as firewall, WAF and legacy IPS/IDS based just on signature are able to block only what they know.

New concept solutions in the Network Protection field, thanks to the integrated threat intelligence, sandboxing and pattern matching capabilities, are able to recognize, contextualize and preventively block even attacks whose nature is unknown, and to bring them back to specific actors and/or malicious campaigns.

Deliverables:

• Identification of the technological solution that meets the customer’s requirements
• Architectural analysis
• Installation and configuration (technology deployment)
• Support for the analysis of incidents recorded by the solution (SOC context)

Technological Partners:

Context:

An NDR system searches within the network for potential indicators of damaging actors and suspected data. As soon as a potential problem is discovered, the NDR system implements network forensics operations and starts a mitigation response aimed at repairing the damage.

NDR systems use artificial intelligence and machine learning to create repositories of information about malware threats. Their ability to detect and prevent malicious network activities and deal with threats steadily increases over time, thanks to the use of machine learning techniques.

Deliverables:

• Installation and configuration (technology deployment)
• Architectural design and network flows collection
• Support for the analysis of incidents recorded by the solution (SOC context)

Technological Partners:

Context:

With the arrival of IoT devices, improving the visibility of what is connected to the network became necessary for organizations, that is, every ICT device and every user accessing it, both through personal and corporate tools. A NAC solution provides the network visibility necessary to detect and record everything connected, as well as the ability to control the security level of users’ devices, also intervening with autamated responses on the basis of policies defined at national level.

Therefore, a NAC solution offers three key features to protect devices in network: full visibility of devices and users in the network, control of the network to limit the logically separated areas that devices can access and automated response to reduce reaction time.

Proposed service:

• Installation and configuration (technology deployment)
• Asset management & inventory
• Support for the analysis of incidents recorded by the solution (SOC context)

Technological Partners:

Context:

The increasing number of data concerning security threats, spread over a vast panorama of sources, both internal and external to the company, makes it necessary to use tools able of aggregating, correlating and analyzing in real time all sources to support defense actions and to prevent future attacks on company assets, including senior positions.

A TIP platform addresses four key functions:

1. Aggregation of intelligence from multiple sources
2. Normalization, enrichment and risk classification of data and information
3. Integration with current security systems
4. Threat Intelligence analysis and sharing

Innovery uses the most advanced TIP platforms, both to support the operations of its SOC and to manage these platforms at its customers.

Deliverables:

• Platform installation and configuration (on premise)
• Integrations with third-party solutions, in the cybersecurity context
• IT management to detect/contextualize/obtain details on different types of cyber attacks
• T3 level analysis for threat hunting, TTP identification and campaigns (SOC context)

Technological Partners:

Context:

The general idea behind automated malware analysis systems, commonly known as sandboxes, is to run malicious software in an environment where it cannot cause any damage and monitor its behavior.

This can serve as a starting point for a more in-depth analysis by a malware analyst, as an automated extraction tool for indicators of compromise (IOC) that can be used to write signatures, a way to detect features attributable to known actors of the threat.

Sanboxing systems are able of tracing network calls, register changes, API calls, activities on files, carry out complete memory analysis, collect screenshots of malware while running, perform static scans of sent files, and much more.

Deliverables:

• Architectural analysis
• Installation and configuration (technology deployment)
• Integration with third parties to automate the submission of samples
• Support for the analysis of the solution outputs (SOC context)

Technological Partners:

Context:

The term “cybersecurity posture” refers to the overall strength of an organization in the cybersecurity field: this expresses the relative security of IT assets, as well as how hardware and software are correctly managed through policies, procedures or controls.

CSP solutions allow you to assess the probability of a future breach by analyzing:

-Configurations, accesses and status of IT systems;

-Suppliers and partners;

-The security level of other companies operating in the same sector.

CSP solutions are more widespread in companies with a certain maturity in cybersecurity and with the need to obtain visibility on a vast IT perimeter, whose configurations may not be optimal and/or maintained over time.

Deliverables:

• Installation and configuration (technology deployment)
• Integration of the solution with third parties
• Analysis of the results of the CSP solution
• Indications and prioritization of remediation and plans for its implementation

Technological Partners:

Context:

Continuous Vulnerability Management technologies aim to provide the customer with detailed knowledge of the security status of their IT systems, through periodic and automated campaigns aimed at:

– allowing the customer to have visibility of the exposure status of their systems to all known vulnerabilities;

-verifying the effective exploitation of the identified vulnerabilities, with the ultimate aim of verifying the potential impacts on the IT infrastructure and sanitizing them before a real attack.

These technologies allow you to monitor the patching level of the systems, inadequate configurations, unauthorized changes, etc. providing a series of indicators useful for assessing the level of priority with which to intervene (CVE, CVSS, CCE, VPR, ecc.).

Proposed services:

• Installation and configuration (technology deployment)
• Integration of the solution with third parties
• Automated execution of scheduled tests
• Report production and remediation prioritization
• Technical support in the remediation phase

Technological Partners:

Context:

Securing networks is the first step on the roadmap towards a secure technological infrastructure. Innovery offers specialized services based on the most advanced technologies for perimeter security and to ensure secure transmission of data within the infrastructures in the following technological areas:

• Firewall (legacy)
• Next Generation Firewall;
• Secure SD-WAN
• Intrusion Detection & Prevention System (IDS/IPS);
• Web Application Firewall
• Web Isolation
• Volumetric DDoS protection

Proposed Services:

• Support in identifying the technological solution that meets customer’s requirements
• Infrastructure design of network security
• Installation and configuration (technology deployment)
• Integration of technologies with other solutions (SIEM) and functioning monitoring (NOC and SOC context)

Technological Partners:

Context:

Security Incident & Event Management is a system that provides for the monitoring and real-time management of security events that are generated within an ICT infrastructure, providing a real-time aggregation and correlation between them in order to report anomalies ( security breaches).

Therefore, it is a fundamental component of the incidents management process also in terms of data breach, since it allows to detect ongoing attacks to promptly fix them.

Log Management systems, on the other hand, allow you to automate the process of collecting and managing logs, collected by various systems and applications, for the purposes of compliance with various regulations (Privacy, PCI-DSS, NIS, etc.).

Proposed services:

• Support in identifying the technological solution that meets customer’s requirements
• Solution design for the security events collection
• Installation and configuration (technology deployment)
• Integration of sources and monitoring of SIEM alerts (SOC context)

Technological Partners:

Context:

Public authorities and companies that provide public services reorganize their activities and services with the increasingly widespread use of ICT technologies; this makes it possible to improve the efficiency of administrative action, to reduce costs and to make services more accessible and transparent.

The key technologies for E-Government services are Digital Identity, Digital Signature and Dematerialization, they are based on biometric, Strong Authentication and Public Key Infrastructure (PKI) systems.

Innovery designs and realizes infrastructures and solutions based on public-key cryptography, biometric signature (Biosignin), digital signature (Digital Signature Suite) and time stamping (Timestamping). The proposed solutions comply with the most up-to-date industry standards and are realized with the most advanced technologies on the market. Moreover, Innovery developed its own digital signature solutions.

Proposed services:

• Analysis of the client’s operational and regulatory context
• Solution design and development for the system integration
• Installation and configuration (technology deployment)
• Technical documents for regulatory compliance purposes

Technological Partners:

Context:

Identity & Access Management (IAM) is the main starting point in each information security management system; it deals with arranging integrated solutions which allow to identify individual and components of a system and to establish when and which actions they can execute on the different company resources. Innovery is successful in solving management problems about the whole digital identity’s life cycle, offering intelligent authentication systems, based on the best technologies on the market.

With Privileged Access Management (PAM) we refer to solutions which allow to secure, control, manage and monitor the access of privileged accounts. By centralizing privileged credentials, PAM systems ensure high levels of security, access control and monitoring of suspicious activities.

Proposed services:

• Analysis of the process of customer identity management
• Solution design and development for the system integration
• Installation and configuration (technology deployment)
• Integration into the existing infrastructure.

Technological Partners:

Context:

Enterprise Key Management allows to centrally manage the cryptographic keys and, finally, to protect data. Regardless where they are, memorized or not in a database or in a file server, on a physical or virtualized device or in cloud, securing  sensitive data, securing the data avoiding their compromise.

Innovery uses the most advanced solutions for data protection through encryption, pseudonymization, tokenization techniques, integrated with key centralized management solutions.

Data Masking is a method to create a structurally similar but not authentic version of an organization’s data, that can be used for purposes such as software testing and user training. The purpose is to protect the actual data despite having a functional substitute for occasions when the real data are not required.

Proposed services:

• Data discovery and analysis of the existing data with relative classification
• Architectural design of the solution
• Installation and configuration (technology deployment)
• Integration into the existing infrastructure (File system, Database, Share Point, DMS, ecc.)

Technological Partners:

The management of ICT security requires the use of specific technologies and highly qualified personnel, able to prevent security violations through Vulnerability Assessment and Penetration Testing (VA/PT) activities. That allows to obtain a complete picture on the status of the infrastructure security and to trace an efficient Remediation Roadmap on identified vulnerabilities.

This Competence Center carries out such activity thanks to highly certified employees (CCNA Security, CCNP Security, CCIE, SANS, CISA, CISM, CISSP), using the most advanced instruments (HP Fortify, NMAP, NESSUS, Qualys) according to the best business practices and the most accredited standards of this sector (OWASP Testing Guide V.3, ANSI/ISA99 Series, NERC CIP-002 through CIP-009-, DoE/ESISAC Guidelines, NIST SP 800-02).

Technological Partners: