If the client does not have a dedicated team or wants to outsource the monitoring services, certSIGN provides SOC (Security Operations Center) services, using its own SOC. certSIGN is one of the first private companies that have invested in this field in Romania, has extensive expertise and owns the first private CERT in Romania, named certSIGN CERT, accredited as Trusted Introducer since February 2015.

The provided services:

• IT infrastructure monitoring;
• system cyber security monitoring (based on SIEM solutions);
• alert services.

To answer the questions: “What are we protecting ourselves with?”, “How do we monitor the proper operation of the protection measures?”, “How do we monitor the operation of services?”, certSIGN provides proactive services that include services for implementation, operation and support for protection technologies and monitoring at the client’s premises (client’s infrastructure). The technologies within this field are:

• Asset management solutions (active IT HW / SW management, user management, patch management, configuration management);
• Vulnerability management solutions;
• Log management solutions (centralized purchase and management of log events collected from equipment and applications, log storage in compliance with the security policy);
• Network security solutions (Perimeter network protection, Network access protection, Wireless network protection, Firewall / NGFW / UTM solutions, IDS / IPS, VPN security, Wireless Networks – WiFi);
• Data security solutions (certSIGN and third-party products);
• Endpoint and mobile device security solutions (Endpoint and mobile security, Endpoint managed security, Mobile managed security, UEM);
• Communications security solutions (Mail server security, T4M);
• Solutions to ensure operational IT and security monitoring (SIEM and ITSM solutions).

Privileged Access Management (PAM) refers to solutions that help secure, control, manage and monitor privileged access to critical assets.

To achieve these goals, PAM solutions typically take the credentials of privileged accounts – i.e. the admin or root accounts – and put them inside a secure repository (a vault) isolating the use of privileged accounts to reduce the risk of those credentials being stolen / lost/ used fraudulently. Once inside the repository, sysadmins must go through the PAM system to access their credentials. With PAM solutions they are authenticated, and their access is logged.

By centralizing privileged credentials in one place, PAM systems can ensure a high level of security for them, control who is accessing them, log all accesses and monitor for any suspicious activity.

certSIGN provides Wallix solutions to help organizations maintain complete control and visibility over their most critical systems and data. A robust PAM solution ensures that all user actions, including those taken by privileged users, are monitored and can be audited in case of a security breach.

Network traffic analysis (NTA) is the process of intercepting, recording and analyzing network traffic communication patterns in order to detect and respond to security threats. NTA uses a combination of machine learning, advanced analytics and rule-based detection to detect suspicious activities on enterprise networks. NTA tools continuously analyze raw traffic and/or flow records to build models that reflect normal network behavior. When the NTA tools detect abnormal traffic patterns, they raise alerts.

Key features::

• Broad network traffic visibility’
• Encrypted traffic analysis;
• Entity tracking;
• Comprehensive baseline for network traffic;
• Detection and Response.

certSIGN provides Vectra Cognito Detect for NTA processes, also employed in our MSSP services. Cognito Detect automates the hunt for cyber attackers, shows where they’re hiding and tells you what they’re doing. The highest-risk threats are instantly triaged, correlated to hosts and prioritized so security teams can respond faster to stop in-progress attacks and avert data loss.

To meet the needs of SME clients that generally manage less complex IT infrastructures, certSIGN has developed a standard solution called Cyber-In-A-Box, a solution that can be tailored to the specific needs of the client.

The certSIGN concept on cyber security for SMEs includes 3 levels:

• Basic Protection or Cyber Hygiene – which includes providing the minimum protection measures that no client should overlook (firewall perimeter network protection, IPS, antimalware protection, backup solutions, user and access rights management, user training);
• Cyber security management – which includes providing information and visibility over the client’s assets, existing vulnerabilities, behavior and events occurring within the equipment and system operation, by managing log-type events;
• Monitoring, alerting, security incident response – CSIRT services.

If the Basic Protection level is achieved at the SME level, usually using their own IT departments, the upper levels are generally missing or are superficially treated.

Cyber-In-A-Box aims to add cyber security management capabilities to SMEs by using a turnkey solution that ensures:

• Asset management – What do we protect?
• Vulnerability management – How vulnerable are we?
• Log management – What happens within our network?

This solution is also a necessary element from the point of view of the specific audits compliant with the incident legislation, the 3 managed elements being the common element investigated by any auditor.

As the size of the networks and the services offered differ at the SME level, the Cyber-In-A-Box solution is adaptable, the level of licensing of the included applications being tailored to the client’s needs.

certSIGN provides the solution tailoring and delivery, according to the needs of the client, as well as services to correctly operate the implemented solution, periodic reporting and support in the case of security audits using the provided solution.