YOUR UNIQUE PARTNER FOR
Through our strong experience in penetration testing, we devote a lot of energy to analyzing the traces left by attackers on an infrastructure. Based on this experience, we believe that effective monitoring of the Windows infrastructure is a key factor in detecting malicious activity in the enterprise.
Thus, to provide effective detection and warning capabilities, SCRT offers its SIEM solution focused primarily on suspicious behavior in the Windows environment. In addition, to get the most out of the logs, a robust, centralized log collection infrastructure must be installed.
To support this approach, SCRT chose Splunk Enterprise, deployed in the customer environment, enabling integration with its infrastructure and providing all the power needed to ingest and analyze data and then display valuable information for anomaly detection.
In addition to Splunk, take advantage of SCRT security apps for Splunk, bringing use cases and predefined and relevant dashboards.
SCRT proposes an architecture that has been designed around the following 3 modules:
- Basic SOC infrastructure management
- Security monitoring and incident response
- Forensics Analysis
This monitoring infrastructure will then be made accessible – via secure channels – to SCRT’s team of analysts, in charge of its operation from our premises (Switzerland).
Our security operations center is made up of several teams involved in specific activities such as support, SOC, and incident response.
The incidents reported by the surveillance infrastructures installed at our customers are firstly filtered by a first level of analysts, in order to exclude false-positives and to collect information relevant to the investigation of the incidents proving to be justified. . These incidents are then transmitted to the second level for investigation and analysis.
Our customers have access, at all times, to the details of their incidents and the actions taken to deal with them as well as the ability to interact with SCRT analysts working on them.
As a preferred security partner, when we confirm an incident as malicious, we will obviously provide you with specific remediation tips as well as comprehensive security recommendations to avoid future occurrences.
Our Forensic Incident Response and Support Service includes several post-incident operations such as evidence gathering, malware scanning, and containment and support proposals.
You can get additional details on IRFA in its dedicated section.