MicroTech Solutions S.A.L

Security Implementation Solutions

MicroTech has a unique team of cyber security professionals who can install, implement, configure, and maintain various security solutions for your organization. These solutions – combined – form multiple lines of defense, which is also known as Defense in Depth. Thus, if an attack manages to break one line, another line will catch it.

In addition, our security implementation solutions help protect your network as well as your endpoints. This is important since attackers do not rely on a single entry point. An intruder might attempt to enter through the network perimeter, but if he fails, he might attempt to hack an end user’s laptop. 

Security Information and Event Management (SIEM)

A SIEM solution is a very important technology for proactive threat hunting. It gives you a greater visibility of what is going on inside your environment. Not only that, it has the ability to aggregate multiple event logs as well as correlate different events. A SIEM will provide your security analysts with a way to catch attacks as soon as they happen or at a very early stage.

Additionally, modern SIEM solutions come with an integrated Threat Intelligence Platform (TIP) for automated response actions.

There are different SIEM vendors in the market. Our team have expertise and qualification in SIEM products from the following vendors:

  • AlienVault.
  • Splunk.
  • MicroFocus ArcSight.

Next Generation Firewall (NgFW)

Gone are the days of traditional firewalls. Currently, we deal with Next Gen. Firewalls that perform much more than allow/block IP addresses and port numbers. These firewalls can filter based on applications and even micro-applications. The following are some of the features of Next Generation Firewalls:

  • Application awareness and control.
  • Built-in Network IPS.
  • Anti-virus and Anti-spyware.
  • URL filtering.
  • Integration with AD (user and group control).
  • NAT.
  • VPN.
  • Geographic location visibility.
  • Event reporter.

Intrusion Prevention System (IPS)

An IPS is a system that monitors network traffic looking for anomalies or signs of malicious intent; and once such traffic is detected, the IPS takes the appropriate action to stop the attack. Prevention actions can blocking the IP address of the attacker, resetting the network session, replacing the malicious content with benign one – i.e., neutralizing the attack, etc.

Now, IPS systems can be integrated with NgFW – above – which makes procurement and maintenance easier as you would not need to buy multiple products, but one. However, stand-alone IPSs are still available in case there is a need for one.

Our team have the necessary expertise in products from vendors such as:

  • Cisco.
  • Sophos.
  • FortiNet.

Endpoint Security

The importance of endpoint security lies in the fact that your end users are your weakest point. That is why hackers always target end users with phishing emails and other social engineering tricks. Add to that the fact that most employees now bring their own devices to the work environment, which increases the attack surface since those devices may not well-patched.

There are two types of solutions for endpoint security. The first is Endpoint Protection Platform (EPP) which is more than a mere Anti-Virus. An EPP solution combines anti-virus with host-based IPS, and sometimes even a local vulnerability scanning engine.

The second solution is Enterprise Detection and Response (EDR) which is good for large businesses. EDR includes a centralized management of all endpoints, along with some advanced anti-malware techniques, like Sandboxing.

Identity and Access Management

When it comes to proper information security, you cannot rely primarily on traditional single-factor password-based authentication. A two-factor authentication (2FA) adds additional layer of security to user’s account. That is why you need an IAM system in your IT environment where you can configure different forms of 2FA, such as, a password with one-time pad (OTP), or a password with mobile access code.

Furthermore, if your users have multiple accounts for different services, it becomes quit hard to keep signing in and out constantly from those services. This can be solved using Single Sign On (SSO) protocols managed by an IAM.

Cloud Access Security Broker (CASB)

How do you implement Access Control across your cloud applications and infrastructures? And how do you prevent data leakage? Well, the answer lies in Cloud Access Security Broker (CASB). CASBs sit in between your cloud data and users, and it enables you to set access lists, monitor access events, prevent accidental data leakage.

We have qualified experts in the following products:

    • Cisco Cloudlock.
    • Forcepoint CASB.