Switzerland

Back to Search

International Partner Search

Innovation & Technology Offer

Cyber threat management services platform

Country of Origin: Greece
Reference Number: TOGR20160411001
Publication Date: 13 November 2017

Summary

An experienced, medium-sized, Greek IT Security company offers a platform and services for the early detection & response against cyber-threats. The platform uses self-learning function and achieves a high degree of succes against potential threats. The company is looking for IT Security companies, IT/Network integrators, consulting firms for commercial or services agreement with technical assistance provided.

Description

A medium-sized Greek IT security company offers a platform & a service portfolio that allow clients to prepare in advance, detect early and respond effectively to advanced cyber threats. The company has 15 years’ experience of developing sophisticated security solutions that defend against advanced threats. Since 2003 it has been offering a cyber-attack simulation service, well before the problem (and the hype) surfaced globally. With 99% compromise rate against hardened IT environments of global, high-end clients, it is in a unique position to know the limits of existing defenses and how to improve upon them. This distinctive insight has driven it to develop a user behavior analytics platform, complemented by a niche portfolio of managed and professional security services focusing on early compromise detection and response against advanced threats.

The user-behavior analytics platform uncovers stealthy cyber-attacks that remain undetected by traditional security solutions. Machine learning and data science enable it to build adaptive profiles of learned normal behavior and detect baseline deviations and complex, never before seen, covert activity. It provides advanced visualization of threat activity and prioritized risk scores along with a complete toolbox for fast and intuitive investigation of the suspicious activity that poses the highest damage potential. Comparing to the competition, it is currently the only user-behavior analytics platform for web activity data. Therefore, it is more advanced than basic beaconing and pattern detection approaches employed by other tools. The system detects command & control communication, which is always there in a cyber-attack. This approach allows for early compromise detection, well before the “account takeover” and “lateral movement” stages of a cyber-attack. This gives IT teams more time to respond, while having the tools do so faster and more effectively. Additionally, it analyzes proxy log data. This makes it ideal for managed service or SaaS (System as a Service) deployments, which only require a single (virtual) log collector on-site. The platform also provides advanced security incident management. It transforms incident response from an often manual, ad hoc process, to an automated process with workflows and knowledge-base articles.

The service portfolio includes managed security services which aim to reduce the cost and the time it takes to detect and respond to a security breach.

A continuous real-time threat management which is monitoring of the logs and alerts generated by a company’s security infrastructure. The advanced intelligence platform correlates the events generated by the infrastructure of the client and provides the right information and visibility in order to analyze the alerts and set apart any false positives. The experts of the company will identify the real malicious activity, alert the security team of the client and provide recommendations for immediate remedial actions. At client’s request, remedial actions can be performed by the company.

A security information and event management service for the certified security professionals of the company using internal and industry best practices. The client can use immediately a plethora of internally developed use cases, as well as customized use cases to match a specific environment.
The company provides also cyber-attack simulation services. The main objective is to close the gap that both the network and application penetration testing services leave behind. This service is a real-world, targeted cyber-attack with methods adopted by professional attackers that battle-tests people, procedures and systems.

The company is interested in commercial or services agreement with technical assistance. The scope of the collaboration is to apply the advanced tools of the Greek company for IT security protection, and the type is depending of the recipient (IT company or end-user).

Advantages and Innovations

The platform carries a lot of innovations and advantages. Some of the most important are:

The internally developed security analytics allows the platform to automate the proactive threat hunting process. This provides the security teams with the means to hunt and track down hard-to-spot malicious activity with great success.

Self-learning function which automatically builds adaptive profiles of learned normal behaviour and detects deviations and complex attack patterns against large sets of data over time.

Embedded offensive & defensive expertise encapsulates the insight of the company into targeted cyber-attacks gained through hundreds of simulations over the last decade. Analytics modules leverage the extensive knowhow on attack tactics, techniques & procedures. Along with the ongoing research by the company’s threats labs into new evasion and attack techniques.
Security analytics is an agent-less solution, it consumes existing proxy logs and can also leverage data from third party security sensors. This means a minimal footprint inside the network.

Stage Of Development

Already on the market

Stage Of Development Comment

The platform is at a mature stage of delivery. Indicative, selected EU clients of the platform & managed security services include:

- Bank (Revenue €6billion, 20000 Users)
- Plastics/Chemical Manufacturer HQ (Revenue €7billion, 1000 users)
- EU-state’s clearing house that serves and clears electronic payments
- EU-state’s local operations of Fortune 500 telecom operator (Revenue €710 million)

Requested partner

The company seeks a local partner with the intention of technical collaboration towards the provision of advanced security services.  The following partner profiles are sought:
1) IT Security companies or consultancies for the user behavior analytics platform. The collaboration will be commercial with technical assistance.
2) Managed security services providers that want to add advanced threat detection capabilities. Services agreement is sought.
3) IT/security integrators without managed services and no advanced security capabilities. Services agreement is sought.
4) IT/network integrators with managed services but no advanced security capabilities. Services agreement is sought.
5) Resellers of IBM Security QRadar interested in using the platform. Services agreement is sought.
In any case, the managed security services may include a range of ancillary services where a local partner can play a vital role depending on the requirements (eg in country hosting, system HW/SW maintenance for on-premise installations, etc).

Cooperation offer is closed for requests