“End to End” Security Framework
Our Framework is a methodological framework that allows us to manage threats associated with Cybersecurity, based on the Client’s business objectives and transforming Security into an enabler for new opportunities and digital transformation.
Governance, Compliance
and Risk
Within the scope of GRC, we analyze the needs, gaps and risks associated with the Client’s business, through its processes and technologies. We define an E2E security strategy that guarantees an acceptable level of risk and resilience. We implement the necessary controls, ensuring compliance with regulatory and business obligations.
Digital Transformation
Security Engineering translates the Security strategy and controls into infrastructure, agnostically supporting the selection of Technologies and the implementation and development of the necessary capabilities to establish a defense Infrastructure. All this work provides the Visibility necessary for adequate Security Management.
Management and Detection
We perform E2E Management of Security infrastructures in a modular manner, detecting and identifying vulnerabilities, threats and attacks in advance and automating processes for their correct execution. We also apply the intelligence acquired in our global environment to the daily processes of all our clients.
Response and Recovery
In the event of an attack or information leak, it is essential to have a Response team in place to control the environment and/or the Incident, correct vulnerabilities and finally restore operational normality. Subsequent investigation of incidents allows for the necessary evolution of processes and environments.
Strategy
Development
Operation, Processing
Governance, Risk and Compliance
Companies need to act with a GRC vision with the ability to achieve objectives reliably, while addressing uncertainties and acting with integrity and agility. Acting strategically to manage an organization’s overall governance, enterprise risk management and regulatory compliance allows our clients to have a considerable competitive advantage.
Areas such as internal audit, compliance, risk, legal, financial, IT, HR, as well as business lines, executive suite and the board of directors need to act in an integrated manner to ensure that the process is as assertive as possible, mitigating and making agile strategic decisions, allowing business objectives to be achieved and not suffering negative impacts during their operation.
Analyze
ISMS Assessment and Maturity Level
Risk Assessment
Technological Environment Assessment
Privacy Assessment
/ LGPD / GDPR
ISO27001 Assessment /
PCI-DSS / NIST / CIS / Others
Define
Security Strategy / PDSI
Risk Management Strategy and Model
Business Continuity Strategy
Privacy and Compliance Strategy
Cybernetic Resilience Model
Implement
Information Security Management System
Risk Management Model
Business Continuity Policy and Processes
Compliance and Governance Systems for Data Protection
Comply with
Security Policy and Procedures
Risk Management Policy
Business Continuity Plan
Sectoral and Regulatory Regulations Business
Strategy
Digital Transformation
The accelerated pace of your digital transformation based on the adoption of cutting-edge technologies such as cloud/edge computing, Big Data and the Internet of Things (IoT) requires a strategic vision aligned with business objectives.
The automation of cybersecurity solutions in conjunction with the management strategy is essential to deal with the growing number of cybersecurity threats, and can be complemented with machine learning systems, capable of detecting attack patterns and enabling rapid actions to contain incidents and/or identified risks.
Engineering
Definition of Security Architecture
Development of Operation Models / Managed Security
Development of SecDevOps Framework
Cloud Security Strategy
IoT / OT Strategy
SASE
Secure Access Service Edge
Technologies
Endpoint Security
EDR / XDR / MDM / MDR
Aplication Security
WAF / AntiSpam / …
Networking Security
ADDoS / Proxy / DNS / Etc.
Perimeter Security
NGFirewal / IPS / IDS / …
SIEM – SIEMaaS
UEBA / UBA
IAM – Identity &
Access Mgmt
Development
Implementation and Migration of Technologies
Technology Integration
Fine Tuning and Optimization
Automation
SOAR
Playbooks & Runbooks
Visibility
KPIs / SLAs / SLOs
Dashboards
Security Feed
Development
Operation & Monitoring
The security operations department (SOC) is responsible for the continuous monitoring and analysis of an organization’s security events and actions. The goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of manual and automated processes, working in conjunction with organizational incident response processes to ensure that security issues are addressed quickly in the event of crises and incidents.
Management
Managed Security
Policy creation and management
Rules creation and review
Availability monitoring
Event and alert correlation
Automation
Processes and procedures
Alerts and notifications
Playbooks & Runbooks
First-level response
Development of incident scenario tests
Detection
Zero Day Attack
Advanced and Persistent Attacks
ADDoS Attacks
Unauthorized use of the brand
Data Leakage & Credential Theft
Fake Websites and Apps / Phishing
Vulnerability Scanning
Intelligence
Threat Hunting
UBA / UEBA
Sectorized Attacks
IoC / Feeds
Threat Intelligence
Operation, Processing
Response & Recovery
A robust vulnerability and risk management process combined with Response and Recovery processes provide a defined framework for our clients to prepare for possible security incidents. These processes are supported by the management and operations area, providing an efficient overview of the processes and procedures that need to be carried out quickly in times of crisis.
Respond
Incident Response Plans
Policies, Standards and Legislation
Training and Qualification Plan
Monitoring Tools
24×7 Team
Incident Response
Communication Plan (Customers, Employees and Suppliers)
Correction
Asset and Application Mapping
Threat and Vulnerability Management
Mobile, Infrastructure and WEB Environment Review Plans
Access Control Plan and Review
Patch Management
Recover
Mobile, Infrastructure and WEB Environment Recovery Plans
Communication (Customers, Employees and Suppliers)
Periodic Testing
Investigate
Forensic Expertise
DFIR
Security Event Correlation
Identify Suspicious/Critical Events
Continuous Monitoring System
Plans and procedures for detecting incidents
