IBM Resilient Security Orchestration, Automation and Response (SOAR)
Resilient implementation includes customization, playbook development, device integration for automation and orchestration, process automation.
IBM Security QRadar SIEM
QRadar SIEM Implementation includes standalone installation, distributed installation, out of box supported device integration, universal device support module (UDSM) development for unsupported devices, custom parser development, logs fine tuning, flow source integration, report fine tuning, log retention policy building, multi tenancy segregation, third party threat intel integration and reference set mapping, backup policy setting, out of the box correlation rules tuning, custom event, flow and offence rules creation, false positive tuning & high availability deployment.
IBM Security QRadar SIEM Custom Use Cases
Custom use cases includes understanding about the in-house applications architecture from application owners and developing the universal device support module (UDSM), custom parser development and then building the correlation rules based on the application logic.
IBM Security QRadar Vulnerability Manager
Vulnerability manger implementation includes standalone and distributed deployment, scan policy creation, scan profile creation, scan scheduling, populate vulnerabilities, integration with siterprotector, third party scanners integration.
IBM Security QRadar Risk Manager
Risk manager implementation includes integration with SIEM, integration with network devices, asset policy creation, compliance policy creation, Centre Of Internet Security (CIS) benchmark policy creation, attack path analysis, risk correlation rules building.
IBM Security QRadar Incident Forensics
QRadar incident forensics includes standalone & distributed deployment, PCAP appliance integration with Forensics processor, Datanode integration with PCAP appliances, PCAP integration with network TAP and Forensics investigation briefing.
IBM Security SiteProtector System
IBM Security Siteprotector system implementation includes standalone and distributed installation, Central Database integration, IPS Agent integration, QRadar SIEM integration, QRadar Vulnerability Manager integration, third party Advanced Persistent Threat (APT) Integration, central logging and reporting, secure sync configuration for Siteprotector high availability.
IBM QRadar Network Security (XGS)
IBM QRadar Network Security XGS implementation includes active and passive deployment, inline simulation, inline protection & monitoring mode deployment, Network Access, IP reputation, Intrusion prevention policy, IPS Event filter policy & SSL policy creation, open signature policy, Siteprotector integration, SIEM Integration to configure the quarantine response & Advanced Persistent Threat (APT) integration.
IBM Security Network IPS (GX)
IBM Security Network IPS (GX) Implementation includes active and passive deployment, inline simulation, inline protection, passive monitoring mode deployment, active bypass module deployment. Policy creation for Firewall, Security Event, Data Loss Prevention (DLP), web application security, response filters & connection event. Custom signature development & integration with Snort.
IBM Security AppScan
IBM Security App Scan implementation includes, Appscan Source, Appscan standard , AppScan Enterprises installation, integration with QRadar SIEM, Source Code review, automating application vulnerability testing, mitigate application security risk.
ELK for log & reporting
ELK Implementation includes standalone and distributed installation. Elastic search, Logstash and Kibana integration, log source integrations, log retention policy defining, custom parsers and Grok Filter development & custom report development.
Imperva - Web Application Firewall
Imperva Web application firewall implementation includes standalone and distributed deployment. Inline, sniffing & reverse proxy mode deployment, management appliance, integration with gateway, vulnerability scanner integration, SSL offloading, Web application firewall rules building & custom signature development, high availability deployment.
Imperva - Database Activity Monitoring
Imperva Database activity monitoring implementation includes standalone and distributed deployment, inline and sniffing modes configuration, integration with management appliance, database agent installation, compliance and database active monitoring best practices policy deployment& high Availability deployment.
Forescout Network Access Control
Forescout implementation includes standalone and distributed deployment, classification policy, clarification policy, compliance policy,802.1x policy & remediation policy creation.
Symantec Data Leak Prevention
Symantec Data Leak Prevention implementation includes Symantec DLP Network Discover, Symantec DLP Data Insight, Symantec DLP Network Protect, Symantec DLP Endpoint Discover & Prevent, Symantec DLP Network Monitor and Prevent deployment, DLP Policy implementation and Fine tuning.
Rapid7 Vulnerability Scanner
Rapid7 Vulnerability manager deployment includes Nexpose deployment,Rapid7 Appspider Scan policy definition, Metaspolit module integration, Fine tuning.
Nessus Vulnerability Scanner
Nessus vulnerability scanner implementation includes Nessus professional and Nessus manager installation, vulnerability scanning and assessment, scan scheduling, compliance check, malware detection, web application testing, patch management system integration and Agent based scanning.
Firemon Firewall Analyser
Firemon implementation includes security manager, policy planner, policy optimiser ,risk analyzer deployments. Use cases includes security assessment & cleanup, automated change process, automated compliance , risk vulnerability management and incident investigation.
Soltra Threat Intelligence Platform
Soltra threat intelligence platform implementation includes integrating financial services information sharing and analysis centre feeds and third party threat intel feeds to soltra platform, publishing theTAXII discovery URL to the TAXII Clients. Integrating the soltra with SIEM.
MineMeld Opensource Threat Intelligence Platform
Minemeld threat intelligence platform implementation includes creating miners to retrieve the feeds from third party threat intelligence sources, publishing theTAXII discovery URL to the TAXII Clients. Integrating the Minemeld with SIEM.
Fireeye Web, Email & File MPS
Fireeye Malware Protection System implementation includes Fireeye management centre, Web MPS, Email MPS and File MPS deployment and fine tuning.
QRadar SIEM Application Extensions
QRadar Custom app development includes , integrating custom application, adding custom application menu in QRadar SIEM console, adding custom dashboard menu, adding custom menu in Log activity tab. Custom use cases for the Application.
We do provide customized training on following products & topics.