Enterprise

CLYST.IT Team with its domain expertise is capable of delivering Enterprise class customized solutions. We have worked in Telecom backplane network for real-time packet handling for Cyber Security aspects. Apart from Cyber Security , our added expertise in Linux/Unix platform, or Open-Source as it is commonly known, makes our IT solutioning expansive. There is no Technology or solution component which is not available in Open-Source. In fact, there are many Enterprise grade premium products, which were started as GNU license and then went on to become the Enterprise class Products that they are now. So all in all, we deliver a very easy to embrace inexpensive Solutioning with our vast knowledge of cross platform Integration.

SOC as a Project

MySOC-by-Clyst-4online-compressed.pdf

SIEM - The heart of a SOC

People often confuse a SIEM solution as a SOC offering by default, since it solicits the critical assets in formation to determine the sizing of a commercial Security Information Event Management (SIEM) solution. Where as a Security Operating Centre is much more than a regular SIEM can provide, though it forms the"core" of the entire solution.It's imperative, you have to be careful while choosing the heart of a SOC solution, which are available commercially,as well as manypickn choose Open Source variants.

Choosing"In-house"or"Outsourced"SOC

One of the important aspect of SOC solution is tohave an in-hous managed SOC or getting SOC services from a MSP.There could be prosand cons of both the options,wel eave it up to you if you wish to get into "building and investing in tools and resource and maintain them,interms of renewal of commercial tools "and" hiring-firingo fcriticalSOC resources"or"simply look at trusting a experienced MSP who can offergreat 24x7 or 9 to 9 kind of services and always available on call".Just remember, the MSP offer could be "on- cloud "or" on-premise" depending on where the heart lies.

We at Clyst.IT Services can help you set-up SOC in your own premise, or we do end-to-end services on-prem or on-cloud.

Choosing the SIEM

Few main features to look for in aSIEM

. Ability to Manage and correlate logs Apt

. Log time lines with correlation

. Threat Intelligence and analytical capabilities

. Option of On-premise and On Cloud

. Forensic capabilities

. Very good reporting

Commercial viability depends on whether a solution offers SaaS based model, else an on premise solution will have high Capex.

On-Cloud option proves to be economical for initial adoption, but you should look for regionally hosting Cloud capabilities to take care of GDPR like Country specific Data Privacy laws.

Setting up other tools...

SOAR-Security Orchestration, Automation & Response One of the key integration for a present-day SOC is to have integration with a SOAR platform, to maintain the Security posture vis-a-vis your Firewall/Core of the network and create auto-mitigating rules and controls to thwart an attack.

This again could be "Commercial" or "Open-Source". Most of the SOAR solutions will have their own SIEM offering and is bundled with it.

THREAT INTELLIGENCE

Correlating logs and events with Threat Intelligence Databases, which are available as free and paid category.

Threat Intel database information helps mitigate impending attack, as network can circumvent such risk addresses. Many Commercial Threat Intels are part of their overall offering and most of them can be used as feeds in your SOC.

XDR / EDR

End-point Detection & Response, integration ensures the network assets are part of the new Security gamut. XDR, adds much more wider view integrating Secuirty across cloud computing, email and other solutions, not just end- points

FIM - File Integrity Monitor

File integrity monitoring (FIM) refers to an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted.

Ticketing System Integration

The key to proactive monitoring is to have timely alerts, with record and the required audience for apt response, this is where the Ticketing System integration comes into play.

SLACK Integration

Slack integration helps in better responsiveness to the alerts. Faster, better organised and secure communication.

Advance Security Integration

The same SOC set-up, can be used for more advance integration of latest cybersecurity technologies like Deception, Honey-pots and and more imminent solutions.

Open-Source Security

Download-Whitepaper(Clyst-OpenSource-Profile.pdf)

OPERATING SYSTEMS (INSTALLATION, CONFIGURATION, SECURITY, ADMINISTRATION)

CentOS Linux Debian GNU/Linux Fedora Core FreeBSD, NetBSD, OpenBSD, BSDi Red Hat Linux, Enterprise, Advanced Server, Workstation Slackware Linux SuSE Linux, Enterprise Linux, Enterprise Desktop Ubuntu, kubuntu, edubuntu, xubuntu VMware ESX, ESXi, vCenter Server

NETWORK SERVER CONFIGURATIONS (ALL PLATFORMS)

Authentication (389, OpenLDAP, RADIUS, etc) Domain Name Services (DNS and BIND) Email Servers (SMTP, POP3, IMAP, Webmail) Firewalls - iptables, PF Internet Routers Network File and Backup Servers Network Monitoring Services - Nagios, Centreon Network Router Services Print Services Virtual Private Networks (3DES, IPSEC, PPTP, SSL) Webserver and Hosting Server

SUPPORTED SOFTWARE (LINUX AND ALL UNIX)

Apache Web server/Reverse Proxy Nginx Web server/Reverse Proxy BIND for pri/sec DNS servers Bugzilla ClamAV Anti-Virus software cPanel Control Panel DansGuardian web content filter EXIM mail server Fail2Ban FreePBX Open Source PBX platform GeoIP GnuPG key servers and PGP interop Kerberos, krb5 LDAP authentication, servers, apps lighttpd HTTP Server Linux Router Software Logwatch mailman mailing list software Network File System (NFS) Odoo Setup and Configuration Openswan OpenVPN Oracle PAM on Linux

Paralells Plesk Control Panel PoPToP as a PPTP VPN server Portsentry Postfix Email Server PostgreSQL, MySQL, and Oracle 8i pppd, mlppp, slip, diald ProFTPD, vsftpd, FTP, and wu-ftpd qmail Quagga RkHunter Samba, smbd, nmbd Sendmail ucd-snmp and other SNMP monitors Snort, Snort with netmap Squid proxy server SpamAssassin Suricata, Suricata with netmap, Suricata with af-packet Suricata + Barnyard2 + snorby + ELK Stack Tomcat Tripwire Winbind WordPress XOrg windowing system Zebra Zimbra

SIEM (Security Information Event Management)

Graylog SIEM (Professional) ELK Stack (Elasticsearch, Logstash, Kibana) Alien Vault

PFSENSE / OPNSENSE

Network Design & Integration Design & Configuration Review and Validation Firewall Migration & Replacement Software Upgrade & Platform Migration Technical Design Authority & Implementation Health Check Security Hardening Configuration Verification

LINUX KERNEL AND DISTRO

Linux kernel config and compilation

Linux kernel hardening

Linux from Scratch (LFS) Hardened LFS

Customized kernel for FreeBSD Customized distro using Yocto Project

Open Source INTelligence

CyberSecurity Risk from OSINT

OSINT stands for Open Source Intelligence, or to simply put any Information which is publicly available to anyone on Internet or information which could be gained through Social engineering. And we are talking of lot of simple looking yet critical and confidential information out there which could be exploited to cause Cyber risk to an organization or an individual representing an organization.

A very good example of an Individuals OSINT could be someone trying to peek into the Surveillance system (assuming there is not much of Security and everyone has access to it) of a premise to know when a person/'s are coming in and going out and what are their routines, what vehicle they drive, or to know where they are on vacation currently based on their Social networking updates.

Similarly, an Organization also has lot of information easily available, Eg. Website or with a little effort find if any compromised information is available on Dark or Deep dark web.

Deception as a Service

Clyst-Managed-Decption-Services.pdf

As they say, "Deception is best form of defense", so what better than luring Hackers into a falsely created network infrastructure asset and blocking them out totally.

We have worked on "The HoneyNet Project" an open-source which helps in creating the deception within and external to your network.

As for Commercial adopters, we have Technology tie-up with Attivo Networks, who are experts in the domain and along with them can provide you "DaaS", Deception as a Service.

Please refer our document on the same in Resource Section