What is it?
Through the Threat Mitigation services the attack surface of an organization is reduced, always using the minimum privilege, and creating a hostile environment that prevents free movement to any malicious actor that penetrates the network. This way, any initial foothold that an attacker could achieve cannot be used to extend and amplify its impact, giving time for the Incident Response team to erradicate the threat.
Applying the principles of reduction of the attack surface, minimum privilege and using the defense in depth model, we offer recommendations aimed at increasing the level of security of the assets and networks of the organization.
As part of the protection of Windows environments, the technological core of most organizations, we are particularly interested in hardening the Microsoft Active Directory (AD) deployments, since malicious actors often take advantage of configuration errors in this environment to achieve privilege escalation and thus gaining access to the most critical assets and information.
Depending on the capabilities and maturity level of the client, the Zerolynx team will help the security teams to deploy an adaptive defense model that will include both traditional preventive solutions, such as antimalware technologies, firewalls, IPS and SIEM systems, and more advanced solutions based on machine learning, such as EDR technologies, and services such as Threat Hunting, with the aim of increasing the Detection and Response capabilities of the organization.
Below, our main services for threat mitigation are listed:
Having reliable operating systems and applications is of the utmost importance, since they support the daily operations of hundreds of people and, therefore, are the main source of infection and general problems. We help you designing safe templates for your operating systems, with the appropriate configurations and applications to guarantee the highest level of security, without affecting their performance. We work with the main operating systems of the market: Windows Server Systems, Windows and Mac OS workstations, Unix / Linux Servers and workstations, and Android/iOS Smartphones and Tablets.
Segmentation of environments & DMZs
Proper network segmentation is essential to avoid unauthorized access. Networks must be isolated and separated by VLANs depending on the business and the need to know inside each department. Also, perimeter protection solutions, as firewalls, must be deployed to analyze and block threats that travel from outside the network, or between different internal networks. The correct implementation of all these elements will set the basics for the general security of the organization. Any possible focus of infection in a subnet would be controlled and quickly erradicated, without being able to spread to the rest of the network, and thus protecting it from common threats such as ransomware.
Integration of security solutions
- Data Loss Prevention Technologies (DLPs)
- Firewalls and proxies
- SIEM & Threat monitoring and correlation systems
- AntiVirus, AntiSpyware & AntiRansomware solutions
- Technologies for detection of APTs
- Encryption software and appliances
Acronym of Secure Software Development Life Cycle, is a process to implement cybersecurity in the entire software development life cycle, adding security activities from the the very first stages as the product design to the latest stages of the product, as the release and decomission. In an SSDLC process we help you through all the security activities: implementing safe development methodologies and technologies, supervising the functional analysis and technical designs, training your staff in the secure development of software components, creating new security unit and integration tests and advising in the proper ways to upload and move code within the different development environments: QA, preproduction, production, etc.
Awareness & Training
- Simulation of phishing and spam campaigns
- Simulation of physical and logical intrusions
- Intrusion simulation at the network level
- Simulation of malware attacks
- Simulation of DDoS attacks
- Simulation of information leaks
- Simulation of hacktivist attacks