Security information and event management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources. The core capabilities are a broad scope of log event collection and management, the ability to analyze log events and other data across disparate sources, and operational capabilities (such as incident management, dashboards and reporting). SIEM has become a core security component of modern organisations. The main reason is that every user or attacker leaves behind a virtual trail in a network’s log data. SIEM systems are designed to use this log data in order to generate insight into past attacks and events. A SIEM system not only identifies that an attack has happened, but allows you to see how and why it happened as well. While there is little doubt that SIEM solutions are critical for compliance, security monitoring or IT optimization, it is getting harder for organisations to find the right product for their needs, especially given the number of solutions available and the different options for implementation (i.e. software, hardware, cloud, outsourced, co-managed, etc.).

Our qulaifed SIEM engineers and security analyst can provide suport in the implemenation and configuration of a number of SIEM vendors. We can provide onboarding of devices and data sources through the use of regular expression (regex) and also provide support in SIEM content developments, such as use cases with playbooks, custom dashboards and reports.

With the enormous range of security products available on the market, picking the right one for your company can be a daunting task. You want the best possible solution and you want to make use of your existing products and technologies to avoid additional costs and complexity.

Adsec Solutions holds the highest level of certifications and accreditations with a broad range of industry leading IT security partners, and is therefore able to not only design the best solution to meet your unique requirements but also integrate and manage these solutions at any client site.

Every environment is unique, and our Security Integration Services focus on utilising your existing technologies and recommending the optimal cyber security technologies for your company.

Our consultants will analyse your existing infrastructure and make recommendations on what we feel is the best solution for your environment and on any issues your organisation may be experiencing. We provide assistance in the form of value added workshops at the planning stage of any project in order to design the best solution and identify any potential issues that may be encountered with the deployment. The required functionality of your security posture, the deployment methodology and any risks that are involved to your business will be discussed and any limitations or assumptions will be identified and clarified. Timelines and expectations of the project will also be noted in a succinct project plan. We understand that each project is unique and so we take into account the size of the company, network, complexity and your organisations security policies and together decide on the best fit for your requirements.

Effective and advanced training programmes give your staff the knowledge and skills to understand and defend against constantly evolving threats and cyber-attacks.

Adsec Solutions offer a variety of technical training courses ready-made, as well as bespoke training courses tailored to specific needs. Each course is available at various levels of difficulty.

A summary of each course is below:

Windows Operating System Security Training

Windows is the world’s most popular operating system and as such has a number of interesting security-related advantages and challenges.

This course introduces students to the security aspects of Microsoft Windows. The class begins with an overview of the Microsoft Windows security model and some key components such as processes, drivers, the Windows registry, and Windows kernel. An overview of the users and group permission structure used in Windows is presented along with a survey of the attacks commonly seen in Windows environments. Patching, networking, and the built-in security features of Windows such as the firewall, anti-malware, and BitLocker are all covered in light detail.

Learning Objectives

• Understanding of the Windows security model and its key components.  Introduction and best practice recommendations for using and configuring users and groups.
• Overview of the the Data Access Control technology in Windows Server 2012 /2016.
• Survey common attacks seen in a Windows environment.
• Understanding of the Microsoft update and patching process

Network Security Training

Almost every organization uses computer networks to share their information and to support their business operations. When we allow network access to data it is exposed to threats from inside and outside of the organization. This course examines the threats associated with using internal and external networks and how to manage the protection of information when it’s accessible via networks.

This course gives you the background needed to understand basic network security. You will learn the about Local Area Networks, TCP/IP, the OSI Framework and routing basics. You will learn how networking affects security systems within an organization. You will learn the network components that guard an organization from cybersecurity attacks.

Learning Objectives

• Describe the threats to data from information communication technology (ICT)
• Identify the issues and practices associated with managing network security
• Identify the practices, tools, and methodologies associated with assessing network security
• Describe the components of an effective network security program

Threats and Attack Techniques Training

The threat from cyber attacks and malicious software (malware) is constantly evolving. New threats continue to enter the market as existing actors’ operations grow more sophisticated. Part of the danger comes from changing business practices.

The only way to successfully face down this challenge is through building organizational cyber resilience. The first step of malware protection is to know your enemy. This course will explore how to prevent malware attacks by helping you to recognize them.

You’ll learn about common types of malware attacks and different malware strategies, illustrated with case studies of malware attacks in action. You’ll further become familiar with modern malware families, gaining a structural understanding to help you keep pace with evolving threats.

Security Operations and SIEM’s Training

In this SIEM training course, you will learn the basics of a Security Information Event Manager (SIEM) and why these are used in a security operations center (SOC). SIEM software solutions detect threats using real-time reporting and analytics of security logs and events. Take this course to learn how to reduce the impact of security breaches.

What Are the Benefits of Using SIEM Tools?

SIEM software solutions are a powerful way to detect threats using real-time reporting and analytics of security logs and events over time. These tools are extremely useful when it comes to the security of an organization, regardless the size of the company.

Additional benefits of SIEM tools include:

• Increased efficiency – Using SIEM tools enables IT and cybersecurity professionals to identify and respond to potential security threats and weaknesses faster.
• Reduced impact of security breaches – Because IT staff is able to identify threats in the early stages, the threat may never eventuate. However, if it does, it can be identified and dealt with before the organization suffers serious outcomes.
• Reduced costs – reducing the impact of threats, or preventing them altogether, can reduce the costs associated with security breaches.

Threat Hunting Training

Threat hunting can be defined as a practice or process designed to help find adversaries hiding in an organisation’s network before they can execute an attack or fulfil their goals. Unlike most security strategies, threat hunting is a proactive technique that combines the data and capabilities of an advanced security solution with the strong analytical and technical skills of an individual or team of threat hunting professionals.
Threat hunting is a different activity from either digital forensics or incident response (DF/IR). The purpose of DF/IR methodologies is to determine what happened after a breach has already come to light. In contrast, when a team or individual engages in threat hunting, the aim is to search for attacks that may have already slipped through the organisation’s defensive layers.

The course will provide you with the skills and knowledge to proactively hunt for threats in your environment (networks and endpoints). The course will train you to develop a hunting mentality using different and modern hunting strategies to hunt for various attack techniques and signatures.

Threat Intelligence Training 

In today’s cyber security landscape, it isn't possible to prevent every attacks. Today’s attackers have significant funding, are patient, sophisticated, and target vulnerabilities in people and processes as well as technologies. With organizations increasingly relying on digitized information and sharing vast amounts of data across the globe, they have become easier targets for many different forms of attack. As a result, every company’s day-to-day operations, data and intellectual property are seriously at risk. In a corporate context, a cyber attack can not only damage your brand and reputation, it can also result in loss of competitive advantage, create legal/regulatory noncompliance and cause steep financial damage.

Today’s secure environment will have vulnerabilities in it tomorrow, so an organization cannot allow itself to become complacent. There is only so much an organization can do by defending itself against threats that have already occurred. If an organization only reacts to new threats as they come up, are likely acting too late. It is important to understand and prioritize cyber threat intelligence processes, and how they can be integrated into an organization’s security operations in a way that adds value.

Cyber threat intelligence (CTI) is an advanced process enabling organizations to gather valuable insights based on analysis of contextual and situational risks. These processes can be tailored to the organization’s specific threat landscape, industry and market. This intelligence can make a significant difference to organizations' abilities to anticipate breaches before they occur. Giving organizations the ability to respond quickly, decisively and effectively to confirmed breaches allows them to proactively maneuver defense mechanisms into place, prior to and during the attack.

In this course, we will introduce you to the 6 phases of threat intelligence:

• Hunting - The goal of hunting is to establish techniques to collect samples from different sources that help to start profiling malicious threat actors.
• Features Extraction - The goal of Features Extraction is to identify unique Static features in the binaries that help to classify them into a specific malicious group.
• Behavior Extraction - The goal of Behavior Extraction is to identify unique Dynamic features in the binaries that help to classify them into a specific malicious group.
• Clustering and Correlation - The goal of Clustering and Correlation is to classify malware based on Features and Behavior extracted and correlate the information to understand the attack flow.
• Threat Actor Attribution - The goal of Threat Actors is to locate the threat actors behind the malicious clusters identified.
• Tracking - The goal of tracking is to anticipate new attacks and identify new variants proactively.