services

Security Operation Centre as a Service – SOCaaS

 

With the development of Cloud Computing, businesses have faced new security challenges and the need to address them quickly and efficiently. bitsec together with strategic partners offers a high level of security service. SOC as a service is designed for organizations that want to get instant information about what is happening in their internal network infrastructure as well as in cloud systems. As a result, through our service you will be able to respond immediately to impending threats.

What does SOC-as-a-Service mean?  

SOC – considers the services of the Managed Security Operations Center, within which we, together with representatives of leading security organizations, will use cloud technologies to provide you with information about illegitimate events in your infrastructure.

bitsec SOCaaS focuses on identifying potential threats to corporate networks, such as events as well as subjects (including hackers, malware, employees who knowingly or unknowingly seek out confidential information that is not intended for them). With the help of our international partners and the high level of security tools developed by them, we enable Georgian companies to significantly enhance the level of security of their infrastructure.

Among our services are:

  • Respond to computer incidents and support the incident management process;
  • Web Application penetration testing;
  • Internal and external network infrastructure audit;
  • Network devices configuration audit;
  • Phishing simulation service;
  • Cloud technology-based anti-spam service;
  • Cloud technology-based WAF service;
  • Local or cloud-based Firewall / IPS service;
  • Cloud technology-based EndPoint protection service;
  • Cloud technology-based Mobile device management system;
  • Cloud technology-based SIEM system;
  • Cloud technology-based Safe DNS service;
  • Awareness rising trainings;
  • Information Security Incident Insurance Service;

 

 

 

 

Information Security as a Service – ISaaS

 

Ensuring cyber security is one of the most important issue of modernity. Implemenation of information security and other management systems helps to increase the quality of business and its continuity, as well as reduce risks.

To deal with the above mentioned challenges, bitsec offers the implementation of management systems, auditing these systems and various trainings related to different management system. Information Security (IS), as a service, is designed for organizations that aim to implement management systems to improve the quality of service delivery, ensure the protection of information assets, and minimize or insure existing / potential risks.

What does „Information Security-as-a-Service” mean?

Information Security as a Service is a new business model where the service provider integrates information security services into the company’s operations and manages them with greater financial and operational efficiency than the company / corporation itself can. It should be noted that our employees hold certificates recognized by international actors in this field. For example: CISA, CISM, CRISC, CGEIT, ISO 27001 Lead Auditor/Lead Implementer (LA/LI), ISO 9001 LA, ISO 22301 Lead Auditor/Lead Implementer (LA/LI), ISO 20000 Lead Implementer (LI) etc. Their versatile experience in different sectors will enable you to correctly identify risks and appropriate response mechanisms, successfully implement management systems, carry out constant updating of management systems, conduct audits, acquire relevant competencies for employees and more.

bitsec employees have extensive experience in both private and public sectors, which underscores their experience in this area (including their involvement in several strategic and international projects)

Services:

  • Implementation, Audit and training in Information Security Management System (ISO/IEC 27001);
  • IT Audit;
  • Implementation and Audit of Business Continuity Management System (ISO/IEC 22301);
  • Implementation and Audit of Service Management System (ISO/IEC 20000);
  • Implementation of Incident Management System;
  • Implementation and training of Risk Management System;
  • Information Security Manager Service;
  • Implementation and training of Risk Management System;

 

Phishing as a Service – PhaaS

 

About 40% of the world’s cyberattacks are phishing. As it turns out, phishing is the first step in a chain of attacks that is commonly used to spread malware, such as ransomware or key logger. Often low human resource awareness and competence within the organization is one of the biggest challenges in managing attacks. Thus, it is recommended that organizations periodically carry out employee awareness and training activities. The “Phishing as a Service” PhaaS (PhaaS) service is designed to raise awareness and acquire basic knowledge.

bitsec helps you improve the resilience of your employees and the organization as a whole to phishing attacks. As part of PhaaS, bitsec will gradually send “phishing” E-mails to your employees and assesses the increase in awareness and competence of people – when they will be able to detect “phishing attacks”.

In order to protect the anonymity of employees and other confidential information, a non-disclosure agreement (NDA) will be signed. In addition, all sensitive data that will become known to bitsec during the test / simulation will be covered by the NDA. Aware of the complexity of this issue, our team takes full responsibility for the difficulties encountered during phishing simulations, which will allow your organization to continue to operate core business safely.

Through the PhaaS service, company employees will gain knowledge on how to detect and respond to phishing emails..

Bitsec bitsec offers the full range of functional services needed to run a phishing campaign:

  • Phishing Scenario Planning;
  • Identify Target Audience;
  • Infrastructure Preparation;
  • Conduct Phishing Attack;
  • Conduct Corresponding Training;
  • Preparation of final Report and Statistics.

Based on the consolidated results, the target audience will be trained on cyber hygiene issues, which will focus on “phishing threats”.

 

IT Systems as a Service – ITaaS

 

IT Systems as a Service integrates all the basic IT systems needed to manage business processes, their support and management services.

bitsec offers hosting, support and management of existing systems within ITaaS services in an high sustainabile and EU standards compliant environment. The main concern of organizations should be their core business and less time and resources devoted to managing IT services and processes which they will be able to achieve as a result of bitsec services.

With ITaaS services you will be able to increase employee productivity, reduce costs and pay only according to the resources consumed:

  • You will use the Service and will not have to invest to purchase computer or software licenses;
  • With a constantly updated IT system, equipment and services package, you will be able to reduce IT risks.

ITaaS service fee is paid monthly according to the number of employees of the company and the systems included in the chosen ITaaS service package. This payment model will allow you to change the service package according to the needs of your business, both in terms of components and the number of employees, and pay only the corresponding cost of the services used. Which naturally provides significant cost optimization.

The ITaaS service package we offer includes the following basic IT services:

  • Corporate Network Management;
  • E-mail;
  • Shared File Storage;
  • VoIP Telephony;
  • Security Management;
  • Anti-Virus Protection;
  • Support for end-user operating systems, computers and peripherals (Desktop Support)
  • Remote Working Environment (Remote Desktop Services);
  • Backup;
  • Staff Trainings.

 

Penetration Testing as a Service – PTaaS

 

Penetration Testing Service PTaaS (PenetrationTest as a Service), unlike traditional penetration testing, includes security testing and monitoring at agreed intervals, which means Vulnerability Management when scanning infrastructure, troubleshooting software, and issuing recommendations about resolving misconfiguration or other defcienses.

Traditional penetration testing involves assessing a company’s cybersecurity readiness at a specific time, however, as cybersecurity challenges and the overall picture changes day-to-day, so does the company’s cybersecurity requirements. Our offer is to periodically inspect the network and applications after changes in them, to identify possible threats and to resolve them quickly.

The PTaaS service package includes the following systems and services:

  • Web Application Security Monitoring;
  • Network perimeter penetration testing;
  • Network inner perimeter penetration testing.

Web application security testing is probably the most important issue for businesses, since in today’s reality too many companies operate in the electronic space. Consequently, when operating in the electronic space, it becomes necessary to take care of the safety of your own assets and users. We assess the website security based on OWASP methodology and check for problems such as: XSS, XXE (OOB), SQLi, SSRF, SSTI and others. As a result, bitsec will provide you with a detailed report to get information and resolve particular issues facing your organization.

Although most cyber attacks start with so-called “phishing” vectors, monitoring perimeter security is also extremely important. For example, we can consider the challenges of 2020: “SMBGhost”, “Zerologon”, “EternalBlue” through which cybercriminals gained access to systems on the perimeter of the company. In 2020, these vectors were used quite successfully, resulting in large financial losses to various organizations.

The internal perimeter penetration test is intended only to detect security problems with systems located within the company’s internal infrastructure. Problems include both weaknesses and configuration errors. For example: 90% of organizations use Active Directory environment to manage users’ computers. Internal perimeter testing involves our highly qualified specialists checking the configurations in Active Directory (password policy, ACL, etc.) as well as identifying software vulnerabilities.

What you will get when using PTaaS service?

  • Detailed report with recommendations how to resolve the problem;
  • Regular Testing;
  • Permanent connection with bitsec;
  • Simulation of current modern cyber-attacks in cyberspace.