CYBER DEFENCE SERVICES

Successful defence against cyber attacks starts with the proactive elimination of known vulnerabilities in your infrastructure as well as the continuous recording and analysis of log information of all system components. Our Basic Detection Services:

• Vulnerability Management: Managing the ever-changing threat landscape includes permanent vulnerability scanning. Our cyber security specialists monitor and scan your infrastructure to uncover vulnerabilities and misconfigurations at an early stage.

• Security Information & Event Management (SIEM): The analysis of system logs from your infrastructure is central to finding information about security-relevant events. Therefore, all log information is integrated, correlated and analysed in our SIEM system. This allows us to efficiently identify those events that indicate misuse, internal or external attacks or other security threats.

• Network Detection & Response: Thanks to the use of different analysis technologies from the fields of artificial intelligence (AI), machine learning and sandbox technologies, we can monitor your infrastructure comprehensively and highly automated. If a threat is detected, your experts are alerted immediately.

It is not uncommon that attackers sneak into normal operations for weeks and months before they strike. Traditional security systems reach their limits with such attacks. Our Advanced Detection Services start where firewalls, intrusion detection systems, spam filters, anti-malware solutions and advanced next-generation security end. Our Advanced Detection Services:

• Endpoint Detection & Response (EDR): Many security breaches happen on an endpoint and therefore incidents are best detected there. With our EDR service, you have far more insight into what is effectively happening on an endpoint. This means that attacks are detected much faster and are much easier to investigate. In addition to these advanced detection capabilities, our EDR service allows us to respond very quickly to incidents on one or more affected endpoints.

• Threat Hunting: InfoGuard proactively searches for APTs (Advanced Persistent Threats) and anomalies that are not automatically detected. To do this, we continuously collect Indicators of Compromise (IOC) that help us identify new threats in real time. In addition, other security events from the SIEM are also correlated to identify and uncover correlations between potentially suspicious activities within the entire environment. This allows us to immediately take the right steps to stop and isolate the attack.

• Cyber Threat Intelligence: Our cyber threat analysts observe the current threat situation around the clock and analyse information from the darknet, threat intelligence feeds and many other sources. Our customers receive a quarterly threat report with a detailed analysis of the general threat landscape and our experts' risk assessment in order to act proactively. Of course, we alert immediately if we find critical indicators or reputation-threatening information.

We provide the full range of services from our ISO/IEC 27001 certified InfoGuard Cyber Defence Center (CDC) in Switzerland: from support to outsourced cloud and managed security services to SOC services, where our cyber threat analysts and cyber defence experts look after your security around the clock. 

Learn more about the Security Operations Center.

Security incidents can have a significant business impact and, unfortunately, cannot always be prevented. Therefore, a fast and professional response by proven experts is crucial. Our Security Incident Response is carried out through a standardised process according to SANS and guarantees you a quick restoration of normal operations. The InfoGuard CSIRT is a member of FIRST (Global Forum of Incident Response and Security Teams).

Learn more about our Incident Response & Recovery Services.