Radar Services is the European market leader for pro-active IT security monitoring and IT risk detection as a managed service. The services uniquely combine automated detection of security relevant issues and risks with the analysis and assessment done by experts. Data never leaves the clients‘ premises. Radar Services is headquartered in Austria with offices in the United Arab Emirates, Germany, Poland and Russia. Customers include banks, insurances, industrial companies, operators of critical infrastructure and govern.
- Security Information & Event Management (SIEM)
The collection, analysis and correlation of logs from various sources results in alerts in case of security flaws or potential risks.
Central to a SIEM is the collection and analysis of logs from various sources within a network (e.g. server, clients, network devices, firewalls, applications) for security-relevant information and events. Various common log formats are understood out of the box. Furthermore there is always the possibility for additional parsers to normalize custom logs. Information and events from all these areas are aggregated. Risk is identified through the state-of-the-art correlation engine with continuously updated, enhanced and customised correlation rules and policies.
An effective management of security flaws is enabled. A fraudulent use of the IT and applications, internal fraud and security threats are detected out of millions of events. Our Intelligence Team analyses suspicious events and prioritizes them in terms of business criticality and need for urgency. An effective configuration of the system is achieved through predefined filters, templates and plugins. Thus setting-up is neither time consuming nor resource intensive.
- Vulnerability Management and Assessment (VAS)
Continuous internal and external vulnerability scans with comprehensive detection, compliance checks and tests deliver results with zero false positives and full vulnerability coverage.
VAS includes continuous and accurate internal and external vulnerability scans for a 360-degree view. Besides fast and efficient authenticated or non-authenticated vulnerability scans, open ports, the use of potential unsecure or unnecessary services on these ports as well as shares and non-secure shares are detected.
Furthermore compliance- and password-checks spot configuration problems with regard to applications as well as password and user-policies. Standard and missing passwords are detected. Outdated patch versions of installed software and services with registry and dll-checks on Windows systems are done. State-of-the-art vulnerability scanning in combination with the analysis of the Intelligence Team delivers results with zero false-positives and full vulnerability coverage. Safe scanning is ensured, thus any disturbance of the availability or integrity of information is avoided. Moreover scans do not interfere with daily operations or availability because of predefined scan plans. No training is required.
Overall more than 67,000 tests are carried out in the categories of OS, software and vulnerabilities using the largest database in the industry. Vulnerabilities are categorized in high, medium or low risk as well as the possibility of exploitation to provide easy to understand overviews of the current vulnerability landscape and information ready to meet compliance requirements.
The comprehensive scanning capabilities include
- Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
- Virtualization: VMware ESX, ESXi, vSphere, vCenter, Hyper-V, and Citrix Xen Server
- Operating systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries
- Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB
- Web applications: Web servers, web services, OWASP vulnerabilities
- Cloud: scanning of cloud applications and instances like Salesforce and AWS
- Advanced Cyber Intrusion Detection (ACID)
High performance analysis of the network traffic is used for signature- and behaviour-based detection of dangerous malware, anomalies and other network traffic risks.
Network traffic from and to the Internet is analysed in real-time in order to detect suspicious patterns and anomalies such as malware, command and control server, bots, spyware, drive by sources, DDoS targets and sources and others.
More than 19,000 continuously updated (matched with IP reputation data) signatures and rules serve as the basis for detection. On-hand is also an additional behaviour-driven analysis for zero-day exploits and other unknown attacks without signatures as well as the detection of protocols even if varying ports are used. Moreover thousands of file types are identified via MD5 checksums and possible file extraction to let documents stay out or not get out. The module is highly scalable with a master/probe configuration option for decentralised internet breakouts. 1Gbit and 10Gbit interfaces are supported (copper and fibre)
- Host-based Intrusion Detection System (HIDS)
Analysis, monitoring and detection of anomalies on hosts lead to active response and immediate alerts.
HIDS collects, analyses and correlates logs of a server or client and alerts if an attack, fraudulent use or error is detected. It checks file integrity of the local system. Rootkit detection identifies hidden actions by attackers, trojans, viruses, etc. when system changes occur. HIDS leads to real-time alerts and active response (immediate and automated action such as block and attack). HIDS integrates smoothly with SIEM and delivers additional valuable information for central correlation. It runs on nearly every operating system (Linux, Solaris, HP-UX, AIX, BSD, MacOS, Windows, VMware ESX) and supports to meet compliance requirements. Centralised policy deployment is done for all HIDS agents to monitor the server’s compliance.
- Software Compliance (SOCO)
Compliant software per server / server groups is assessed according to policies and a continuous analysis of the current status.
The software compliance module takes care of the management of the full software inventory for Windows- and Linux systems. A continuous retrieval of the installed software is done as well as the display of currently and previously installed software. Policies can be defined for software compliance rules including permitted software and software packages, minimum software versions and blacklisted software. Thereby the analysis of compliance in accordance with policies and historical progression is achieved. Alerts point to software with known vulnerabilities. The module also includes licence management with continuous comparison of licence information per software with the overall installed software base.
For further details, please visit: http://www.radarservices.com/