Services

Implementation & Support

IBM Resilient

IBM Resilient Security Orchestration, Automation and Response (SOAR)

Resilient implementation includes customization, playbook development, device integration for automation and orchestration, process automation.

IBM Resilient

IBM QRadar

IBM Security QRadar SIEM

QRadar SIEM Implementation includes standalone installation, distributed installation, out of box supported device integration, universal device support module (UDSM) development for unsupported devices, custom parser development, logs fine tuning, flow source integration, report fine tuning, log retention policy building, multi tenancy segregation, third party threat intel integration and reference set mapping, backup policy setting, out of the box correlation rules tuning, custom event, flow and offence rules creation, false positive tuning & high availability deployment.

IBM Security QRadar SIEM Custom Use Cases

Custom use cases includes understanding about the in-house applications architecture from application owners and developing the universal device support module (UDSM), custom parser development and then building the correlation rules based on the application logic.

IBM Security QRadar Vulnerability Manager

Vulnerability manger implementation includes standalone and distributed deployment, scan policy creation, scan profile creation, scan scheduling, populate vulnerabilities, integration with siterprotector, third party scanners integration.

IBM Security QRadar Risk Manager

Risk manager implementation includes integration with SIEM, integration with network devices, asset policy creation, compliance policy creation, Centre Of Internet Security (CIS) benchmark policy creation, attack path analysis, risk correlation rules building.

IBM Security QRadar Incident Forensics

QRadar incident forensics includes standalone & distributed deployment, PCAP appliance integration with Forensics processor, Datanode integration with PCAP appliances, PCAP integration with network TAP and Forensics investigation briefing.

IBM Security SiteProtector System

IBM Security Siteprotector system implementation includes standalone and distributed installation, Central Database integration, IPS Agent integration, QRadar SIEM integration, QRadar Vulnerability Manager integration, third party Advanced Persistent Threat (APT) Integration, central logging and reporting, secure sync configuration for Siteprotector high availability.

IBM QRadar Network Security (XGS)

IBM QRadar Network Security XGS implementation includes active and passive deployment, inline simulation, inline protection & monitoring mode deployment, Network Access, IP reputation, Intrusion prevention policy, IPS Event filter policy & SSL policy creation, open signature policy, Siteprotector integration, SIEM Integration to configure the quarantine response & Advanced Persistent Threat (APT) integration.

IBM Security Network IPS (GX)

IBM Security Network IPS (GX) Implementation includes active and passive deployment, inline simulation, inline protection, passive monitoring mode deployment, active bypass module deployment. Policy creation for Firewall, Security Event, Data Loss Prevention (DLP), web application security, response filters & connection event. Custom signature development & integration with Snort.

IBM Security AppScan

IBM Security App Scan implementation includes, Appscan Source, Appscan standard , AppScan Enterprises installation, integration with QRadar SIEM, Source Code review, automating application vulnerability testing, mitigate application security risk.

IBM QRadar

ELK

ELK for log & reporting

ELK Implementation includes standalone and distributed installation. Elastic search, Logstash and Kibana integration, log source integrations, log retention policy defining, custom parsers and Grok Filter development & custom report development.

Elastic Search

Imperva

Imperva - Web Application Firewall

Imperva Web application firewall implementation includes standalone and distributed deployment. Inline, sniffing & reverse proxy mode deployment, management appliance, integration with gateway, vulnerability scanner integration, SSL offloading, Web application firewall rules building & custom signature development, high availability deployment.

Imperva - Database Activity Monitoring

Imperva Database activity monitoring implementation includes standalone and distributed deployment, inline and sniffing modes configuration, integration with management appliance, database agent installation, compliance and database active monitoring best practices policy deployment& high Availability deployment.

Imperva

Forescout

Forescout Network Access Control

Forescout implementation includes standalone and distributed deployment, classification policy, clarification policy, compliance policy,802.1x policy & remediation policy creation.

Forescout

Symantec

Symantec Data Leak Prevention

Symantec Data Leak Prevention implementation includes Symantec DLP Network Discover, Symantec DLP Data Insight, Symantec DLP Network Protect, Symantec DLP Endpoint Discover & Prevent, Symantec DLP Network Monitor and Prevent deployment, DLP Policy implementation and Fine tuning.

Symantec

Rapid7

Rapid7 Vulnerability Scanner

Rapid7 Vulnerability manager deployment includes Nexpose deployment,Rapid7 Appspider Scan policy definition, Metaspolit module integration, Fine tuning.

Rapid7

Nessus

Nessus Vulnerability Scanner

Nessus vulnerability scanner implementation includes Nessus professional and Nessus manager installation, vulnerability scanning and assessment, scan scheduling, compliance check, malware detection, web application testing, patch management system integration and Agent based scanning.

Nessus

Firemon

Firemon Firewall Analyser

Firemon implementation includes security manager, policy planner, policy optimiser ,risk analyzer deployments. Use cases includes security assessment & cleanup, automated change process, automated compliance , risk vulnerability management and incident investigation.

Firemon

Soltra

Soltra Threat Intelligence Platform

Soltra threat intelligence platform implementation includes integrating financial services information sharing and analysis centre feeds and third party threat intel feeds to soltra platform, publishing theTAXII discovery URL to the TAXII Clients. Integrating the soltra with SIEM.

Soltra

MineMeld

MineMeld Opensource Threat Intelligence Platform

Minemeld threat intelligence platform implementation includes creating miners to retrieve the feeds from third party threat intelligence sources, publishing theTAXII discovery URL to the TAXII Clients. Integrating the Minemeld with SIEM.

MineMeld

Fireeye

Fireeye Web, Email & File MPS

Fireeye Malware Protection System implementation includes Fireeye management centre, Web MPS, Email MPS and File MPS deployment and fine tuning.

Fireeye

Custom Application Development

QRadar SIEM Application Extensions

QRadar Custom app development includes , integrating custom application, adding custom application menu in QRadar SIEM console, adding custom dashboard menu, adding custom menu in Log activity tab. Custom use cases for the Application.

QRadar

Customized Training

We do provide customized training on following products & topics.

  • IBM Security QRadar SIEM Foundations.
  • IBM Security QRadar SIEM Advanced Topics.
  • IBM Security QRadar Vulnerability Manager.
  • IBM Security QRadar Risk Manager.
  • IBM Security QRadar Incident Forensics Configuration & Usage.
  • IBM Security SiteProtector System: Basic Implementation and Administration.
  • IBM Security Network Protection Administration and Configuration.