Your organization's computer systems - and the information they hold - can be compromised in many ways. It may be through malicious or accidental actions, or simply through the failure of software or electronic components. And we need to consider all of these potential risks, it is malicious attack from the Internet that is hitting the headlines and damaging organizations.
The Year 2014 Information Security Breaches Survey1 found that 81% of large companies had reported some form of security breach, costing each organization on average between $600,000 to $2.5m. These findings are supported by almost daily stories of large scale cyber incidents, such as the Gameover ZeuS botnet.
Understanding the capabilities behind these attacks, the vulnerabilities they exploit, and how they are exploited is central to your organization's ability to defend itself against them. Security professionals often focus on the security mechanisms or controls employed without explaining why they are needed, and what they mitigate.
In East African scenerio, Specifically Kenya & Tanzania the internet footprint is growing very fast pace as more organizations are offering internet based business and taking advantage of internet reaching their customer base to offer them internet based services. For example, Kenyan BFSI industry has seen a tremendous expansion in terms of internet related services in last 2 years thus becoming vulnerable to intrusions and exploitation. The fast-growing digitally enabled service systems in Kenya is victimized by increasingly sophisticated insiders and outsiders launching more frequent and targeted attacks.
These attackers are using very clever tactics to penetrate inherent weaknesses in basic information security platform and systems, rendering standard methods of detection and incident response is becoming obsolete. Real time threat detection and mitigation is the need of the hour. This is where Simba Technology Limited steps in to provide a platform towards these new requirements.
Hacked Systems can be used for
Kenya – Population (2014 Est.) – 45,010,056 Internet Users till 31st December 2000 – 200,000 Active Facebook Users till 31st Dec 2012 – 2,045,900 Active Internet Users till 30th June 2014 - 21,273,738 Internet Penetration till Q4 2014 - 47.3 % Internet % for Africa - 7.1 %
The Kenya National Bureau of Statistics released the 2015 economic survey highlights on May 2015. According to the report the economy expanded by 5.3% in 2014 compared to 5.7% in 2013. One of the sectors of the economy that experienced the biggest growth was the ICT sector that expanded to 13.4% from 12.3% in 2013.
An interesting takeaway from the report was Kenya’s internet penetration which stood at 54.8% of the population or 22.3 million Internet users. Currently around three billion people of the world’s population access the internet which is around 40% of the global population. This means Kenya has by far beaten the global average by far. This growth is attributed to increased affordability of Internet services as provided by ISPs which saw the price of browsing the Internet become more affordable. The growth of E-commerce has also led to increased usage of the internet with Kenyans taking up online shopping. Kenyans have also used the internet for utility services such as online reading of newspapers and online banking services. The government has also heavily invested in e-government services such as online renewal of driving licenses which, have driven the surge in internet usage.
Tanzania – Population (2014 Est.) – 49,639,138 Internet Users till 31st December 2000 – 115,000 Active Facebook Users till 31st Dec 2012 – 705,460 Active Internet Users till 30th June 2014 – 7,590,794 Internet Penetration till Q4 2014 - 15.3 % Internet % for Africa – 2.5 %
Uganda – Population (2014 Est.) – 35,918,915 Internet Users till 31st December 2000 – 40,000 Active Facebook Users till 31st Dec 2012 – 562,240 Active Internet Users till 30th June 2014 – 6,523,949 Internet Penetration till Q4 2014 – 18.2 % Internet % for Africa – 2.2 %
Sudan – Population (2014 Est.) – 35,482,233 Internet Users till 31st December 2000 – 30,000 Active Facebook Users till 31st Dec 2012 – N/A Active Internet Users till 30th June 2014 – 9,307,189 Internet Penetration till Q4 2014 – 26.2 % Internet % for Africa – 3.1 %
The Simba Technology’s Cyber Security Centre (SC²) monitors the activities and events in the client’s IT environments to ensure that anomalous traffic and activities are detected, identified, classified depending upon used cases with reference to the rules & policies defined and actioned upon each of these identified anomalous activities. Simba Cyber Security Center (SC²) engagements are managed along with the active involvement of customer’s IT Team where ever actionable are recommended in the event of identified threat or malicious activity. Simba Cyber Security Center (SC²) engage in reviewing of all activity and create reports to provide technical security overview with meaningful data versus non-threatening anomalies. Customer control environment procedures are also monitored to ensure that breaches of these procedures and the possible precursors of malicious activity are identified and reported.
The Simba Cyber Security Center (SC²)’s main focus is to provide security and compliance. Cyber Security monitoring at SC² guards client’s critical IT Infrastructure analyzing the events happening with relation to the infrastructure and co-relating these events with automated event co-relation engine, any indication of malicious activity or event is automatically detected with in few seconds and SC² team get alerted with in few seconds of the anomalies detection. Entire process is automatic no manual intervention, which is less expose to human errors in detecting an attack or event of security breach. SC² team will alert clients immediately of a potential security breach being detected that could compromise the integrity of client’s network and can assist with remediation. It’s a cost-effective, peace-of-mind solution to safeguard your network and your business critical data.
Daily and monthly analysis and reports provide the enough evidence required to take action against threatening anomalies that are detected and can be acted on time, while managing ISO / SOX / PCI compliance demands of all events recording and identification.
In the event of Security breach, SC² provides actionable counter measure the event. SC² will also provide forensics report where ever applicable and appropriate, and will help maintain the proper evidence for legal action.
Our Enterprise Security Services perform comprehensive testing and audits and provide the security solutions to protect your business-critical systems including:
The services offered by the SC² allow to identify, plan appropriate answers and react to cyber threats, ie, SC² offers the following services,
Correlation focused on identifying threats against prioritized events,
Comprehensive Netowrk Attack Monitoring (CNAM) is a complex engine that simplifies threat management. It builds threat models from around the globe and delivers quality decision making to customers.
CNAM uses five primary function modules at the core of the threat detection engine, these modules are tuned by experts for each deployment scenario. Here is a breakdown and brief function of each module.
CNAM helps you improve the visibility of your network and detect threats accurately in the smallest time window. The primary function modules have direct integration with application libraries.
A good threat management system is required to be flexible, it should be able to integrate and operate seamlessly with existing infrastructure. CNAM offers simplicity in design to its customers.
CNAM delivers a comprehensive set of unique features that streamlines and automates your threat detection capabilities. Real-time results from CNAM deliver the missing threat visibility in enterprise networks.
CNAM brings all the right components required to operate an effective security program but without the expensive overheads
CNAM delivers next generation threat detection using packet level profiling and analytics capabilities.
CNAM’s engine is built ground up to correlate around the attack. CNAM’s triggers can concurrently process several hundred correlation module
CNAM’s continuous integration engine profiles threats, packets and data usage to identify attack indicators. CNAM is designed to work autonomously on customer policies to maintain accuracy and real-time capabilities.
CNAM’s distributed control plane architecture is used for instant deployment and management of remote systems and policies.
Advanced Threat Detection, Attack Correlation and Enabled Response are delivered as a single solution with CNAM. Plus further integration with your business application gives you complete information security coverage.
We drive the entire deployment process efficiently while you can safely concentrate on your business. CNAM's deployment is quick, easy and trouble-free enabling it to be up and running in no time.
Instead of giving you bulky log reports of all events, CNAM gives you summarized logs after performing aggregation, storage, indexing and searching of large amounts of system data.
With CNAM, you don’t need any additional compliance tools. CNAM satisfies your compliance requirements by generating logs and reports as per your needs.
All transactional and attack data remains on the customer's network with only summarized result-sets leaving the network for correlation
Ease of deployment is one of the primary design goals of the service. CNAM deployments are easy to design and offer several customization options. CNAM provides some key benefits for system architects.
A large number of complex deployments are delayed or fail due to the inability of a system to adapt to the environment. CNAM is different, it is able to comply with the demands of the architecture and still deliver value to its customers. CNAM provides highly effective detection profiles for attacks from the internal and the external networks. CNAM allows a large amount of customization in attack detection modules across deployment architectures.
CNAM brings extreme flexibility and scalability into your security infrastructure. With its distinguished component blocks, CNAM can be deployed effortlessly into your organization.
SIEM tool powered by Netmonastery and SOC support provided by Simba Technology – Customer does not have to go to 2 different vendors
** SOC : Security Operations Center
Hardware, Software, Hosting and People – All included in one package
False positives are reduced by mapping threats with asset vulnerabilities through a VA module
Competing solutions provide analysis of the event with a delay
Simba technology as a service provider has access to multiple client’s security architecture
Logs are maintained within the customer network
CNAM uses cutting-edge algorithms and the power of the cloud to actively detect and respond to attacks on your critical IT infrastructure. It implements advanced correlation rules and detection mechanism coupled with a global intelligence network to deliver top notch security presented in an intuitive dashboard.
The UNET is a global facility used by CNAM to deliver real-time threat intelligence to its customers. The UNET aggregates intelligence from two networks viz. the CNAM customer network and the partner network. UNET is a network of global presence points called as Point-of-Presence (POP).
The IDD is the primary whistle blower for the CNAM service, it uses multiple technologies for detecting attacks in real-time. Each IDD is customized to the needs of the network and is monitored using unique correlation rules deployed by the CNAM Threat Center. Detection modules in the IDD are updated continuously to keep up with the changing threat landscape.
NAG is a local event collection and analysis engine, that is responsible for executing the correlation logic on the accumulated data. The NAG ensures that all the data collected by CNAM remains within the network perimeter. The NAG is in constant connectivity with the UNET which supplies real-time threat intelligence for accurate decision making.
|Real-time threat intelligence||Includes CNAM Plus features||Includes CNAM Pro features|
|Attack detection system||Server / device log integration||Application integration|
|Multi-layer correlation||Dedicated reporting console||Detection signature customization|
|Dashboard and reporting||Custom correlation rules||Custom correlation modules|
|Profile management||Collaborative outbreak detection||Application integration support|
|24x7 Support-ops||Event monitoring and archiving||Local decoy strategy|
|Dedicated account manager||Threat strategy consulting|
|Instant threat notifications||API Integration|
|Get Quotes||Get Quotes||Get Quotes|
|Dedicated intrusion detection|
|Continuous signature updates|
|Traffic anomaly engine|
|Collaborative outbreak detection|
|Dedicated correlation engine|
|Real-time event processing|
|Customised correlation rules|
|Customised correlation modules|
|3rd Party intelligence|
|NM Honeynet intelligence|
|Global threat intelligence|
|ANALYSIS AND REPORTING|
|CARD(web based) analysis console|
|Threat management system|
|Real-time incidents reports|
|Dedicated reporting console|
|Instant threat notifications|
|Periodic exposure evaluations|
|Application security analysis|
|Advisories on application security|
|Application security integration lifecycle|