Managed Advanced Threat Protection
The sophistication, complexity and frequency of targeted attacks, Advanced Persistent Threats (APTs), advanced malware, unknown malware, zero-day threats and the like can be overwhelming. An ever-increasing attack surface, extremely motivated, well-trained and well-funded criminals targeting organizations with bespoke tools and new technologies, make securing the modern enterprise exponentially more difficult. Traditional approaches, such as defending the perimeter, are only some of the many techniques needed to address today's complex security landscape. Advanced and multi-faceted attacks cannot be prevented by a single control point, these types of attacks require a coordinated strategy. Yoroi Managed Advanced Threat Protection defends the clients network perimeter from elusive and advanced threats by adopting the most advanced detection technologies available on the market. Our analysts have a solid background in reverse engineering, malware evasion and communication protocols. They monitor, analyse and mitigate advanced threats far before traditional solutions are able to detect them. Our service prevents even the most sophisticated attacks, it detects stealthy threats across the entire clients infrastructure and is able to quickly respond to security incidents.
Infrastructure & Systems compliance
The purpose of the Infrastructure & Systems compliance is to ensure that the infrastructure and systems layers are positioned in the appropriate security posture. This security posture can be defined as the condition where the configuration of a specific asset comply with a specific benchmark, such as:
- Best practices, that is widely accepted from the community
- A standard (Community, like CIS or government, like DISA STIG)
- An organization predefined configuration
- Reference benchmark
- Operational prerequisites
- Technical analysis on the assets under scope
- Gap-analysis with respect to chosen benchmark
Scams are becoming increasingly prevalent across different types of websites, through viral e-mails and across social media.
A fraud attempt can be very complex to identify. There isn't any conventional tool able to identify and stop scams. The reason lies in the mutability, complexity and variability of attempted frauds.
Yoroi offers as a scam protection service a suite of services, technologies and best practices advice.
Our proprietary sonde Genku analyses our clients’ e-mails and sends the suspicious attachments to our sandbox Yomi for detonation, whilst our analysts investigate IPs, provenance, destination, subject in order to identify the best possible action.
SCADA systems are increasingly complex, digital and connected. Whilst in the past they were isolated from other networks, today's operators typically require data to be transferred between industrial and external networks, creating the potential for malware and hackers to gain access to and disrupt real time control systems and dependent infrastructures.
Yoroi SCADA security service prevents the malware infection by using bespoke technologies to detect the threats. Through a sensor or a virtual or physical ‘probe' installed in the system and a client host inside the machine interconnection network, our analysts are able to monitor the SCADA communication infrastructure and identify malicious communication flows, unidentified callback and unauthorised attempts to gain control.
Yoroi digital surveillance service is designed to protect our clients most sensible data.
Our analysts systematically observe the cyberspace by surfing, sniffing, snooping with a view to locating, identifying, determining, profiling, and analysing by all available means the transmission of e-mail, movement of packets, file transfer, transactions containing specific information or alphanumeric strings belonging to our clients. Once a match is found and verified, the client is alerted and the type of action to be carried on agreed.
The goal of Yoroi e-mail protection system is to increase the level of protection on the e-mail carrier, using three main techniques:
- Yomi. Every incoming e-mail received from 'outside' the organisation, if considered 'suspicious' is sent to Yomi and there closely analysed.
- BeC Detector. A syntactical similarity algorithm compares the similarity of the sender with that of the victim host domain. If the sender e-mail address possesses a high degree of similarity to a real address of the defended organisation, an alert is sent out and an analyst is called to analyse the attempted scam.
- BeC Anticipator. A powerful correlation and syntactic prediction engine periodically checks the domains potentially 'similar' to the domain of the defended organisation. If these domains are bought and put into production, an alert escalates and an analyst is contacted in order to manage a possible threat B and C and/or fraud.
Yoroi early warning service identifies, analyses and promptly notifies approaching threats before they can affect operations and provides a mitigation strategy. The service is based on the collection and analysis of information from endogenous and exogenous sources appropriately classified according to their reliability. It includes an ongoing view of unconventional sources searched for information related to the monitored clients networks, in order to understand whether there are traces of abuse or compromise.
Our analysts provide information not only about the vulnerability, but also about best-practices countermeasures to keep systems protected. A detailed analysis is provided in each alert and update, describing its severity and potential impact, technical makeup, the systems that might be affected, available patches or workarounds and comprehensive mitigation strategies.