g 3 r t
What We Do

Our Services

service

Train

Training is key to security!

Train your IT-staff, train your suppliers, train your users (especially those), train yourself, train as many people as possible in 'the ways of security'. At any level, training pays off. Wether it be users not clicking on any link they see, firewall staff knowing to clean up their old rules, incident response teams knowing to dump the memory before taking down the infected host,... I'm not a trainer and do not teach in the common sense of the word. I can however provide ad hoc training to smaller teams in the use and configuration of network security components, incident response scenario's, SOC organization or any other of my area's of expertise.

service

Analyze

No security without analysis!

Analysis should be the beginning of any security project. Analyse the risks, analyse the cost (of non-investment), analyse the work processes, analyse the weak spots and look what you can do to defend those as well. Sometimes it is a good idea to have someone external to your organization look at the infrastructure and its defenses and analyse if (and where) there is room for improvement. When requested I can help implement improvements myself, or connect you with the right people for your specific request.

service

Advise

After analysis, improvements

After a detailed analysis, we can write different levels of reports, from very limited (list of vulnerabilities/weaknesses found), to extremely detailed, with POC data, suggested configuration changes, ... In any case you 'll allways get a report with advise on how to optimally remediate or mitigate the weaknesses found, along with an explanation of the impact a breach of this vulnerability would cause. This helps making decisions about the investment to protect against each flaw more educated so it can be in tune for your business' risk profile and risk appetite.

service

Configure

Good configurations make all the difference

In many cases the firms targeted by cybercrime have all the security components and logging components available in their network they need to detect and prevent a breach, but simply lack the know-how of how to collect that data, filter it and act upon it. They often have devices seeing these traffic or events, but insufficiently configured to raise the alarm. I can assist in configuring many sorts of networks, servers and security devices and understand the principles of network and system security like no other.

service

Remedy

When all else failed...

When despite all your efforts to prevent the bad guys from entering your network and systems you get breached nevertheless, all hell breaks loose. You need to swiftly make critical decisions about how to manage the crisis and get on top of things. A good start is a trained incident response team, but they are generally only found in the larger companies. The second best thing is to get (your) experts together, analyze the situation and create a clear path towards the solution. I have a lot of experience in this field and can assist when needed. Discretion assured!

service

Manage

Steer and govern

Building a security operations team, or a new capability within such team is preferably done in-house as SOC capabilities need sufficient infrastructure and corporate context to be effective. Building know-how on the job is a lengthy process with lots of potential for catastrophic mistakes along the way. I can provide the expertise to ensure your security operations, or any capability therein, gets kickstarted up to industry standards and your team can hit the ground running. Soc capabilities are typically: Incident Response, Analyze & Investigate, Detection Engineering, Threat Intelligence, Threat Research and Threat Hunting.

Image
Featured Works

Expertise

Image

Network Defense

Having defended very complex and highly valued networks for a long time with quite some succes, I have acquired thorough knowledge of complex layer 2 and layer 3 networks and their different levels of defense. I also have hands-on configuration experience on many products (open source, fortinet, palo-alto, juniper, cisco, epicom, suricata, ...), beit firewalls, honeynets, ids, ips, DLP, or sandboxing.
Image

Incident Handling

Responding to a security incident requires a focused analysis and a decisive coördinated response. When impact from a cyberattack is detected we need to investigate the incident and its context, assess correlated impact and contain the threat in the shortest delay possible. Next up are the eradication and recovery phases, returning back to normal. Finally we improve our resilience by studying root cause and potential improvements. An IR team should be prepared for reacting when a cyberattack occurs and know their focus in each phase.
Image

Network and security analysis

Having worked with, connected and secured so many networks, systems and security components - great and small - to all different levels of protection gives me the ability to analyse the current protection, it's configuration and advise on possible investments, reconfigurations, changing your work(er) processes or other improvements to better protect your most valuable assets.
Image

Security Operations

Security operations focuses on correctly handling operational security events and alerts and minimizing the risk from all sorts of cyberthreats. This ranges from incident handling and Investigate & Analyze funtions to Detection Engineering and Threat Hunting. Vulnerability and patch management focuses on reducing the attack surface while Threat intelligence enriches all above capabilities with real life actionable information.

Quick Links

Contact

© g3rt