Monitoring of compromised data
CyS Centrum provides monitoring of botnets worldwide on a regular basis. We focus on botnets that may be used to exfiltrate sensitive data (logins, passwords, keys and certificates, PANs, CVVs, personally identifiable information), steal money and provide remote covert management of infected devices. Dut to unique and trusted relationship with competent organizations around the globe, recognizing the transnational nature of cyber-threats, we organize effective mutual cooperation aimed at incident response at the international level. All this enables us to know in advance "who", "when" and "where" will lauch the attack, thus giving CyS Centrum the unique advantage in addressing threats proactively (during the initial stages of an attack).
The client is notified in a timely manner regarding known and emerging threats that may influence its business and assets or those of their own clients and customers. CyS Centrum does deep research on cyber-threats specific for a region and/or sector (transportation, finance, critical infrastructure etc.), provides actionable intelligence, delivering indicators of attacks and appropriate recommendations. We also offer support for routine processes (e.g., analysis of malicious samples being sent to organization’s email as attachments). What is most important is that we suggest forming client-specific threat profiles that perfectly takes into consideration the client’s business operations, assets owned, soft and hardware deployed.
Detection of compromised devices used by financial institutions and their customers
CyS Centrum’s technical solutions and commercial agreements with partners (from the global InfoSec community) give us an opportunity to get and process real-time information about compromised IP-addresses from the entire Ukrainian cyber-space. This enables us to estimate “reputation” of each and every Ukrainian IP-address and determine, whether it’s used by a botnet, infected with malware, participating in DDoS or other attacks, or used for scanning/spamming purposes. It's also possible to detect "client-side" infections by checking clients IP-addresses through our data sets. This service may be implemented in one of two ways: as an automated control system (requires integration to the bank’s infrastructure) or as an outsourced feature (where CyS Centrum takes responsibility to provide regular reputation checks and appropriate reporting).