Niestety twoja wersja przeglądarki jest bardzo stara i nie potrafi poprawnie wyświetlić naszej strony.

Chcesz się szybko skontaktować? 801 801 913
CSIRT - Solutions | Biznes Netia
Top menu


How we support business?

Cybersecurity in recent years

The number of cyber threats has increased significantly in recent years. The number of systems and processed data is increasing, and the spectrum of attacks carried out is expanding, including those using constantly detected new vulnerabilities. A growing number and severity of attacks, for which organized crime groups are increasingly responsible, can be observed. Cybersecurity is no longer only a cost in an organization's budgets, and it becomes a necessity and the basis for business development in the e-economy. The existing and constantly appearing new legal regulations, norms and standards force costly investments in new security solutions, the effectiveness of which, without the implemented continuous monitoring processes, drops significantly. There is also a shortage of specialists on the labor market who could ensure the required level of security for all organizations.

What do we provide?

Netia is one of the few companies on the Polish cybersecurity market to offer its customers the Security Operations Center (SOC) solution in the as-a-service model. We use the best available technological solutions and properly defined processes. A qualified team working 24/7/365 constantly monitors the IT infrastructure and recognizes incidents on an ongoing basis. In addition, we provide a full range of professional services aimed at strengthening the resilience of security systems and employee awareness.

Discover our services

  • IT security monitoring

    Ongoing 24/7 monitoring and handling of security incidents by Netia SOC specialists is carried out with the use of world-class SIEM (Security Information and Event Management) systems. The most difficult part of handling a security incident is determining its severity, performing an analysis and taking appropriate mitigating actions. Leveraging multiple sources of information is often a challenge. Many security systems will only fulfill their role if we monitor them all on an ongoing basis. SIEM collects a huge amount of information about events from network devices and information systems (logs), and then correlates the collected information from various sources in accordance with defined security policies. If a suspicious event is detected, the system generates a warning that initiates the classification and handling of the incident by SOC analysts and allows for taking appropriate remedial actions defined in the scenario (e.g. contact with the Customer, automatic or manual network device reconfiguration, infected station isolation, initiation of defensive actions, etc.). 

    The Netia SOC team ensures the selection of an appropriate SIEM/SOAR system, its full implementation and integration with the Customer's infrastructure. The level of service provision is confirmed by the SLA.

    Monitoring with the use of advanced SIEM systems allows to detect and respond to threats in real time and eliminates the need to manually track processes on individual security systems. System activities and monitoring results are regularly reported and periodically communicated to the client along with the recommendations of SOC specialists.

    Security incidents identified at the Customer's premises may be reported via Netia SOC to the appropriate national or sectoral CSIRT (in accordance with the requirements of the Act on the National Cybersecurity System).

    Why it is worth it?
    Proactive monitoring and instant response to security events allows to maintain the continuity of key business systems and increase the level of IT security.
    The observations, tips and recommendations of Netia SOC specialists can make a significant contribution to strengthening the Customer's ICT security system.

    The possibility of using the monitoring services provided by an external SOC team is primarily a significant reduction in costs associated with the self-implementation and maintenance of such a solution. In case of key service providers, handling security incidents is a statutory obligation.

  • Network vulnerability scans

    Vulnerability scans are a comprehensive network scanning service of corporate assets for weaknesses that could potentially be exploited to take control, infect, steal data, or can lead to financial and/or reputational loss. The service consists in scanning the corporate network (network devices, applications) from the outside and/or from the inside for misconfigurations, vulnerabilities, and security gaps. As a result of the scanning, the Customer receives a detailed report on the ICT infrastructure security status indicating the errors, vulnerabilities, and risks along with recommendations for changes in the configuration or architecture in order to increase the security level of the IT environment.

    The wide scope of scanning covers operating systems, network devices, hypervisors, databases, web servers and sensitive infrastructure in terms of vulnerabilities, potential data leaks, malware infections, configuration errors, software up-to-date and other threats and violations of compliance rules.

    Why it is worth it?
    As a result of using the Service, the Customer obtains comprehensive knowledge about the state of owned IT resources and awareness of infrastructure weaknesses (existing configuration bugs, vulnerabilities, and security gaps). In addition, thanks to recurring network scans new vulnerabilities and device configuration errors can be found that appeared or were recognised after the previous scan.

  • Vulnerability scans of web applications

    The resilience of websites and web applications to cyber threats is a key element of security for organisations and end users.
    Web applications, including shopping carts, forms, login pages and other online tools that enable the exchange of dynamic content, are generally highly exposed on public networks and thus not protected by network firewall systems.

    Cybercriminals have a wide knowledge of web application attack techniques, including SQL Injection, Cross Site Scripting, Directory Traversal Attacks, Parameter Manipulation (e.g. URL, Cookie, HTTP headers, web forms), Authentication Attacks, Directory Enumeration. The criminal community continues to search for new vulnerabilities and exploits (including zero-days).

    Knowledge of potential vulnerabilities of externally accessible application systems is the first and necessary element in the process of risk reduction in the area of IT systems security, especially in the context of protection against leakage of corporate data and legally protected personal data, to which application systems have access on a continuous basis.

    Web Application Vulnerability Scans is a comprehensive service that scans designated application systems for vulnerabilities that can potentially be exploited to gain control, infect IT systems, steal data or lead to financial and/or reputational loss.

    Why it is worth it?
    Application vulnerability scanning is the only automated way to protect your website or web application from malicious intrusion. In addition, the scanner can be used to audit source code to identify and eliminate errors during development or subsequent progress of an application system.

    Automated vulnerability scanning allows you to focus primarily on building a web application which is quite a difficult task. An automated web application scanner is always looking for new attack paths that hackers can use to gain access to a web application or the data behind it.
  • Phishing simulations

    Phishing is a method of fraud that involves a criminal impersonating another person or institution in order to obtain confidential information, infect a computer with malware, or induce the victim to take a specific action (e.g. click on a malicious link).

    Phishing attacks (campaigns) are the primary tool of cybercriminals today, not only on the way to gain unauthorized access to critical company resources, but also to defraud the inexperienced Internet user. The most common attack vector is e-mail (e-mail phishing). All types of attacks use social engineering methods. Often attacks target a specific group or a specific type of person (spear phishing), e.g. administrators, accountants.

    The phishing simulation consists in preparing and executing a fake phishing attack (phishing campaign) on a specific group of employees according to a selected scenario, and then collecting and analysing the results in the form of a detailed report. The findings of the report can be used to conduct an in-depth education campaign among employees.

    Why it is worth it?
    By periodically running simulations of phishing attacks, you can monitor and raise awareness of cyber threats and, as a result, reduce employees' vulnerability to these types of attacks. Simulations are run according to constantly updated scenarios and techniques used by cybercriminals. This helps strengthen the weakest link in an organization's security chain – humans.
  • Penetration tests

    A penetration test (pentest) is a process involving a controlled attack on an ICT system, aimed at a practical assessment of the current state of security of that system, in particular the presence of known vulnerabilities and resistance to security breach attempts. It involves analysing the system for potential security flaws caused by improper configuration, gaps in software or hardware, vulnerabilities in technical or procedural security measures, or even insufficient user awareness. The analysis is performed from the perspective of a potential intruder and may include active exploitation of vulnerabilities. The primary feature that distinguishes a penetration test from an intrusion is the Customer's consent to the test.

    Pentests can be implemented with various levels of knowledge for the testing team, with two extremes:
    • black box – tests with minimal knowledge (e.g. only service address), penetration tester has no additional information beyond what is publicly available, tests reflect real potential intrusion,
    • white box – tests with transfer of full knowledge and access (design documentation, source code, configuration of network devices, etc.),
    • grey box – the most common form of testing with partial transfer of knowledge and access (e.g. created user account).

    Why it is worth it?
    Conducting penetration tests is the only way to verify the prevention, immunity and security mechanisms used that simulate a real-life situation. Implementation by a specialized external entity allows for control over the amount of knowledge transferred about the infrastructure under test and avoid concentrating security in places that are not necessarily pushed by actual attackers.
  • Automatic malware analysis

    Malware is an executable file, binary code, or URL that is intentionally harmful to a computer system or its user, often supervised remotely by an attacker. Malware can be used by attackers to conduct aggressive operations, such as spying on the victim with keyloggers or remote access tools (RATs) or deleting or encrypting data under blackmail ransom demands (ransomware). Malware can take many forms and carry out a range of activities characterised by varying levels of aggression.

    Malware analysis is a study that aims to obtain as much information as possible from a malware sample to determine its effects, origin, and attack potential. The information obtained helps to determine how the computer system was infected, which helps to protect it from similar attacks in the future.

    Why it is worth it?
    Malware analysis provides valuable information for people responsible for the Customer's IT security. It helps to identify a potential attack, its source, targets, objectives and the ability of the attacker and a possible further course of the attack. When an ongoing attack is identified, the result of the analysis often allows for putting an end to it, for losses to be limited, and appropriate defensive, security, or investigative actions to be taken.

  • Cyber Threat Intelligence (CTI)

    CTI is the acquisition and processing of information on various groups of activities that pose a threat in the area of cyber security to the Customer's organization. The information comes mainly from external sources e.g. open source, cooperation with Polish and foreign CERTs, social media, computer forensics, crisis groups, law enforcement agencies, communication platforms of criminal groups, deep web, dark net, commercially acquired information.

    Underground sources are monitored for the appearance of information harmful or likely to harm the client, his employees or clients. Data is also obtained from the Customer itself.

    Finding an offer to sell information stolen from the Customer (databases containing customer data, internal documents, lists of employees with their logins/passwords) or information obtained about vulnerabilities detected in the customer's infrastructure is most often proof of hacking and unnoticed leakage of customer data.

    Why it is worth it?
    The team of experts monitors the sources in order to detect and identify threats and incidents affecting the Customer as early in the cyber kill chain as possible. Additionally, in crisis situations, experts provide advice and can support the Client in cooperating with law enforcement agencies.

    The following can be monitored:
    • social forums, forums where information is exchanged by criminal circles, websites containing posts with databases in terms of keywords, numerical sequences (NIP, REGON, payment card numbers) or identification data of entities or persons,
    • new registrations of internet domains with names similar to the Customer's domains in terms of phishing activity,
    • reports on current malware campaigns (including ransomware) that could potentially be used in an attack on the client,
    • spam campaigns that can potentially target the customer
Want to know more?     Contact us    or call22 35 81 550

Choose your language ×