Source Gate Technologies Cyber Security Services
Navigate the Digital Frontier with Resilient Cybersecurity Expertise
Managed DevSecOps Services
This is our most comprehensive service offering so we have divided it into 3 distinct engagement models to better align with software development lifecycle. Phase wise detail of our service is provided below
Selecting the appropriate technology stack for your application and your customers’ requirements
Setting up processes and git workflows to ensure the development team can focus on building the application and necessary feedback loop are enabled, to help them improve and speed up the development process
Setting up Continuous Integration (CI) pipeline to enable developers to test their code, the moment they make any change
Integrating security tools for static and dynamic security scans to ensure you don’t merge any vulnerable code to your production branch
Automating build creation process so it can easily and automatically be deployed to various environments (staging, QA, Integration, and Production).
Automating the infrastructure design and rollout using Terraform, Ansible, and other well-known IaC tools
Automatic, fast and reproducible deployments to all major cloud providers (AWS, Azure, and GCP etc.)
Leveraging cloud agnostic solutions like Docker, Kubernetes etc.; to ensure that your application is not vendor locked and can run on any major cloud platform
Integration and security testing as part of the pre-release cycle
Implementing monitoring practices and solutions (Prometheus, netdata etc.) feedback practices
Troubleshooting – enabling teams to quickly identify and fix issues before they cause downtimes
Integrating application performance monitoring & advising teams ‘how they can handle performance bottlenecks?’ (NewRelic, DataDog)
Managing and running bug bounty programs
Managing and coordinating with the security teams to run periodic pen tests for infrastructure and applications
Designing escalation policies and incident handling frameworks — so you’re timely notified and can respond to an incident
Disaster recovery and backup strategies
Integrating and enabling security controls for the production environments
Helping security teams by enabling them to collect logs and alerts from all the critical infrastructure components
Managing application firewalls to automatically respond to scanners and DOS attacks
Engagement & Pricing Model
Hourly
Fixed development and support hours – hourly bucket’s price
Monthly
Engineering resources augmentation – monthly price
Estimation
One-time engagement for assessment and review – estimation based pricing
Managed DefenseOperations
Being an MSP, the issues faced by security teams around the world are not alien to us. We have carved out our managed defense operations (MDO) to fulfill the needs of small, medium, and large enterprises for boosting their operational level (OP-Level) and efficiency against threats that matter.
OP-Level 1 | MSOC | MDO Standard
A standard managed security operations center service for organizations to make sure their security operations run smoothly all while staying in budget
OP-Level 1 | MSOC | MDO Standard
A standard managed security operations center service for organizations to make sure their security operations run smoothly all while staying in budget
OP-Level 3 | MDO-X | MDO Premium
A premium service that fulfills all the managed detection and response requirements and more
Vulnerability Management Service
Remote service designed especially for customers looking to deal with vulnerabilities on a regular basis Vulnerability risk assessment Virtual Patching
Read MoreOptional Services
L2-as-a-Service (L2aaS) Remote service designed especially for customers who can manage their L1 operations Advanced investigations Playbook creation
Read MoreMDO - Salient Features
24×7 monitoring of network & endpoints (log ingestion) Alert investigation, managed escalations, and false alarm identification SIEM optimization, log management
Read MoreGovernance, Risk & Compliance Consultancy Services
1 .Security Governance & Compliance Services
CIS Control
The Center for Internet Security (CIS) critical security controls v8 is a prioritized set of best
Read MorePCI-DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a globally accepted set of
Read MoreISMS (ISO 27001)
Information Security Management System (ISMS – ISO 27001) is an ISO standard on “how to
Read More2 .Healthcare Governance & Compliance Services
3. Privacy Governance & Compliance Services
4. Quality Assurance & Management Services
Digital Forensics & Incident Response
What We Do
Primarily we respond to following types of intrusions:
- Rogue activity inside enterprise network or infrastructure
- Theft of data, PII or intellectual property
- Sabotage or destruction
- Insider threats
- Financial crime
We Cover
- Log Anlaysis
- Host Forensics
- Memory Forensics
- Network Forensics
- Malware Analysis
Engagement & Pricing Model
One-Time Response
Priced Hourly
Retainer
Priced per 50+hour quarterly bucket
We Cover
- Organization-wide IOC hunting
- Clue-based deep dive
- Network traffic analysis
In the case where a compromise is identified, we have the ability to quickly pivot from compromise assessment to incident response (on customer’s discretion
Engagement & Pricing Model
One Time Assessment
Priced on Number of Assets
A thorough assessment whether you got compromised or not?
What We Do
Test your organization’s defense with a simulated scenario just like a real cyber-attack. We utilize our knowledge of responding to intrusions to create adversary or scenario specific simulations and then run them against your infrastructure to identify gaps and mitigate them before you actually face an incident
Our Belief
“The more you sweat in training, the lesser you bleed in battle !”
Engagement & Pricing Model
Bi-Annual Drills
Priced Per Drill (2 weeks of engagement per drill)
Quarterly Drills
Priced Per Drill (2 weeks of engagement per drill)
Knowledge of your enemy’s offensive capability, determines the strength of your defense
We assess the readiness of your organization against future incidents with a 360-degree perspective of security.
We Assess
Strategic Capability
- Maturity of your incident response plan
- Response procedures, roles and policies
- Maturity of response team and its layers of defense
Operational Capability
- Ability to investigate and respond from a single point
- Ability to investigate at scale
- Level of visibility inside host and network telemetry
Our Belief
“You cannot protect what you don’t know!”
Engagement & Pricing Model
One-Time Assessment
Priced Per Engagement
Add-Ons include
- Assistance in creation of Information Security Policy
- Assistance in creation of Incident Response Plan
- Assistance in creation of Response Playbooks
800+
Clients Globally
30+
Products
1,000+
Project Delivered
10+
Years of experience
Cybersecurity Assessment Services
We Offer
External Infrastructure Pentest
Pentest conducted through the Internet by an ‘attacker’ with no
Read MoreInternal Infrastructure Pentest
Pentest scenarios based on an internal ‘attacker’ , like a legitimate infrastructure
Read MoreBuild & Configuration Review Pentest
Build and configuration review testing uses an authenticated — credential base access
Read MoreWireless Network Pentest
Wireless network pentesting provides an ordered list of issues, their associated
Read MoreWeb/Mobile application Pentest
Web and Mobile applications are tested for exploitable vulnerabilities identifications
Read MoreSocial Engineering Based Testing
End users are the weakest link of cybersecurity control chain. An assessment is
Read MoreRed Teaming (RT)
Unlike VAPT’s breadth intensive activities in vulnerability identification, our red
Read MoreOur Methodology
External Infrastructure Pentest
Pentest conducted through the Internet by an ‘attacker’ with no
Read MoreInternal Infrastructure Pentest
Pentest scenarios based on an internal ‘attacker’ , like a legitimate infrastructure
Read MoreBuild & Configuration Review Pentest
Build and configuration review testing uses an authenticated — credential base access
Read MoreWireless Network Pentest
Wireless network pentesting provides an ordered list of issues, their associated
Read MoreWeb/Mobile application Pentest
Web and Mobile applications are tested for exploitable vulnerabilities identifications
Read MoreSocial Engineering Based Testing
End users are the weakest link of cybersecurity control chain. An assessment is
Read MoreRed Teaming (RT)
Unlike VAPT’s breadth intensive activities in vulnerability identification, our red
Read MoreReporting & Deliverables
A penetration testing conducted by Source Gate Technologies Pentest team will include a post assessment report – that will detail any vulnerabilities discovered and a step-by step remediation guidance to fix them