Security Operations



SecOps delivers seamless collaboration between IT Security and IT Operations to effectively mitigate your risk. Sakura SecOps solutions enable your teams to prioritise and remediate vulnerabilities, and then to systematically address compliance violations through an integrated and automated approach across your entire presence.

Traditional approaches to security and compliance often fail in multi-cloud environments, and worse, are often ignored in the race to continuously deliver new applications and products features. Sakura SecOps and Cybersecurity packages allow you to focus on your core business and reduce risk and cost.

SecOps Services

Operational Intelligence

Make security actionable with regular vulnerability assessments enriched by operational data to prioritise threats based on the impact within your specific operating environments.

With our Machine Learning based approach, we combine security and operations to provide accurate and actionable analysis, enabling you to identify risks.

Tiered Remediation

Sakura SecOps provide a tiered approach to remediation based on policies and AI which consider severity, environment, process, and application impact. This approach drives consistency, scalability, and flexibility. Through Machine Learning our methods consider the application, the process, and the severity of the issue to enable the most effective approach.

Monitoring & Alerting

The Sakura team provides the full cycle of system discovery, monitoring, remediation, and integrated change control, providing continuous compliance and monitoring. Achieve security and compliance by leveraging policies, Machine Learning, and best practices.

Platforms

Our SecOps Services Team also offers IDS, IPS & threat visualisation services.

Through leading open source platforms such as Suricata and commercial add-ons like Aanval, we now offer Intrusion Detection and Intrusion Protection setup and configuration services for your cloud or corporate network.

Snort

SNORT® is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users.

Snort can be deployed inline to stop these packets, as well. Snort has three primary uses:

  • As a packet sniffer like tcpdump,
  • as a packet logger — which is useful for network traffic debugging,
  • or it can be used as a full-blown network intrusion prevention system.

Snort can be downloaded and configured for personal and business use alike. Snort is developed by Cisco.

Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

Top 3 Reasons You Should Try Suricata

  1. Highly Scalable: Suricata is multi threaded. This means you can run one instance and it will balance the load of processing across every processor on a sensor Suricata is configured to use. This allows commodity hardware to achieve 10 gigabit speeds on real life traffic without sacrificing ruleset coverage.

  2. Protocol Identification: The most common protocols are automatically recognized by Suricata as the stream starts, thus allowing rule writers to write a rule to the protocol, not to the port expected. This makes Suricata a Malware Command and Control Channel hunter like no other. Off port HTTP CnC channels, which normally slide right by most IDS systems, are child’s play for Suricata! Furthermore, thanks to dedicated keywords you can match on protocol fields which range from http URI to a SSL certificate identifier.

  3. File Identification, MD5 Checksums, and File Extraction: Suricata can identify thousands of file types while crossing your network! Not only can you identify it, but should you decide you want to look at it further you can tag it for extraction and the file will be written to disk with a meta data file describing the capture situation and flow. The file’s MD5 checksum is calculated on the fly, so if you have a list of md5 hashes you want to keep in your network, or want to keep out, Suricata can find it.

Aanval / u2platform

Aanval (now called u2platform) is the industry’s most comprehensive Snort and Syslog Intrusion Detection, Correlation, and Threat Management console on the market. Aanval supports both Snort and Suricata, as well as virtually any Syslog data source, and is designed specifically to scale from small-single sensor installations to global enterprise deployments.

Aanval’s primary functions are to correlate data from multiple sources, bring together billions of events, and present users with a holistic view of false-positive free, network security situational awareness.

Discover more about our Security Practice

The Sakura team provides the full cycle of system discovery, monitoring, remediation, and integrated change control, providing continuous compliance and monitoring.

Engage the Sakura Sky team

Sakura Sky provides cloud, data, and security services to the world’s leading brands and has a presence across North America, Europe, and Asia. Work with us to enable your cloud, data, or security project with our experts.