Control Services

What is it?

Análisis Forense

TheXOC

Aligo’s Next-Gen Security Operations Center (XOC) address both current and modern threats that could impact operational resiliency using XOAR, automation, and AIOps to counter advanced adversaries that have evolved with automated tactics and procedures.

It goes beyond simple detection and response. TheXOC considers all of the activities listed in the NIST Cybersecurity Framework: Identify, Protect, Detect, Respond, and Recover.

The information sources are integrated using a modern SIEM based on the ELK stack and integrated in an environment of cloud-native technologies

 

Identificación de alertas Realización de análisis forense Monitoreo continuo 24/7 Gestión de incidentes
Alert Identification. Performing forensic analysis. Continuous monitoring 24/7. Incident Management.

 

Identificación de alertas Realización de análisis forense
Alert Identification. Performing forensic analysis.
Monitoreo continuo 24/7 Gestión de incidentes
Continuous monitoring 24/7. Incident Management.
Characteristics of the XOC service
  • Records Management and Correlation – Workflow Orchestration:
    • Integration with the organization’s information sources.
    • Construction of baselines.
    • Construction and updating of use cases.
    • Categorization of security incidents.
    • Correlation and detection of security events.
    • Playbook design.
  • Threat Intelligence, Brand Monitoring, Email Monitoring:
    • Identification and continuous analysis of threats.
    • IOC creation.
    • Brand monitoring and remediation of findings.
    • Continuous email monitoring.
    • Preparation of security bulletins.
    • Generation of alerts of new threats.
  • Investigation and response:
    • Management of cybersecurity incidents.
    • Implementation of task flows “playbooks”.
    • Application of action plan for mitigation and recovery.
    • Application of machine learning technologies.
    • Performing forensic analysis.
    • Documentation and improvement actions.
  • Continuous monitoring 24/7/365:
    • Identification of alerts.
    • Alert investigation.
    • Incident Management.
Benefits of the XOC service

What sets Aligo’s XOC service apart?

  • We integrate your technology.
  • We are transparent.
  • We get valuable results.
  • We seek continuous improvement.
Análisis Forense

TheFence

Zero Trust Network Access Control is our platform of technologies and functionalities that enable secure access to internal applications for remote users. It operates on an adaptive trust model, where trust is never implicit, and access is granted on a need-to-know, least-privileged basis defined by granular policies. Our platform boasts an impressive feature set including a captive-portal for registration and remediation; centralized wired, wireless and VPN management; industry-leading BYOD capabilities; 802.1X and RBAC support; and integrated network anomaly detection with layer-2 isolation of problematic devices. TheFence can be used to effectively secure small to very large heterogeneous networks by closing the Observe, Orient, Decide & Act (OODA) loop in your cybersecurity strategy.

TheFence

 

BYOD: permita que las personas traigan sus propios dispositivos. Elimina el malware Elimina el malware. Descarga de WiFi / punto de acceso. Proporcionar acceso de invitado. Realizar comprobaciones de cumplimiento. Simplifique la gestión de la red.
BYOD – Let people bring their own devices. Role-based access control. Eliminates malware. WiFi offload / hotspot. Provide guest access. Perform compliance checks. Simplify network management.

 

 

BYOD: permita que las personas traigan sus propios dispositivos. Elimina el malware Elimina el malware. Descarga de WiFi / punto de acceso.
BYOD – Let people bring their own devices. Role-based access control. Eliminates malware. WiFi offload / hotspot.
Proporcionar acceso de invitado. Realizar comprobaciones de cumplimiento. Simplifique la gestión de la red.  
Provide guest access. Perform compliance checks. Simplify network management.  

 

 

BYOD: permita que las personas traigan sus propios dispositivos. Elimina el malware
BYOD – Let people bring their own devices. Role-based access control.
Elimina el malware. Descarga de WiFi / punto de acceso.
Eliminates malware. WiFi offload / hotspot.
Proporcionar acceso de invitado. Realizar comprobaciones de cumplimiento.
Provide guest access. Perform compliance checks.
Simplifique la gestión de la red.  
Simplify network management.  

 

Features of TheFence
  • Infrastructure protection:
    • Vulnerability analysis.
    • Threat analysis (SIEM).
    • Integration with other security controls (IDS).
    • Integration with network access control (NAC).
  • Infrastructure control:
    • Centralized control, management and monitoring (The-Fence).
  • Knowledge of the infrastructure:
    • Device inventories.
    • Infrastructure monitoring.
    • Automated Defense.
Benefits of TheFence
  • Open source software based solution
  • Capacity for growth and evolution of technology
  • Transparent service for the end user, which does not require the installation of software agents.
  • Easy implementation of different custom captive portals by VLAN, SSID, among other criteria.
  • Flexibility of integration with other network security solutions from various manufacturers.
  • Deployment flexibility, whether centrally, distributed or hybrid.
  • It allows the gradual implementation of policies to facilitate the appropriation of technology by users and minimize trauma.
  • Level 2 and 3 support is included directly with Aligo.
  • Possibility of installation on physical, virtual and / or cloud servers.
Atención de Incidentes

Network Access Control (NAC)

Network Access Control (NAC) is a product based on an open source technology called Packetfence.

It is responsible for allowing or denying the entry to the network of a device in a specific vlan, based on defined rules such as: Device type, operating system, device domain, MAC, access point / switch.

Features of our NAC

FEATURES:

 Control of IoT devices.
● Control of smartphones and tablets.
● Integrates with mixed network infrastructure (multiple brands and
technologies).
● Operates over SD-WAN.
● Captive portal.
● Guest control.
● For user and / or device authentication, it integrates with the
active directory , ldap, radius, among others.
● VLAN assignment based on user and / or device.

Benefits of our NAC
  • Monitoring, alerting and control of devices with Windows, Linux and MAC operating systems, cell phones and IoT devices (VoIP phones, lights, alarms)
  • Detection, alert and take action in real time.
  • Transparent to the end user.
  • Facilitates traceability of devices and users on the network.
  • Application of parameterizable rules.
  • Inventory and statistics of devices on the network.
  • It is integrated as a source and / or destination with the controls already established in the company’s security ecosystem.
  • It allows taking manual and / or automatic action on the computers on the network immediately.
  • Customizable according to the client’s needs.
  • Access control based on comprehensive and customizable policies.

Success stories

We have a NAC solution implemented in more than 800 administrative and branch offices, for the control of the wired network and corporate wireless network and third parties.

We have a NAC solution implemented in more than 100 administrative and branch offices, for the control of the wired network and corporate wireless network and third parties.

We have a NAC solution implemented in 3 administrative offices and branches, for the control of the wired network.

Captura y Análisis de tráfico

IDS - Intrusion Detection

The Intrusion Detection System (IDS) is a product based on an open source technology called Snort.

It is responsible for monitoring the behavior of devices based on traffic analysis to identify anomalous behavior, use of unauthorized applications, communication with insecure domains.

Features of our IDS
  • Monitoring of IoT devices.
  • Internal and external traffic monitoring.
  • Integrates with mixed network infrastructure (multiple brands and technologies).
  • It operates over SD-WAN.
  • Installation: Bare metal, virtualized environment.
Benefits of our IDS
  • Information about the behavior of users on the network.
  • Traceability of internal and external navigation of users.
  • Transparent to the end user.
  • Behavioral statistics.
  • Traffic capture.
  • Parameterizable signatures.
  • It is integrated as a source to the controls already established in the company’s security ecosystem.
  • Continuous updating of signatures according to customer needs and global trends and typical of the sector.
  • Detection and immediate alert
  • Early warning of ransomware attacks, phishing, vulnerability scanning, malware, communication with malicious domains, unauthorized connections

Success stories

We have an IDS solution implemented in more than 800 administrative and branch offices, with more than 20 thousand rules applied to detect anomalous behavior on the network.

We have an  IDS solution implemented in more than 100 administrative offices and branches.

We have an  IDS solution implemented in 3 administrative headquarters and branches.

Captura y Análisis de tráfico

Event Correlation (SIEM)

The correlation tool is based on an open source technology.

It is responsible for the collection and processing of logs to perform an analysis and alerting of events generated by the integrated controls.

Features of our SIEM
  • Monitoring, alerting of devices with Windows, Linux and MAC operating systems.
  • Vulnerability analysis and management module
  • Network asset discovery module.
  • Integrated with OTX (threat intelligence platform).
  • Actions can be defined to be executed automatically in the event of an event.
  • Categorization of events.
Benefits of our SIEM
  • Analysis of custom rule rules logs to detect events of interest.
  • Transparent to the end user.
  • Inventory and statistics of devices on the network.
  • Reports and statistics of device behavior.
  • Personalized, business-oriented monitoring dashboards.
  • It is integrated as a source and / or destination with the controls already established in the company’s security ecosystem.
  • Continuous update of correlation directives according to customer needs, global trends and industry-specific.
Análisis Forense

Vulnerability scan

The vulnerability scanner is a product based on an open source technology.

It is a solution that is responsible for the detection and management of vulnerabilities in computer systems.

Features of our Vulnerability scan
  • Reports and statistics on the compliance of the baseline of the devices in the network.
  • Specific policies by operating system, applications, services and standards.
  • Continuous updating of personalized policies according to customer needs and global trends and typical of the sector.
  • Integration with WMI for windows devices.
Benefits of our Vulnerability scan
  • Traceability and statistics on the baseline of the devices on the network.
  • Specialized team to issue recommendations for evaluation guidelines.
  • It is integrated as a source to the controls already established in the company’s security ecosystem.
  • Possibility of creating custom policies.
  • Evaluation of computers remotely using the VPN.
Captura y Análisis de tráfico

TheAgent

Our Extended Detection and Response (XDR) platform is a next-generation tool for continuous monitoring and response to advanced threats. It is focused on providing the right visibility, with the insights to help security analysts discover, investigate and respond to threats and attack campaigns across multiple endpoints.

 It helps detect hidden exploit processes that are more complex than a simple signature pattern, and that can be used to evade traditional antivirus systems. In addition, TheAgent provides active response capabilities that can be used to block a network attack, stop a malicious process or quarantine a malware infected file. TheAgent also assists companies in managing their cybersecurity compliance efforts during certification efforts such as ISO 27001, SOC2, and GDPR.

Solution for detection and extended response to advanced threats Adequate visibility of information Detect hidden exploit processes Provides active response capabilities that can be used to block a network attack

 

Solution for detection and extended response to advanced threats Adequate visibility of information
Detect hidden exploit processes Provides active response capabilities that can be used to block a network attack

 

Success stories

Logo Daabon

One of the 100 largest companies in Colombia dedicated to the export of agricultural products.

There is a HIDS solution implemented on VMware, where more than 130 Windows and Linux servers are monitored.

Logo Parque Explora

We have TheAgent solution for monitoring the integrity of files and critical paths, compliance with security standards, detection, alerting and response to threats. with more than 276 agents deployed on the structure of Parque Explora

Features of TheAgent
  • Monitoring, alerting and control of devices with Windows, Linux and MAC operating systems and cell phones.
  • Report of installed software, active processes and services, enabled ports.
  • Windows registry scan.
  • File and Directory Integrity (FIM).
  • Active response to non-compliance with a policy.
  • Evaluation of standards such as PCI DSS, HIPAA, GDPR.
  • Detection of vulnerabilities in installed software.
  • Detection of rootkits and hidden processes.
  • Integration with search engines and evaluation of reputation as a total virus.
  • Mass deployment of policies.
  • Benchmarks based on international standards.
  • Installation: Bare metal, virtualized environment, containers.
Benefits of TheAgent
  • Easy and massive agent installation.
  • Centralized creation of custom rules to detect events of interest.
  • Centralized deployment.
  • Transparent to the end user.
  • Inventory and statistics of controlled assets.
  • You do not need to be on the corporate network to be active (you must have an internet connection).
  • Reports and statistics of team and / or group behavior.
  • Personalized, business-oriented monitoring dashboards.
  • It is integrated as a source to the controls already established in the company’s security ecosystem.
  • Continuous updating of rules according to customer needs, global trends and specific to the sector.
  • Processing and analysis of large volumes of data through the ELK stack.
  • Application of machine learning algorithms to detect anomalies.
  • Adjust to international standards to maintain the safety and health of the equipment.
  • Fully customized and automatically executed bash and powershell scripts.
  • Integration with various data sources.
Captura y Análisis de tráfico

The Frame

Our Secure Agnostic Computing Platform enables the secure convergence of different digital infrastructure environments such as cloud (public, private, and hybrid), edge, Data Center, WAN or Campus. It is based on integrated Open Source tools and allows the instantiation of different solutions as modules (XOC, DevSecOps, Cloud Security, and more).It has two main components: the HCI (Hyper Converged Infrastructure) and Orchestrator.

The HCI component is a modern, open, and interoperable hyperconverged infrastructure solution designed to help operators simplify their compute stack. Built on a foundation of cloud-native solutions, when used with the Orchestrator, virtual and container workloads can be easily managed and secured in parallel, helping businesses consolidate the complexity of their infrastructure and change scale with confidence.

DevOps transformation Security as Code Compliance Container segmentation
DevOps transformation Security as Code
Compliance Container segmentation
Benefits of our TheFrame
  • Cost-benefit
    • Helps you remove VMware to save costs
    • Measure the efficiency of spending
    • Not Subject to a Single Vendor Lock-in Provider
  • Positive Impacts
    • Security Convergence
    • Green Computing
    • Hyper Scalability
    • Simplify Deployments
    • Increase Flexibility
    • Integrated cluster security benchmarking
  • Differential Factors
    • Quick and Easy Installation
    • Fluid Updates
    • Follows and Extends Industry Standards
    • DevOps is integrated
    • Centralized Kubernetes security

Contact Us

Schedule a consulting appointment