Information security

Building a secure enterprise begins at the foundation – its IT infrastructure (network, servers, platforms, etc.) – and continues with the protection of key business applications, data and devices used by employees. Well-designed security provides companies with the ability to manage risk and ensure reliable operations.

On the one hand, security measures must protect the company against advanced security threats, while on the other, they need to comply with regulatory requirements. They need to support all the requirements of a modern business, where protection of key business data, applications, processes and infrastructure is the foundation of a secure business and requires multi-level approach to security. The ability to communicate and exchange data securely and reliably brings various competitive advantages for companies. When data leaves a company’s internal environment, it is exposed to security risks. The key to success is finding the right balance between risk management and employee productivity.

S&T Slovenija offers:

• Reliable next-generation firewalls
• Systems to prevent intrusion and protection against advanced persistent threats
• Virtual environment security
• Protection of web servers and user applications
• Application, service and user control and web filtering
• User security when connecting to the internet from various devices
• E-mail protection
• Network traffic management and workload balancing
• Encryption of data during transmission and when stored on a device
• Protection against data leaks and abuse
• Advanced anti-virus protection
• Security solution management

By selecting the right combination of security solutions and a protection level, we help you deploy a reliable and secure foundation for your business.

Comprehensive approach

We provide multi-tiered protection that’s customized to your needs and your business.

Experience

We have over 20 years of experience with leading security solution providers and employ professionals with the highest-level qualifications.

Ensuring secure operations

Ensure business continuity, productivity and compliance with regulations and standards.

Significantly reduced risk

These solutions enable companies to measurably reduce risks and prove regulatory compliance to supervisory bodies.

Cutting-edge business security

End users remain the most vulnerable component of information and data security. User errors or malicious actions mean that you need to focus on protecting end users.

End-user security is one of the key aspects of a secure enterprise. Employees are increasingly mobile and they use growing numbers of devices. Companies simply cannot keep up to effectively balance the dynamic business needs of a modern user and the need for adequate security. Users increasingly use mobile devices and technical resources for both personal and business purposes, which further increases complexity and gives rise to new security challenges.

S&T Slovenija offers:

• Advanced anti-virus protection for all end-user devices
• Data encryption for mobile devices
• Mobile device management (MDM)
• Public key infrastructure (PKI)
• Data loss prevention (DLP)
• Identity and access management (IAM)
• 2-factor authentication
• End-user management
• Employee training to increase security awareness

Well-protected end users and their data represent a less attractive target for hackers who try to breach their networks and steal data as even cyberattackers manage their risks and prefer to focus on easier targets.

Solutions ensure secure operations and employee productivity.

User-friendly approach to security

Issues are resolved without user downtime.

User authorization

Only authorized users and devices can access IT resources in accordance with their permissions.

Critical information protection

We ensure the protection of business-critical information against internal and external threats.

End user security

Data is at the core of any company or organization. Unauthorized access to data or theft seriously affect a company’s reputation as well as cause measurable damage either by preventing the company from doing business or by reducing its competitive advantage.

All events concerning access to data stored in databases are recorded and stored in real time. At any time, administrators can see when, where and who had access to data. The solution logs direct access of privileged users as well indirect access by non-privileged users using various clients or application processes.

The benefits of implementing a system for tracking database events:

• Tracking database access and event analysis
• Providing an audit trail for production traffic and monitoring access by privileged users
• Controlling access to important data and blocking unauthorized activities
• Protecting the database environment from abuse
• Discovering and preventing security anomalies in the traffic reaching your databases
• Managing database server vulnerabilities
• Best practice-based insight into database server and database structure and configurations
• Discovery and assessment for data stored in databases
• Data discovery – discovering where structured data is stored
• Discovering partial or complete database copies in individual subsidiaries
• Data protection – data masking, data minimization, data encryption
• Ability to implement a firewall
• Ability to deploy security patching
• User rights management to control access to confidential data

Regulatory compliance

Ensure and prove regulatory compliance (GDPR, Personal Data Protection Act, etc.).

Data security

Protect the organizational intellectual property and maintain competitive advantage.

Non-invasive method

This method does not increase the workload on database servers and applications.

Suitable for all organizations

The solution operates independently from the database type and brand.

Data protection

SOC is a comprehensive response aimed at improving information and cyber security

Improving the general level of IT and cyber security means that you need to deploy an improved security balance by using and focusing on operating a Security Operations Center (SOC) as the central platform that improves your ability to detect, monitor and respond to security incidents.

In recent years, many enterprises have been facing organized cyberattacks. It is entirely clear that security systems are no longer up to the task of preventing advanced threats as most networks use intrusion detection and prevention systems based on known attacks. These systems cannot detect advanced persistent threats (APT) which are directed at and prepared specifically for the selected environment. Considering modern threats and increased accessibility and connectivity of the digital infrastructure, security teams are aware that their environments are under constant threat. The time is up for security systems as we know them today. We need new practices that are based on understanding the different stages of an attack and make it possible to continuously monitor and quickly detect threats.

SOC organizational maturity level is best measured with three proven and interlinked categories: people, processes and technology. All these categories must work together to ensure successful SOC operations.

SOC services:

• Detecting and reviewing cybersecurity incidents
• Discovering IT system vulnerabilities
• Penetration testing
• Establishing honeypots
• Reviewing source code
• Authenticating and analysing malicious code
• Defining security assumptions for IT systems
• Reporting on incidents to stakeholders
• Raising awareness and training
• Threat modelling

S&T Slovenija has extensive experience in implementing and managing the operations of a SOC.

Breadth

Regardless of the security solutions that have already been deployed, S&T Slovenija can build on them and extend their functionality.

Methodology

When deploying and working on a SOC, S&T Slovenija depends on renowned methodologies, such as SANS.

From analysis to execution and operational management

S&T Slovenija offers SOC analyses and studies, deployment of individual SOC components and operational management.

SIEM

A modern SIEM system is a core component for detecting security incidents and cyberattacks and the basic tool of the Security Operations Center (SOC).

Traditional SIEM systems have been around for a long time, although they were traditionally limited to compliance and focused on collecting network and security infrastructure log data to provide a type of log management functionality.

Modern, second-generation SIEM systems are more than just compliance tools. They provide protection against various security incidents and cyberattacks. They allow you to quickly identify threats and respond and reduce the time from the start of the incident to the moment it is detected while also shortening the time needed to respond and eliminate the incident.

Where event correlation is important, SIEM system information sources are not limited to logs. Instead, they also include network behaviour, data traffic analysis and activities on end-point devices (servers as well as end-user devices). To provide transparency across all three levels, SIEM systems use dedicated modules or we integrate them with point solutions.

Despite all that, SIEM is just a technology that cannot deliver the expected results without competent people and well-defined processes.

A SIEM system is a key element for operational security and ensuring compliance with regulations such as GDPR, EU NIS and the Act on information security.

Insight into IT system operations

Get transparent insight into IT system operations.

Identify threats quickly

SIEM provides the ability to identify threats and respond to them quickly.

Security incident detection

Effectively and quickly detect and remediate security incidents.

Regulatory compliance

SIEM ensures compliance with regulations such as GDPR, EU NIS and the Act on information security.

Data Loss Prevention

Data loss prevention is a solution that helps you unobtrusively and transparently monitor how data is used, centralize management of data handling policies and protect against accidental and intentional data leaks.

A data loss prevention system provides users with the ability to access and use data for business purposes while at the same time preventing irregular usage or the disclosure of data to the wrong parties.

It enables you to monitor compliance with adopted security policies and rules for using business data and information and raise the user awareness of irregular handling of data. It also provides various types of notifications to third parties when irregular data use is detected.

The implementation of a DLP solution is one of the most important measures if you are looking to improve the security of your business environment. Above all, you can use it to directly ensure compliance with the GDPR directive by:

• Providing the ability to discover data locations, classify data and identify personal data across the entire company;
• Ensuring real-time protection and personal data access control and preventing abuse, leaks and theft of personal data based on various security profiles;
• Supporting the entire information management lifecycle as required by GDPR;
• Preventing abuse and loss of personal and other data during the prevention stage;
• Providing accurate reports for regulators and inspectors when discovering and taking measures to address suspicions of the abuse of personal and other types of data.

DLP solution provides proven measures to discover, manage and protect confidential data, regardless of whether they are stored or being actively used. Companies and organizations can use it to measurably mitigate risks, prove compliance with regulations to supervisory bodies and, last but not least, protect their goodwill and intellectual property.

Regulatory compliance

Ensure and prove regulatory compliance (GDPR, Personal Data Protection Act, ISO, SUVI, etc.)

Data security

Protects organizational goodwill and intellectual property.

Simplified data management

Provides the ability to discover data locations, classify data and identify personal data across the entire company.

Employee awareness

Improves employee awareness and their work while encouraging people to behave securely.

GDPR

GDPR compliance services and solutions

S&T Slovenija is one of the largest providers of IT services and solutions in Slovenia and offers various GDPR services and solutions. Our “GDPR Ready” approach allows companies to achieve GDPR compliance within a specific period.

S&T Slovenija offers:

• Legal advice (legal acts, consent, statements, agreements)
• Technical consulting (project verification, assessment, gap analysis and definition of measures for achieving compliance, security audits, security policies, incident response policies)
• Audits
• GDPR training
• Infrastructure solutions for GDPR compliance
  • Data discovery (locations of structured and non-structured data),
  • Data protection (data access control, controlling communication channels, encryption mechanisms, data masking, data minimization, SIEM, audit trails)
• Business solution upgrades (ERP system extensions, such as data masking, data minimization, data access control).

Comprehensive approach

S&T Slovenija offers a comprehensive compliance approach that includes consulting, solution implementation and audits.

Extensive knowledge

S&T Slovenija employs a broad range of professionals from various fields and consultants so it can take on even the most complex GDPR compliance projects.

We have more than 20 years of experience in offering compliance solutions, such as ISO 27001, PCI, etc.

GDPR as part of IT security

Protecting personal data is just a piece of the larger information security puzzle, where S&T Slovenija has extensive experience.