Information Security

Information Security

Softline has formed one of the most powerful information security teams in Russia. Hundreds of projects a year and our experts presence in the regions enable us to guarantee our customers a combination of high quality and reasonable cost of implementation of the IS system. We offer a wide range of solutions - from DLP and PD security to projects on protection against targeted attacks, fraud, ATP, as well as APCS security and safety. We believe that support of IS in cloud infrastructure (SoftCloud was PCI DSS certified) and provision of IS services from the cloud within the entire territory of the Softline group presence is a perspective line of development.

40+
sector-wide and single-technology consulting experts (including more than 15 in the regions)
50+
architects, design engineers and implementation engineers in major cities of Russia - from St. Petersburg to Vladivostok
20+
project managers and product managers

Web Service Security

  • The variety of modern web services— from online banking to arrangement of a visit to a doctor — is so wide that substantiated vulnerability analysis and flexible security approaches become a must-have. Our integrated approach includes:

    • Web Application Firewalls (WAF) to detect and block web resource attacks on the application layer;
    • DDoS protection tools;
    • vulnerability analysis services and tools that allow to optimize security systems configuration;
    • penetration testing — a proactive approach to vulnerability detection;
    • analysis of web application source code using specialized tools.

Conventional Information Security Solutions

  • We have a deep knowledge of all popular information security tools, such as email and web filters, antiviruses, firewalls, etc. We are familiar with a large spectrum of products from dozens of vendors, we help clients to choose the optimal solutions based on their requirements to functionality and cost, and assist in integration of these solutions into the existing infrastructure.

    Web and Email Protection

    Softline offers solutions for blocking dangerous or undesirable web traffic from the world’s leading vendors.

  • Server, Workstation, Virtualization and Mobile Device Security

    Endpoint protection tools, firewalls and antiviruses for workstations are the most popular information security products, and dedicated tools for protecting mobile access, virtual infrastructures and databases solve more specific tasks.

    Network Protection

    The tasks of intrusion detection and prevention are solved by firewalls, IDS/IPS and VPN solutions. Firewall management solutions enable the analysis and optimization of the sophisticated and sometimes contradictory settings and configurations issues that originate from a typically long history of a corporate network.

Access Management

  • An efficient access management system should enable control of all the stages of employee access to information resources and create no inconveniences for business users. We are ready both to solve separate access management tasks and implement integrated solutions, which include:

    • IDM systems for identity and corporate application access management, as well as SSO tools;
    • PIM solutions for controlling the administrators’ activities, access right limitation, suspicious activity tracking;
    • Access right management tools for unstructured data storages (for example, file shares), and solutions for activity audit.

Fraud Protection

  • Fraud protection systems

    These systems automatically detect fraud attempts using the digital footprint that inevitably remains in information systems, and immediately spread the alarm. We know the fraud scenarios used in retail, logistics, and banking, and we use this knowledge to develop effective anti-fraud systems designed to detect real-life threats.

    Host Intrusion Detection

    We know how to create solutions that can detect infected devices and compromised client IDs, thereby preventing the fraud attempts in the field of online payments.

  • Contractor Verification Systems

    These solutions can be used to check a large number of contractors automatically by comparing and matching data from various sources. Our experts understand the specifics of verification in various industries and know how to use their competences in the systems they develop.

Protection From Targeted Attacks

  • The attacks targeted at particular organizations or companies are planned and executed in such a way that the standard security tools are unable to detect a threat. We offer our clients specialized tools for targeted attack detection. They launch suspicious code in a sandbox (isolated environment) and analyze abnormal network activity.

Critical Infrastructure and Industrial Security

  • The main information security task in manufacturing industries is ensuring continuity and safety of technological processes. Although there are a lot of specific solutions for controllers, sensors and control devices, such as fool proofing or physical isolation of critical systems, the risks typical for non-industrial systems (such as viruses and attacks) are becoming more common for plant control systems now due to the increasing use of conventional networking and software solutions (i.e. Ethernet and Windows) in industrial applications. Our vulnerability audit service for industrial systems allows to quickly developing a pilot project at a minimal cost, as it does not require the elaboration of project details or collection of vendor recommendations.

DLP and Access Right Management

  • We implement all the types of systems that provide data leak and unauthorized access protection:

    • DLP — the technologies that prevent data from leaking beyond the corporate perimeter;
    • IRM systems that limit the document access rights and log user activities;
    • Other solutions, such as secure file storages, encryption and information classification tools.

Compliance

  • Many our clients need to prove the compliance of their activities with the information security regulations, including the regulations on personal data protection. We offer and deploy certified information security tools, implement business processes, ensure corporate governance, and help clients to pass certification.

Information Security Operations Centers

  • At a certain IT maturity level, organizations need to establish a centralized information security operations management system. Such a center provides a full vision of the current state of information security assets, enables elimination of non-conformances in due time and ensures the required information security level. The main functions of such a center are:

    • event monitoring, user activity audit, vulnerability management;
    • incident management;
    • monitoring the compliance with legislative requirements and standards.