Security Solutions - Provis Bilgi Sistemleri

Data Leakage Prevention Solutions

DLP (Data Leakage Prevention) is a technology to prevent valuable data in the information security be found by others. Today, the companies have to determine and monitor all data they use or keep and to provide security. It is important that there are DLP solutions in your company or for you to be prepared for official audits.

This system which prevents important data of the companies be found by others can be mostly implemented in all network structure or put a barrier at the final user level.

Data Categorization

One of the fundamental of data security and the most important topic titles is labeling data by categorizing them. Initially, the corporate data in different formats and environments should be structurally categorized and its importance degree should be determined.

The necessary precautions may be taken to protect the critical data over this fundamental created. The category information can be used to prevent data leakage.

Data Categorization

One of the fundamental of data security and the most important topic titles is labeling data by categorizing them. Initially, the corporate data in different formats and environments should be structurally categorized and its importance degree should be determined.

The necessary precautions may be taken to protect the critical data over this fundamental created. The category information can be used to prevent data leakage.

Data Governance

Data Governance is the general management of data availability, conformity, usefulness, integrity and security in a company. It is possible to determine by who and how sensitive data is accessed, to implement access rules, to provide access to folders and files only the employee is authorized to with these solutions. The functions of data governance solutions are determining access habits of the users and detecting abnormal access, categorizing data based on folders and reducing risks by assigning data responsible.

Database Security

Logging of database activities, monitoring and inspecting of access to the critical objects and sensitive data, providing security for databases are achieved by solutions named Database Activity Monitoring (DAM) or Database Firewall. Unauthorized accesses are prevented; database is logged separately from SIEM solutions and detailed analyses are conducted on database firewalls.

Database Security

Logging of database activities, monitoring and inspecting of access to the critical objects and sensitive data, providing security for databases are achieved by solutions named Database Activity Monitoring (DAM) or Database Firewall. Unauthorized accesses are prevented; database is logged separately from SIEM solutions and detailed analyses are conducted on database firewalls.

Firewall Solutions

We offer firewall solutions to eliminate increasing risks at the present time, to take necessary precautions and to provide safe function of your company thanks to business partnerships with the leading trademarks in the sector.

The firewalls which are categorized as traditional (UTM) and Next Generation check basically your incoming and outgoing network traffic and prevent people who are unauthorized or you do not want from accessing your computer or your computer network by using various ways. In next generation firewalls, the rules based on user or group can be typed instead of IP and some permissions based on application can be given. Besides basic firewall functions, some features such as IPSEC, VPN, IPS, URL filtering, anti-virus, hotspot etc. can be offered with next generation firewalls.

Attack Detection and Prevention Systems

They are systems which detect and prevent undesired packages and behaviors on the network by using signature detection system. IPS solutions which provide protection against known attacks, unknown zero day attacks, mutated attacks and DoS/DDoS attacks can be network or host based. Today, the firewalls are not sufficient for network security; IPS solutions providing detailed package analysis are required for threat management.

Attack Detection and Prevention Systems

They are systems which detect and prevent undesired packages and behaviors on the network by using signature detection system. IPS solutions which provide protection against known attacks, unknown zero day attacks, mutated attacks and DoS/DDoS attacks can be network or host based. Today, the firewalls are not sufficient for network security; IPS solutions providing detailed package analysis are required for threat management.

DOS/DDOS Protection

Distributed denial of service (DDoS) attack is one of the most important cyber threats of our present day for companies. All of the events which aim to prevent any presentation, broadcasting or trade are conducted to prevent the actual job by creating actual or modified density are in the scope of DDoS. These attacks are conducted by basically consuming bandwidth or using a vulnerability on the service. The hardest part of preventing DDoS attacks is separating of actual user traffic and attack traffic under dense request. For separation and proactive protection, hardware based DDoS protection solutions are necessary.

Network Access Control Solutions

Network Access Control (NAC) is a security technology which reviews the conformity of those who use communication network of the company to the security policy of the relevant company. With NAC, it is only allowed for reliable notebooks, computers, servers and PDA’s which complies with the corporate network policies of the company to connect to the network of the company.

We offer consultancy, technical support, installation and maintenance services about Cisco ISE NAC solution for you to make your network visible and controlled.

Network Access Control Solutions

Network Access Control (NAC) is a security technology which reviews the conformity of those who use communication network of the company to the security policy of the relevant company. With NAC, it is only allowed for reliable notebooks, computers, servers and PDA’s which complies with the corporate network policies of the company to connect to the network of the company.

We offer consultancy, technical support, installation and maintenance services about Cisco ISE NAC solution for you to make your network visible and controlled.

Malicious Code Analysis and Threat Management Solutions

These solutions which enable you to make malicious code analysis and threat management are named as APT (Advanced Persistent Threats). Malicious contents, exploits, trojans, callback traffics, backdoor attempts, cryptolocker and ransomware variants can be detected with APT solutions. Malicious software which are just discovered and known as zero day, not based on signature is detected and prevented by operating in different operating system images in these solutions.

Security Event Management and Logging

SIEM – Security Information and Event Management solutions are based on security operation center used in detection of cyber security events by collecting and centralizing logs from sources in the infrastructure. SIEM and log management solutions are of great importance to comply with the law of 5651, to keep safe and retrospective records, to correlate and to be aware of risks.

Security Event Management and Logging

SIEM – Security Information and Event Management solutions are based on security operation center used in detection of cyber security events by collecting and centralizing logs from sources in the infrastructure. SIEM and log management solutions are of great importance to comply with the law of 5651, to keep safe and retrospective records, to correlate and to be aware of risks.

Constant Security Verification and Improvement

Constant security verification and improvement software helps you to measure cyber threat preparation for 24/7 and to apply rapid improvement. These solutions provide very important added values such as following current threats, to measure your security maturity level, to increase the efficiency of your security solutions and to manage security risks. By using this software, we can help your evaluation, measurement and improving procedures in security processes and measure your cyber security infrastructure and make it effective and strong.

End Point Security

These are solutions providing necessary threat protection and data security to protect your users and corporate data in all devices and applications. We offer end point security solutions providing anti-virus, protection against malicious software, packetizer derivatives, encryption, device control, prevention of data loss, weakness protection, command and control prevention, protection against browser attacks, whitelists of applications, action monitoring, protection against web threats and other advanced threats with protection layers more than one.

End Point Security

These are solutions providing necessary threat protection and data security to protect your users and corporate data in all devices and applications. We offer end point security solutions providing anti-virus, protection against malicious software, packetizer derivatives, encryption, device control, prevention of data loss, weakness protection, command and control prevention, protection against browser attacks, whitelists of applications, action monitoring, protection against web threats and other advanced threats with protection layers more than one.

Server Security

There are virtual patch management in the servers, protection against malicious software for web, firewall based on main machine, unauthorized access detection/prevention, integrity monitoring, record inspection, encryption and solutions providing comprehensive security features and containing reliable SSL certificates. You can manage your server security from a single center by the help of agents installed by using these solutions.

Web Security

Web security solutions are the solutions containing URL filtering and Proxy services and authorizing internet access based on categories.

It is important for companies to use internet access provided by the company only for business, to use sources efficiently and to eliminate defects which may be faced in the system by preventing harmful content in the computers used by the final user.

Web Security

Web security solutions are the solutions containing URL filtering and Proxy services and authorizing internet access based on categories.

It is important for companies to use internet access provided by the company only for business, to use sources efficiently and to eliminate defects which may be faced in the system by preventing harmful content in the computers used by the final user.

Mobile Device Management

They are the solutions which check the conformity of corporate mobile devices or personal mobile devices used with the model of bring your own device (BYOD) according to the corporate policies and allow you to manage your devices and applications on them from a single center. It is important to create a safe working environment on mobile devices so that there is no security risk in case the mobile devices are lost or stolen. Since the security solutions of mobile devices have features such as remote wipe security management and control and safe e-mail service, these solutions have gained importance.

Mail Security

The e-mail security solutions prevent junk electronic mails and threats which may be sent via e-mail (spam, virus, malware, phishing, directory harvest, denial of service, bounceback attacks, zero-hour threats). These solutions are required to be integrated into your system in order to reduce risks sent via e-mail and to use e-mail safely.

Mail Security

The e-mail security solutions prevent junk electronic mails and threats which may be sent via e-mail (spam, virus, malware, phishing, directory harvest, denial of service, bounceback attacks, zero-hour threats). These solutions are required to be integrated into your system in order to reduce risks sent via e-mail and to use e-mail safely.

Web Application Firewalls

They are solutions developed to protect web applications from web-based attacks. It is necessary for you to analyze your incoming and outgoing web traffic deeply and take precautions. WAF solutions allow to detect and prevent critical level attacks such as OS Command, XSS, SQL Injection.

Static Code Analysis and Web Application Test Tools

There are solutions which increase security of web and mobile applications, improve application security program management and strengthen compliance with the legal regulations. Testing of web and mobile applications before commissioning may help you to detect security risks and create reports and correction recommendations. It is possible to maintain security of the applications during their life cycles with static and dynamic tests. For this reason, the solutions which provide static code analysis and help you to determine security risks.

Static Code Analysis and Web Application Test Tools

There are solutions which increase security of web and mobile applications, improve application security program management and strengthen compliance with the legal regulations. Testing of web and mobile applications before commissioning may help you to detect security risks and create reports and correction recommendations. It is possible to maintain security of the applications during their life cycles with static and dynamic tests. For this reason, the solutions which provide static code analysis and help you to determine security risks.

Vulnerability Scan

Vulnerability scan solutions allow you to scan operating systems and applications and to report vulnerabilities. It is important to detect and report vulnerabilities in order to close gaps in your system and to prevent potential access attempts. You can use these solutions to control vulnerability analysis for network and system infrastructure in certain intervals and to take action.

Patch Management

It is one of the most important processes of the security to apply patches of the operating systems and applications for software and hardware in the infrastructure. There are patch management solutions with and without agent for finding, applying and reporting of necessary patches. Besides tools such as SCCM, a second patch management solution provides advantages for detecting risks and healthy reporting.

Patch Management

It is one of the most important processes of the security to apply patches of the operating systems and applications for software and hardware in the infrastructure. There are patch management solutions with and without agent for finding, applying and reporting of necessary patches. Besides tools such as SCCM, a second patch management solution provides advantages for detecting risks and healthy reporting.

ayrıcalıklı kullanıcı yönetimi ve denetimi

Privileged User Management and Inspection

The management of authorized (privileged) accounts is one of the most important issues in management of security processes. In most of the targeted attacks, the aim is to get a privileged account information and to use these authorities. It is important to manage, store and record accesses to these accounts and the passwords of the critical accounts in terms of both security management and compliance to the regulations. These solutions allow you to keep your all accounts and passwords safe with the digital case approach. In addition, they provide information by whom, when and how the privileged user accounts are used.

Central Identity Management and Inspection

It is hard to manage all accounts from one point with the singularization of identity in infrastructures in which different operating systems are used. As the platforms such as UNIX, Linux and MAC which are not Windows increase, a great effort is required to manage properly without a security gap.

Central identity solutions make a central verification over Active Directory for users in different systems and collect the identity management in a single center and make it easy. Single-Sign-On and central access policies can be created by integrating UNIX, Linux and Mac platforms in Active Directory. It is possible to manage authorities by role-based authorization and to submit detailed inspection reports by recording transactions made with these solutions.

Central Identity Management and Inspection

It is hard to manage all accounts from one point with the singularization of identity in infrastructures in which different operating systems are used. As the platforms such as UNIX, Linux and MAC which are not Windows increase, a great effort is required to manage properly without a security gap.

Central identity solutions make a central verification over Active Directory for users in different systems and collect the identity management in a single center and make it easy. Single-Sign-On and central access policies can be created by integrating UNIX, Linux and Mac platforms in Active Directory. It is possible to manage authorities by role-based authorization and to submit detailed inspection reports by recording transactions made with these solutions.

Multi-Factor Authentication

Multi-Factor Authentication (MFA) is a technology which increase security level by providing an extra protection layer in addition to your user name and password. It is possible to use multi-factor authentication mechanisms when accessing a computer, application or a network. The attacks made through social engineering and phishing to obtain user information are prevented with these solutions.

Login Record

The basic purpose of login record solutions is to inspect, monitor and isolate access of authorized accounts to Unix, Linux, Windows databases or your other critical systems.

You can record login records and process of your information technology personnel by using these solutions with an agent to be installed in the machine and archive login.

Login Record

The basic purpose of login record solutions is to inspect, monitor and isolate access of authorized accounts to Unix, Linux, Windows databases or your other critical systems.

You can record login records and process of your information technology personnel by using these solutions with an agent to be installed in the machine and archive login.

PDPL Consultancy

There are many important changes for the companies with the Personal Data Protection Law of 6698. Some rules and obligations are determined in issues of storing, processing and providing security of the personal data for all organizations and institutions by the law. If the conditions of the law are not fulfilled, the real and legal persons may face imprisonment besides penalties. Even though some obligations are determined by PDPL, data recording and data transfer are not forbidden if they are carried out in accordance with the law.

Since the transition period has ended, it is important to provide compliance processes to PDPL rapidly and efficiently. For this reason, taking consultancy service from competent persons who are specialized in this subject provides advantage in terms of effort and costs. Since there are administrative, legal and technical processes in compliance to the law, a consultancy service covering all fields facilitates your processes.

As Provis, we offer end-to-end consultancy services in PDPL Adaptation Projects with K&P Legal Law Firm which is our business partner. We help our customers in taking all administrative, legal and technical precautions specified in the law for our customers with this service.

ISO 27001 Consultancy

ISO 27001 is a standard prepared to specify requirements and to create a model to install, operate, monitor, revise, maintain and improve an Information Security Management System. With ISO 27001 certificate, the companies independently show that they act in accordance with the applicable laws and regulations and provide information security with an efficient risk management and consider information security by defining corporate risks. By this means, the companies with ISO 27001 certificate gain a security advantage against competitor companies.

We offer consultancy services for the companies in order to install an Information Security Management System in compliance with ISO 27001 standards. These works consisting of risk analyses, determining proper controls and precautions, developing and documenting of policies, standards and procedures are carried out in accordance with the methodologies specified in the standard. Our anchor point in ISO 27001 BGYS (Information Security Management System) installation is the methodology of Plan-Apply-Check-Take Precaution (PUKO) which is included in ISO 27001 Information Security Management System Standard.

ISO 27001 Consultancy

ISO 27001 is a standard prepared to specify requirements and to create a model to install, operate, monitor, revise, maintain and improve an Information Security Management System. With ISO 27001 certificate, the companies independently show that they act in accordance with the applicable laws and regulations and provide information security with an efficient risk management and consider information security by defining corporate risks. By this means, the companies with ISO 27001 certificate gain a security advantage against competitor companies.

We offer consultancy services for the companies in order to install an Information Security Management System in compliance with ISO 27001 standards. These works consisting of risk analyses, determining proper controls and precautions, developing and documenting of policies, standards and procedures are carried out in accordance with the methodologies specified in the standard. Our anchor point in ISO 27001 BGYS (Information Security Management System) installation is the methodology of Plan-Apply-Check-Take Precaution (PUKO) which is included in ISO 27001 Information Security Management System Standard.

DLP Project Consultancy

If Data Leakage Prevention (DLP) Projects are not properly configured and managed, it is hard to achieve target. There are processes which will require inclusion of all teams with IT team in DLP projects. It is not possible to put DLP projects into practice successfully and efficiently without completing the steps of taking approval of the management, determining and categorizing sensitive and critical data, detection of the movement of the data on the move, determining of safe data flow paths and creating of data map. DLP policies are specially prepared for the customers in accordance with the data map created.

We complete projects by offering consultancy services besides product positioning in DLP and data categorization projects. In this context, we support our customers from the beginning up to completion of the project process.

SIEM Project Consultancy

Security Information and Event Management (SIEM) Solution is one of the most important and comprehensive solutions for security management by IT teams. It is essential to log of all system sources correctly, to display, filter, inquire these logs in a meaningful way, to correlate logs taken from different sources with security perspectives for SIEM projects. It is especially important to parse logs and to write correlation rules for establishing SIEM maturity.

We also offer consultancy services in addition to product supply, installation and configuration processes in SIEM projects. We support our customers in processes of writing of rules in accordance with your scenarios, creating of alarms and providing plugin integrations in solutions with correlation competencies.

SIEM Project Consultancy

Security Information and Event Management (SIEM) Solution is one of the most important and comprehensive solutions for security management by IT teams. It is essential to log of all system sources correctly, to display, filter, inquire these logs in a meaningful way, to correlate logs taken from different sources with security perspectives for SIEM projects. It is especially important to parse logs and to write correlation rules for establishing SIEM maturity.

We also offer consultancy services in addition to product supply, installation and configuration processes in SIEM projects. We support our customers in processes of writing of rules in accordance with your scenarios, creating of alarms and providing plugin integrations in solutions with correlation competencies.

Penetration Test Service

A penetration test is performed for a certain purpose and/or a scenario unlike vulnerability analysis.

It is one of the first steps of proactive security to test, check and report all kinds of vulnerability of the information systems by an external company and/or an institution. External tests are performed to disclose vulnerabilities by approaching all kinds of security gaps that the companies do not realize from a different aspect and working in a coordinated way. We offer these works as black box and white box as inner and outer tests for our customers. It is required to fill the scope form and to determine the details of the work to be done before working on it.