serious consequences, such as the loss of control over processes, physical damage to infrastructure, and even, in the most serious cases, the loss of human lives. Last but not least, we decided to invest in modern local backup systems and in the Cloud, which allow us to reboot our infrastructure directly in the Cloud (DRaaS - Disaster Recovery as a Service) in the event of emergency situations occurring in the company. All these systems aim to provide us with good protection against cyber attacks by allowing us to identify them as early as possible and thus giving us the possibility to react quickly to them. This prevents their equally rapid deployment in the company with the consequent reduction of downtime of systems and core business. A Security Operations Centre (SOC) is a specialised environment dedicated to real-time surveillance and monitoring of IT security 'events'. SOC integrates advanced technologies, such as threat detection systems and behavioural analysis, together with highly specialised professionals, to detect and mitigate potential security threats of data and systems. A firewall is a device or software that controls network traffic between two different networks. The firewall can be used to protect a private network from a public network, such as the Internet. Firewalls work by analysing the data packets that are exchanged between two networks and use security rules to determine whether to allow or block a data packet: they can thus prevent access to unauthorised users, prevent the spread of malware in the network, and counter DoS 'Denial of Service' attacks, a type of cyber attack that aims to disrupt access to a website or service. EDR (Endpoint Detection and Response) software is able to detect malicious software from the earliest days and intervenes automatically when it performs unusual operations. EDR refers to a security solution that enables rapid detection and response to cyber threats on all devices in the corporate network that have an operating system (Microsoft, MacOS, Linux), such as desktops, laptops, workstations and servers. EDR uses a number of techniques to detect threats, including: analysing the behaviour of processes and files, analysing authorisations, analysing network traffic. Once a threat is detected, the EDR can be configured to autonomously block the execution of the process or file, isolate the compromised device and notify the system administrator. A defence ecosystem based on advanced information systems. Firewall EDR 18
RkJQdWJsaXNoZXIy NzYzOTY1