Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

[CONFIDENTIAL]

COMPANY PROFILE
2020

PROTERGO
CYBERSECURITY

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 1

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

1. Executive Summary

Information systems that are currently in development have complexities and

problems with regulatory compliance. In addition, public network connections and
the need of modern organizations (bank, financials, telcos, conglomerates) to face
competitive markets cause considerable challenges in managing information
security.

Losses created from cybercrime provide a gap in the defense of the attacker
compared to the number of attackers. With the increase in losses caused by cyber
crime that has reached an average of more than US $ 15-20 million per
organization in the financial, energy, IT and retail services industries, attackers are
getting smarter to find loopholes. Attacker developed a new method such as
ransomware-as-a-service, which means attackers find it easier to increase the
scale of cyber crime globally.

With the increase in cyber attacks, successful attacks on a single company

amounts to more than 130 cases that can break into the system per year. The
frequency of ransomware attacks alone has doubled, from 13% to 27%. The
WannaCry and Petya incidents endanger and disrupt public services and
companies throughout the world.

One of the most successful and significant attacks in recent years has been theft
of Equifax customer data (consumer credit reporting agents). The consequences
of this cyber crime will destroy the integrity of the company because the company
has consumer personal data on the credit market. Among the organizations we
studied, information loss is the biggest component of loss.

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 2

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

The mission of Protergo is very simple, Protergo

will protect it from cyber-threats.

Protergo uses network and host data to be analyzed by Protergo Cyber-Security

Operation Center (C-SOC). This dedicated team will track emerging threats and
analyze free threats that come from outside of the Open Threat Exchange®
(OTX™) to continuously update the system with the latest security intelligence, so
your company can always monitor the latest security. In addition, the Anti Fraud
Detection System is a tool for actively detecting and providing early information to
customers if someone does a transaction outside the pattern that is usually done
by customers, so as to minimize the crimes that can befall customers.

The benefits of Protergo proposed solution are as following:

• Proven Track Records

o Our executives have over 10+ years of experience in financial services
industries
o Protergo is an alliance with a reputable IT provider in financial industry

• Dedicated Support
o Protergo offers operation support to establish SOC
o Our team has been established in 2018
o Our offers also available 5 days a week (8 hours per day )

• Proven Approach to Implementation and Roll Out

o Protergo adopts a standardized approach to all its implementations,
resulting in:
▪ Faster implementation
▪ Reduced costs
▪ Reduced implementation risks
o Protergo is only Platinum partner in Indonesia of AlienVault
o AlienVault has 1,000+ customers and is a leader in Gartner Quadrant

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 3

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

• Regulatory Compliance
o Our systems provide you compliance with GDPR, HIPAA, ISO 27001,
PCI DSS, SOC 2

• Cost-Effective Offering
o Protergo C-SOC offering of cyber security solution is an efficient and
cost-effective way of obtaining a robust and scalable IT solution without
heavy investments

• Active and experience in Indonesia

o We are supporting the secure digitalization at some of the key
Indonesian banks (MNC, Bank INA, Bank MAS, etc.), some of the key
Indonesian fintech (Fortress, Ottopay, etc.), some of key Indonesian
infrastructure players (DCI/data center, Protelindo, etc.) and some of the
key Indonesian Conglomerates (Salim, Wings, Djarum/ Protelindo, etc.).

Through services managed by us, Protergo can offer organizations with the best
value for Cyber Security solutions.

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 4

Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 5

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

2. Company Profile
Protergo is a technology company focusing on delivering cyber security world-class
solution and services to various market segments and one of our key focus areas
is the financial service industry. In addition, Protergo is the only Platinum AlienVault
Partner in Indonesia. Protergo can help businesses that have deployed or are
considering deploying C-SOC to bridge the skills and resource gap, in order to
enhance threat detection capabilities and reduce the budgetary and operational
challenges of managing cyber security in-house.

Protergo Cyber-Security Operations Centre (C-SOC) is operated by an expert team

of analysts and engineers, which enables customers to benefit from industry
leading expertise, without having to recruit these hard-to-find security experts. Our
dedicated support and professional services teams provide the expertise needed
to deploy, configure and optimise C-SOC systems – on-premise, cloud and on
virtual environments. We monitor, tune and maintain each deployment to ensure
optimal performance.

Moreover, our team of over 300 IT resources provides a wide range of solutions
and services for the financial service industry from infrastructure (data center and
DRC facilities), to hardware network.

Certifications
• Certified Ethical Hacker (CEH) by EC-Council
• Certified Security Analyst (CEH) by EC-Council
• CompTIA CSA+
• CompTIA Security+
• CompTIA Linux+
• OSCP (Offensive Security)
• GIAC Exploit Researcher and Advanced Pen. Tester
• Aspara Cloud – Cloud Computing Specialist by Alibaba Cloud
• CCNA – Cisco Certified Network Associate Routing and Switching
• Microtik MTCTCE
• Microtik MTCNA

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 6

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

• Junior Technical Support by ICT Professional Certification Body

• Network Technician by ICT Professional Certification Body
• CCNA Security by Cisco Networking Academy
• Windows 2008 Server Environment
• Computer Hacking and Forensic
• Fundamental of Cybersecurity Architecture
• Alienvault OSIM
• Incident Response and Advance Forensic
•
Capabilities and Asset

The key differentiator of Protergo is our approach to project execution and

implementation strategy that simplify and standardize processes to ensure short
implementation time and is outlined in our implementation methodology.
Protergo has a broad range of capabilities and assets:

• Protergo’s capabilities:
- Cyber-security operation center: end-to-end monitoring and
logging of system to alert of potential attacks/ issues
- Penetration testing: attacker’s mindset to check potential
vulnerabilities in the systems
- Cyber security maturity assessment: assessment of the level of
maturity of the organization

• Protergo’s technological assets:

- Best-in-class cyber security information system
- Open threat platform with >65,000 participants in 140 countries
that updates threats daily –malicious IPs, email, file hashes,
ransomware
- >10,000 correlation rules updated weekly to identify suspicious
activities and attacks within your network – new/ different types of
attacks

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 7

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

3. Protergo’s Solution
The software provided as a service package is provided in such a way you’re your
organization can reduce capital expenditures and convert costs into operational
costs that are paid annually. This initiative will also modernize the entire IT
infrastructure to be able to harmonize in the current era of digitalization.

Protergo offers the solutions as follows:

(1) C-SOC, Cyber-Security Operation Center
(2) Penetration testing

The benefits of these solutions are as follows:

Costs
• Cost effective solution to cover your organization from cyber-threats
• Setting up your own SOC may cost ~10-50x more than the Protergo
solutions
• Scalable solution that can grow/ be reduced according to your infrastructure

Speed
• Ensure protection since the day-1
• Tools and systems that ensure that the solution is deployed extremely fast

Effectiveness
• World-class solution and tools
• Minimize risk and threat (outside and inside)

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 8

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

3.1. Security Operation Center

Protergo Cyber-Security Opertion Center, offers 5 critical components illustrated
into Figure 3.1 below:

SECURITY ASSET DISCOVERY

INTELLIGENCE Active Network Scanning
SIEM Event Correlation Passive Network Scanning
Incident Response Asset Inventory
powered by Host-based Software Inventory
AV Labs Threat
Intelligence

BEHAVIORAL VULNERABILITY
MONITORING ASSESSMENT
Log Collection Continuous Vulnerability Monitoring
Netflow Analysis Authenticated / Unauthenticated
Service Availability Monitoring INTRUSION DETECTION Active Scanning
Network, Host & Wireless IDS
File Integrity Monitoring

Figure 3.1 – 5 critical components of the Cyber-Security Operation Center

The Protergo C-SOC has 5 critical components, described below.

• Asset discovery
Even a moderately complex network topology can cause operators to be
faced with difficult access procedures, requiring manual steps to discover

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 9

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

assets in remote network segments and adding to the long-term cost of

managing the solution. The Asset discovery functionality identify the latest
operating systems, applications, and device types across your critical
infrastructure. This is achieved through 2 types of monitoring:
• Passive network monitoring
By passively monitoring the network, traffic hosts and installed
software packages, identifying the protocols and ports used in the
captured traffic.

• Active network scanning

Active scanning probes the network to try and elicit responses from
machines. Based on the response, the tool will identify the machine
and the software installed on the machine.

These techniques can be employed individually or together with one

another. Each approach requires a different amount of access to the
environment to be inventoried; using a variety of approaches ensures that
some information can be gathered even from tightly controlled
environments.

Protergo team will work together with you to ensure that based on your
requirements, one or more of the techniques listed above will be used to
provide the most accurate picture possible.

• Vulnerability assessment
As with asset discovery the deployment of vulnerability assessment can be
a logistical hurdle. Our solution provide a flexible approach in tightly
controlled environments as well as provide for centralized management of
the vulnerability assessment scans in environments with complex network
topologies.

Protergo Vulnerability Assessment you can find the latest

vulnerabilities on all your systems and services with dual database
coverage

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 10

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

Active network scanning

An active network scan actively probes hosts using carefully crafted network
traffic to elicit
a response. This combination of the targeted traffic and the
subsequent response allows
an analysis engine to determine the
configuration of the remote system and the software packages running on
the system. This combined with a database of known vulnerabilities allows
the analysis to produce a list of vulnerabilities that are present on the
system.

Host-based assessment
Using access to the file system of a system, an analysis engine can perform
a more accurate and comprehensive detection of vulnerabilities by
inspecting the installed software and comparing the detected software
packages with a list of known vulnerable software packages.

As both of these methods rely on a database of known vulnerabilities, it is

important that they are performed periodically. Researchers publish
information about new vulnerabilities constantly, and having an up to date
database is the only way to ensure that your analysis engine can detect all
of the latest vulnerabilities. For this purpose, Protergo has access to the
Open Threat Platform database, with >65,000 participants in 140 countries
that updates threats daily – this database includes malicious IPs, email, file
hashes and ransomware.

• Intrusion Detection
This component of the Protergo infrastructure detects the latest threats in
your environment. We provide two different types of Intrusion Detection:

Network intrusion detection (IDS)

Analyzes the network traffic to detect signatures of known attacks and
patterns that indicate malicious activity. This is used to identify attacks,
malware, policy violations and port scans.

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 11

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

Host-based intrusion detection (IDS)

Analyzes system behavior and configuration to identify behavior that could
indicate compromise. This includes the ability to recognize common rootkits,
to detect rogue processes, and detect modification to critical configuration
files.

Another important consideration is the placement of the threat detection

capabilities that are deployed. Often these capabilities are only deployed on the
perimeter of the organization with the thought that attacks only come from the
outside. Modern attacks have broken this mold; today attackers leverage the fact
that employees use their computers both inside and outside of the corporate
firewall. A computer compromised while outside the perimeter now becomes a
jumping off point for an attack from within the network. Threat detection should be
deployed pervasively to address this. A good solution for threat detection will
employ multiple techniques and provide substantial management capabilities to
reduce the long term deployment costs. The Protergo team will be able to assist
you on the placement of those to optimize both the network coverage as well as
the deployment costs.

• Behavioral monitoring
Behavioral monitoring is a service that check for end-point activities. The
systems run in our organization are far from predictable—seasonal peaks
such as an end-of- the- quarter sales effort can cause loads and behaviors
never seen before. A good solution for behavioral monitoring will provide
multiple mechanisms for collecting this data. In addition it will provide a low-
overhead mechanism for pervasive deployment in the organization.
Protergo offers different types of behavioral monitoring components:

Active service monitoring

Actively validate that services running on hosts are continuously available.
This is done with a network- level handshake and response providing
feedback if the service becomes available.

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 12

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

Netflow analysis
Analyzes the protocols and bandwidth used by each. This is done by
capturing metadata from a TCP/IP stream, saving protocol information as
well as calculating bandwidth usage.

Network traffic capture

Captures the full TCP/IP stream. Allows for forensic storage of the stream
so that detailed inspection can be performed if necessary.

Host-based behavioral monitoring

Can monitor the processes and resources used on a particular system.
Detecting new processes or abnormal resource usage can be indicators of
a compromise.

• Security Intelligence
One of the most important aspect of C-SOC is the Security Intelligence
platform. This platform correlates all the data collected. Being able to
associate the data together and respond to user query is necessary for a
user to be able to understand all of the data. The platform automates the
correlation of the data in order to detect malicious behaviour, large-scale
attacks, and breaches. In the Protergo C-SOC solution, the correlation rules
are automatically updated every week through our OTX (Open Threat
Exchange) that contains over >10,000 correlation rules updated weekly to
identify suspicious activities and attacks within your network – new/
different types of attacks.

Protergo C-SOC is also able to automate the reporting (compliant for

example with HIPAA, ISO 27001, PCI-DSS, SOC 2) and the log management
and storage.

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 13

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

3.1.1. Recap of all the C-SOC features

• Asset discovery
- Passive network monitoring
- Active network monitoring
• Vulnerability assessment
- Active network scanning
- Host based assessment
• Intrusion detection
- Network IDS
- Host IDS
• Behavioral monitoring
- Full packet capture
- Active service monitoring
- Netflow
- Network traffic capture
- Host based behavioral monitoring
• Security Intelligence
- Log management
- Event management
- Event correlation
- Reporting
- Continuos threat intelligence
- Unified console for security monitoring

3.1.2. Other features of the C-SOC Protergo:

• Reporting via the portal to view
- Dashboards
- Security events and alerts
- Reports that can be run at any time by the customer or be scheduled
to run at specific times
• Monitoring of alerts from our SOC, and response to alerts
• Ability to have alert tickets forwarded to your own SOC/NOC or Service

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 14

 Protergo Cyber-Security – Protecting Indonesia from Cyber-Threats

Desk
• Monitoring at both a network level, and at a host level via Host Intrusion
Detection Services
• Monitoring of remote endpoints in cloud environments such as AWS or
Azure
• Ability to run vulnerability scanning from the portal
• Aggregation of alerting within your environment for systems such as syslog
and net flow.
• Archive of SIEM data for compliance requirements or future forensic
analysis
Access to experts in Security for advice on response to security risks flagged by
the service.

Protergo Cyber-Security CORPORTE PROFILE 2020 – Page 15