As Kızılay Technology, we evaluate the current status of the information technology infrastructure and systems in your business, identify your risks, and provide solutions to your security vulnerabilities, ensuring that your digital assets remain safe.

Cyber Security Consultancy and Compliance Services

• Information and Communication Security Guide Analysis and Compliance Consultancy
• ISO 27001 BGYS Installation and Certification Service
• ISO 27701 BGYS Installation and Certification Service
• Compliance Service with CMB / BRSA / EPDK Information Security Communiqué
• KVKK Consultancy
• PCI DSS Consultancy

Cyber Security Trainings

These trainings are carried out to increase the awareness and competence of employees regarding the legislation, regulations, standards and good practices that companies are obliged to comply with in terms of cyber security.

• Information Security Awareness Training
• ISO 27001 Basic/Application Trainings
• ISO 27001 Internal Audit Training
• Risk Management Training
• ISO 27001 Auditor Training
• KVKK/GDPR Training

Penetration Testing and Analysis Services

• Penetration Testing Service (Application, Mobile, Network (Wired, Wireless))
• Social Engineering Test

Security Operations Center Services

SIEM Consultancy covers all such activities specified below:

SIEM (Security Information and Event Management) applications are the most important tools utilized by companies to monitor security status. SIEM Consultancy

• Identification and classification of assets
• Determination of appropriate log sources by performing inventory analysis
• Integrations to Siem
• Correlation checks and correlation software

SOC Service: :

SOC (Security Operation Center) is a central function of the security unit within the organization that analyzes, detects, takes precautions against cyber security incidents, and intervenes when necessary by using processes and technology in the necessary direction. Through system logs, SIEM or log management and analysis tools, it performs the following steps against attack indicators in a possible situation:

• Search
• Analyse alarms
• Determine the criticality of alarms and sort them according to urgency
• Identify attack sources
• Take necessary actions to detect and prevent harmful activities

These are the basic building blocks of the service.

EDR (Endpoint Threat Detection and Response Service):

EDR (Endpoint Threat Detection and Response) is an endpoint security solution developed to detect and block possible security breaches on end user devices in real time, and to collect and analyze information about the attack, compared to classical anti-virus software. EDR products provide real-time protection by recording all activities on end user devices (file execution, network connection changes, registry entries, malware attacks).

• Installation
• Post-installation technical support

Cyber Threat Intelligence Service:

Cyber threat intelligence is the field of cybersecurity that focuses on collecting and analyzing information about current and potential attacks that threaten the security of an institution or asset. Cyber threat intelligence is beneficial in preventing data leaks and, in particular, saves financial costs. It aims to show institutions/organizations the threats against them, to help them make sense of them and to protect them.

• Identification of assets
• Continuous control
• Elimination of vulnerabilities

SOAR Service:

SOAR is a set of systems designed to collect, organize, standardize and automate security data sent from various different sources. Automation means performing manual operations by experts swiftly and correctly in an automation environment, while orchestration means running and integrating different security applications and services together. As attacks become more complex, threat intelligence will need to accelerate. The way to achieve faster learning and faster response times is achieved through SOAR. SOAR helps identify suspicious behavior and reduces response time. Through the combination of information from data sources, it increases the efficiency and effectiveness of transactions and automates responses. In conclusion, while SIEM analyzes the events and gives the results, SOAR understands the events and takes counter action.

• Installation
• Playbook creation
• Post-installation technical support

Data Security Services

Data Classification Consultancy

Data classification is a data management process by which organizations categorize various information assets based on the content of documents and audiences that need to access them.

Data classification enables organizations to manage their data more effectively and accurately. Such organizations may have information assets dispersed across different channels (network or cloud applications) or locations (network servers, folders, and hard drives), making information visibility and access more difficult. Data classification helps organizations easily identify where sensitive data resides, facilitates accurate labeling of this critical data, and provides protection for accessing and/or sharing information. Within the scope of this service:

• Creation of a data classification policy
• Data discovery
• Product installation and technical support
• Establishment of rules and monitoring activities

are provided.

These institutions may implement security policies to facilitate this process.

Data Loss Protection Consultancy:

Accessing data has become easier with the development of technology. Concurrently, this has increased the data security problem. Many studies are carried out to restrict unauthorized access to data, to store and classify data, to determine access authorizations and, accordingly, to protect data against undesirable situations. With data loss prevention (DLP), unwanted data leakage from the system is prevented. Within the scope of this service:

• Installation
• Post-installation technical support
• Determination of critical institutional data
• Determination of policies
• Establishment of rules

are provided.