Our Journey To Estonia

Our Journey To Estonia

Knowledge ELEctrical Systems 1991 1991

Product Era and Innovation Engineering culture Science-intensive software 10 engineers 1991 1995

ISV Era and New Markets First ISV clients in the US and UK New strategic direction towards Outsourcing The largest real-time motions control system in the US 30 people 1991 1995 2000

New Opportunities from UK Government First Fortune 500 customers Complex, highly automated, paperless, e-customs system developed for The States of Jersey 300+ people 1991 1995 2000 2008

Scaling up to Enterprise Level Transforming into a matrix-structured software company AMO, R&D and Engagement 1991 1995 2000 2008 2012 Comprehensive credit risk management system developed from scratch 500+ people

ELEKS Fact Sheet New York, USA Las Vegas, USA London, UK Rzeszow, Poland Tallinn, Estonia Lviv, Ukraine 3TOP 1200+ IT BUSINESS IN UKRAINE PROFESSIONALS COUNTRIES 9 5 26 OFFICES YEARS of experience delivering value to customers

We Cooperate Globally 50 + 10 ACTIVE CUSTOMERS YEARS working with Fortune 500

What Eleks does in Estonia? The most digital country in the world E-Residency Managing Director, Kaspar Korjus: A study conducted by the American company Intuit suggests that there will be over 100 million new online workers by 2025. Through e-residency, countries like Estonia will be in a position to attract people like this by becoming the best place to run a location independent business in the world. We think that countries will soon be competing for citizens, residents, and e-residents just like private companies compete for customers now..

1st in International Tax Competitiveness Index eleks.com

eleks.com

12th in Ease of Doing Business Report 2016 (World Bank) eleks.com

eleks.com

22nd in Corruption Perception Index 2016 (Transparency International) eleks.com

eleks.com

5th in Global Cybersecurity Index (International Telecommunications Union) eleks.com

eleks.com

eleks.com

eleks.com

eleks.com Eleks Cyber Security

ELEKS cyber security approach: be aware of what is happening; partner with niche professionals; balance risk, resilience, usability and price Structure 1. Information security policies 2. Human resources security 3. Asset management 4. Access control 5. Cryptography 6. Physical security 7. Operations security 8. Communication security 9. System acquisition, development, and maintenance 10. Supplier relationships 11. Information security incident management 12. Information security aspects of business continuity management 13. Compliance eleks.com

eleks.com

ELEKS security services Centers of Excellence Key Certificates Preemptive Incident Response Threat Hunting Security Risk Management Forensic Big Data and Cloud Security Data Security and Privacy Security Compliance Management Security Services Project Management Security Outsourcing ISO 27001 LA CISM CISA CIA CCSP CCSK MBA PhD SCST eleks.com

eleks.com

Template Security Services Monthly Report Extract eleks.com eleks.com

Remediation strategy: Disable service Close port Blacklist file and application Install updates/patches Blocking malicious IP/Domains/ email adresses Kill-switch deployment Locky domain FileHash-SHA256 URL IOC Threat Intelligence: AlienVault OTX Cyber-Daily Virus Total Twitter Hybrid-analysis Petya CVE email FileHash-MD5 FileHash-SHA256 Rapid reporting (up to 3h): WSUS Updates Status Reports Secdo Analytics Nexpose Reports WannaCry domain URL Indicator Type Quantity Indicator Type Quantity domain 6 FileHash-SHA256 11 URL 8 eleks.com Grand Total 25 CVE 1 email 1 FileHash-MD5 4 FileHash-SHA256 9 Grand Total 15 Indicator Type Quantity domain 15 URL 12 Grand Total 27

The installation status of the last 2017-08 cumulative Microsoft update for Windows Machines 100% 100% Windows 7 Windows Server 2008 R2 3,6% Not reported 100% 96,4% Windows 8.1 Windows 10 eleks.com

Weekly vulnerability report from Nexpose 7 Critical vulnerabilities 4 Remediation in progress 3 Resolved Vulnerability Task Vulnerability resolution SMTP unauthenticated 3rd-party mail relay (smtp-general-openrelay) Default or Guessable SNMP community names: public (snmp-read-0001) TELNET access with no account and password admin (telnet-generic-0001) Apache HTTPD: ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167) (apache-httpd-cve-2017-3167) VNC remote control service installed (backdoor-vnc-0001) PHP Vulnerability: CVE-2017-11362 (php-cve- 2017-11362) Oracle MySQL Vulnerability: CVE-2017-3599 (oracle-mysql-cve-2017-3599) eleks.com https://jd.eleks.com/browse/itspp-18388 https://jd.eleks.com/browse/itspp-18390 https://jd.eleks.com/browse/itspp-18393 https://jd.eleks.com/browse/itspp-18393 https://jd.eleks.com/browse/itspp-18413 https://jd.eleks.com/browse/itspp-18415 https://jd.eleks.com/browse/itspp-18414 Resolved In progress Resolved In progress In progress Resolved In progress

Monthly vulnerability monitoring status September 18, 2017. CCleaner v.5.33 Hacked to Distribute Malware. Remediation: The affected version has not been detected. September 12, 2017. Critical Bluetooth Attack: BlueBorne. Remediation: Patched by Microsoft updates. September 05, 2017. Critical Vulnerability in Apache Struts2. Remediation: Performed a vulnerability scan, not detected. August 31, 2017. Massive Email Campaign Sends Locky Ransomware. Remediation: Sent the awareness, conduct the Information Security Training, installed Microsoft updates centrally, Secdo antiransomware module enabled + updated IOC. August 30, 2017. Critical Vulnerability in LabVIEW. Remediation: This software is not installed. August 24, 2017. Virus Spreading Through Facebook Messenger. Remediation: Sent the awareness. SIEM + Secdo continuous monitoring. August 17, 2017. Two Critical Zero-Day Vulnerabilities in Foxit PDF Reader. Remediation: Sent the awareness, secure configuration is set up on all workstations by default. eleks.com

OSSIM monthly report (19.08.2017 till 19.09.2017) Top 20 Events Customer 180000 160000 140000 120000 100000 80000 60000 40000 Quantity 20000 Source IP(unique) 0 Destenation IP(unique) eleks.com