The Hero Inside

Uncategorized
Having been with VSEC since he was a confused intern, gradually becoming a Security Assessment Specialist and then Head of the Expert Services Team, Mr. Be Khanh Duy has spent nearly 6 years working and is also a the time when he changed himself and became the “Hero of Transformation” in 2022 of VSEC.
Mr. Duy shared a quote: “People are defined by two things: the beliefs they change and the people they fight for.” For him, the beliefs and people that he “fights” for have never changed, they are still beliefs in the company’s goals and vision, they are still brothers and sisters of the VSEC family. However, 6 years is a long enough time for him to be more clear and certain of that belief.
From a purely technical person who was afraid to speak and do whatever he was assigned, Mr. Duy transformed himself without realizing it, to become an open-minded person who shares and is ready to accept responsibility. Accompanying VSEC since he was a trainee, witnessing the transition between generations of VSEC, inheriting unique values from here, Mr. Duy gradually transformed himself, becoming a more complete version. , strives to retain, convey and attract everyone, and gradually becomes the brother who takes care of the trainees the same way he was received from them in the early days.
To continue on the path to change and improve himself better and better, Mr. Duy made a bold decision – to move South, to Ho Chi Minh City with a new mission and many responsibilities. than. However, he finds himself cheerful and happy with his current transformation. New position, new environment, but with the values at VSEC, learned and cultivated day by day, he has increasingly proven himself as the Expert Services Team Leader in Ho Chi Minh. This position is an affirmation of Mr. Duy’s efforts and personal transformation during his association with VSEC and G-Group.

IBM Announces a New Strategic Security Partner at “IBM Security QRadar Suite” Event

Outstanding

Hanoi, August 25, 2023 – IBM, the world’s leading technology corporation, has officially announced a new strategic partner in the field of security at the highly anticipated event “IBM Security QRadar Suite – Predict, prevent and respond to Information and Communications Security threats” which took place in Vietnam today.

The important event “IBM Security QRadar Suite – Predict, prevent and respond to Information and Communications Security threats” organized by IBM in collaboration with VSEC and the distributor Tech Data has attracted the attentions from security experts, risk managers and business leaders in the field of Finance and large corporations in Vietnam. In the increasingly complex and diverse context of information and communications security threats, strategic partnership cooperation in the field of security has become more urgent than ever. IBM has chosen a reputable and experienced partner to cooperate in developing a comprehensive, high-quality security solution to effectively deal with increasingly sophisticated and complex information security threats in the digital environment.

Security Operations Center (SOC) is an effective solution in predicting, preventing and responding to current information security threats in businesses and organizations. According to statistics, 63% of organizations look for the ways to improve SOC’s ability to detect and prevent. Thanks to providing a unified platform, full of necessary technology solutions to SOC, IBM Security QRadar Suite helps businesses and organizations solve the problem of technological complexity, supporting the engineers to focuses mainly on surveillance activities to deal with modern threats. Safety and network security operation monitoring services on IBM Security Qradar Suite platform (also known as Managed Qradar) is the key provided by VSEC to solve the problem of People and Processes – a very big challenge in organizations and businesses today

Ms. Ung Thi Dieu Uyen – Partner Director of IBM Vietnam, shared that: “IBM is always looking for partners who can give “end to end” services on information security, especially in the field of SOC with the world class to customers. VSEC is a longtime unit in such MSSP field. You can completely trust 100% in the cooperation of VSEC and IBM in the coming time, which will bring quality services to ensure information security for the businesses to further develop.”

Mrs Ung Thi Dieu Uyen- Partner Director of IBM Vietnam (left) and Mrs. Phan Thi Hai Anh – TechData (right)

At the announcement ceremony, Mr. Le Duc Hop – Sales Director for the North of THE VIETNAMESE SECURITY NETWORK JOINT STOCK COMPANY expressed that: “During its development, VSEC is constantly looking for partners who can resonate with VSEC to give the best and most effective service values to customers. Becoming a strategic partner of IBM will further affirm VSEC’s position not only in the Vietnamese market but also in the international market.”

It can be said that the “IBM Security QRadar Suite” event not only introduces advanced solutions, but is also a place where experts and businesses have the opportunity to discuss, exchange and update knowledge about current and future security situation.

 

About IBM:

IBM is a global technology corporation shaping the future of business through connecting information, analyzing information and applying artificial intelligence in order to solve complex world challenges. With more than 100 years of experience, IBM has been driving innovation in many sectors, including industry, transportation control, pharmaceuticals and energy. IBM is present in more than 170 countries worldwide.

 

About VSEC:

VSEC is the first information security management service provider in Vietnam to achieve both important certifications: CREST for Security Operations Center and Pentest Information Security Assessment service. Thanks to 20 years of experience in the field of cybersecurity, it has provided information security services to more than 1,000 domestic and international organizations and businesses, of which more than 50% of banks in Vietnam have chosen to use security services.

Why you should hire a CREST Penetration Testing Provider?

Outstanding VSEC - BLOG

Cyber threats evolve at a rapid pace, and one of the most effective ways to assess and improve the security posture and resilience of a company’s systems against such threats is penetration testing. By performing controlled and simulated cyber attacks against an organization, pentesting aims to identify vulnerabilities that could be exploited by malicious hackers.

However, the effectiveness of security testing services hinges greatly on the expertise of the provider, and this is where the value of hiring a CREST penetration testing provider becomes clear. In this post, we will delve into why businesses should consider partnering with a CREST-accredited firm for their penetration testing needs.

CREST serves as an internationally recognized accreditation body, endorsing the capabilities, technical expertise and quality of service for cybersecurity firms and individuals professionally involved in the field.

But what exactly is CREST, and why is it so crucial in the cybersecurity sector? Let’s delve into it in the next section.

What is CREST and its significance in the cybersecurity industry

CREST, originally known as the Council of Registered Ethical Security Testers, is a not-for-profit accreditation body that represents the technical information security industry. As a global certification body, it provides a framework of accredited professional services in cybersecurity, particularly in penetration testing. CREST serves as a benchmark for cybersecurity service providers, ensuring they meet the highest standards of skill, knowledge, and competence in the industry.

The body has two different types of accreditation, both for companies and individuals, who deliver services. Disciplines that CREST accredits for include penetration testing, incident response, threat intelligence, vulnerability assessment, intelligence-led penetration testing and Security Operations Centre (SOC).

CREST has been setting a new gold standard in the cybersecurity industry. It’s devised a framework for proficiency and ethical conduct that all accredited members are obliged to follow. To achieve CREST certification, companies must successfully pass a stringent assessment process. This includes a thorough evaluation of their business procedures and personnel, consulting practices and service delivery standards, as well as the security measures of the prospective CREST member company.

By providing a trusted benchmark for organizations seeking cybersecurity services, it assures customers that a CREST-accredited cybersecurity provider has undergone rigorous validation of their service delivery standards, procedures and methodologies. This increases the reliability, consistency and effectiveness of the services your organization contracted.

Advantages of hiring a CREST-accredited penetration testing firm

Choosing a CREST-accredited penetration testing firm brings a multitude of advantages, key among which are the assured quality of service, world-class technical expertise, and enhanced compliance and trust.

Assured quality of penetration testing services

By choosing an accredited company for CREST penetration testing, businesses guarantee themselves a superior quality penetration test.

The rigorous accreditation process that CREST imposes on firms and penetration testers ensures that they uphold the highest standards in their methodologies and service delivery. CREST’s strict criteria entail meticulous security testing processes that delve into the very core of a system’s vulnerabilities, leaving no stone unturned. The result is a comprehensive and effective approach to penetration testing, which allows for in-depth analysis and targeted fortification of weak points.

This assured quality extends to all areas of a CREST firm’s operations, providing not just technical excellence but also superior customer service, professional communication, and well-documented reporting.

REQUEST A PENTEST

World-class technical expertise

One of the critical components that differentiate a CREST-accredited firm is the high level of technical expertise they possess. CREST member companies must demonstrate that their security experts are not just knowledgeable but are at the top of the game in terms of technical skills and industry acumen.

According to CREST’s examination page, the body offers professional exams at three different levels:

  • CREST Practitioner level exams. These are the basic exams for professionals, and they’re meant for individuals who have been working in the field regularly for about 2,500 hours, or roughly two years.
  • CREST Registered exams. Passing this level shows that you’re dedicated to your work in information security testing. As a guideline, professionals taking this exam should have at least 6,000 hours of regular experience, which is around three years or more.
  • CREST Certified level exams. These exams are the ultimate goal for many professionals in the industry, and they’re intended for individuals with about 10,000 hours, or five to six years, of regular work experience in cybersecurity.

This means that when you hire a CREST penetration testing firm, you’re gaining access to a team of experts with a deep understanding of the cybersecurity landscape. These professionals use their expertise to conduct rigorous penetration tests, identify potential vulnerabilities, discover IT risks in your organization and recommend effective, tailored solutions to bolster the security of your systems.

Increased trust and confidence

Working with a CREST provider for your cybersecurity needs brings an inherent level of trust and confidence. Their accredited status signifies a commitment to ethical practices and high standards of service delivery, which can provide peace of mind as you navigate the complex landscape of cybersecurity.

Compliance assistance

Many industries have strict cybersecurity regulations that companies must comply with. A CREST member company will not only be aware of these requirements but also be able to help your company meet them, thanks to their extensive knowledge and experience.

 

Conclusion

As the threat landscape continues to evolve, businesses must be proactive in strengthening their defenses. Engaging in penetration testing is a crucial aspect of any comprehensive cybersecurity strategy, and choosing a CREST-accredited provider for this task ensures a superior level of service delivered by highly skilled professionals.

CREST accreditation represents a commitment to excellence in cybersecurity. By choosing a CREST member company for cybersecurity services, businesses are assured of rigorous, comprehensive testing that leaves no stone unturned. Furthermore, the credibility and trust associated with CREST certification enhance the business’s reputation and help foster confidence among its stakeholders.

If your organization is considering the advantages of a CREST penetration testing provider, don’t hesitate to reach out to our team of experts. We’re here to provide guidance and answer any questions you might have. Let’s work together to ensure your cybersecurity measures are robust and effective.

Teamlead of Solution – (HN)

Tech Job EN
  1. Job description:
  • As the head of VSEC’s solution team, you shall be responsible for the work and management of team members.
  • Collaborate with business professionals to communicate and work regularly with customers from C-level to security specialists to identify problems and needs of customers.
  • Consulting, building technical and commercial proposals in accordance with the needs of customers.
  • Finalize technical documents for bid requests or bidding documents.
  • Work closely with service deployment teams, act as a bridge to convey customer requirements and technical proposals to the service deployment team.
  • Non-stop research & update the latest global security knowledge, standards, systems, tools and technologies.
  • Recruit, manage, guide and train Solution team members.
  • Perform other tasks as assigned by the Sales Manager

 

  1. Job requirements:
  • Graduated from University with major in IT, Electronics and Telecommunications, etc.; Preference will be given to candidates with knowledge of Information Security.
  • Over 3 years of experience in consulting/selling computer and information security solutions, including experience with Internet technology and Information Security issues.
  • Extensive knowledge of engineering and technology
  • Ability to listen to customers.
  • Ability to write technical proposals and come up with suitable solutions.
  • Able to listen, speak, write and read English documents well
  • Strong communication and negotiation skills
  • Ability to write and present technical documents clearly and coherently
  • Good planning and teamwork skills.
  • Good health, available for business trip at any time.

 

  1. Benefits:
  • Probationary with 100% salary. Attractive negotiable income according to capacity.
  • Salary review: twice per year. Flexible working hours
  • Received training to improve professional skills required to be fulfilled. To be entitled to financial support to participate in training courses on professional skills and soft skills necessary for the job.
  • Quarterly bonus, year-end bonus according to the Company’s business results. Other special bonuses according to the nature of work. Bonus on all holidays and New Year; bonus for introducing internal candidates, seniority bonus; etc.
  • ESOP bonus for excellent employees and managers of the year.
  • 12 days annual leave + 1 day off on birthday. For each year of seniority. the annual leave shall be increased by 1.
  • Fully enjoy insurance policy and holidays in accordance with the company’s regulations and current laws.
  • Enjoy welfare policy and collective cultural activities: Team Building, Year-end Gala, birthdays, holidays, etc.;
  • Working in a friendly, dynamic and professional environment

 

  1. Contact:
  • Human Resources Department – hr@vsec.com.vn
  • Address: M Floor, N01A Golden Land Building, 275 Nguyen Trai, Thanh Xuan Trung Ward, Thanh Xuan District, Hanoi City.

Business Development – HCMC

Non Tech Job En
  1. Job description:
  • Searching for business opportunities, taking responsibility before the Sales Manager for the assigned sales targets.
  • Perform business development tasks related to IT equipment, solutions and services. etc; ensure the achievement of business goals and sales targets.
  • Coordinate with technical departments, related departments in the sales implementation process to understand customer needs and make appropriate suggestions and solutions.
  • Making and implementing individual annual/quarterly business plans.
  • Comply with regulations on planning and periodical reporting as required.
  • Communicating, maintaining relationships with relevant partners, identifying and building relationships with potential Accounts.
  • Responsible for managing, supporting, monitoring and taking care of, in order to ensure customer satisfaction with the company’s products and services.
  • Support and build marketing activities and brand for the company.
  • Perform bidding-related jobs and other tasks as assigned by the Deputy General Director in charge of sales and the Sales Manager.

 

  1. Job requirements:
  • At least 3 years of experience in IT product business and 2 years in IT project business.
  • Knowledge of IT, especially in the field of information security.
  • Having worked or had relationships with partners in the industry of: Banking, Finance, Securities, Insurance, IT, state agencies.
  • Good communication skills, dynamic and creative.
  • Good relationship building skills.
  • Ability to work at high intensity and under pressure.
  • Good negotiation and persuasion skills.

 

  1. Benefits:
  • Probationary with 100% salary. ATTRACTIVE negotiable income according to competency.
  • Salary review: twice per year. Flexible working time
  • To be entitled to attend training course to improve professional skills required to be fulfilled. To be entitled to receive financial support to attend training courses on professional skills and soft skills necessary for the job.
  • Quarterly bonus, year-end bonus according to the Company’s business results. Other special bonuses according to the nature of work. Bonus on all holidays and New Year; bonus for introducing internal candidates, seniority bonus;
  • ESOP bonus for excellent employees and managers of the year.
  • 12 days annual leave + 1 day off on birthday. Each year of seniority is increased by 1 day of leave.
  • Fully enjoy insurance policy and holidays and holidays in accordance with the company’s regulations and current laws.
  • Enjoy welfare policy and collective cultural activities: Team Building, Year-end Gala, birthday, holidays, etc.;
  • Working in a friendly, dynamic and professional environment

 

  1. Contact:
    • Hanoi: M Floor, N01A Golden land building, 275 Nguyen Trai, Thanh Xuan Trung Ward, Thanh Xuan District, Hanoi City.
    • Ho Chi Minh City: 18F, Park IX Building, No. 8-10 Phan Dinh Giot Street, Ward 2, Tan Binh District, Ho Chi Minh City

 

VSEC officially launched Deep Penetration Testing Service

Outstanding Redteam Confession
On April 18, Vietnam Cyber Security Joint Stock Company VSEC launched the Red Team Deep Penetration Testing service – a security assessment based on performing attacks by any means to penetrate the business’s system. career as a cybercriminal.
As defined by the Computer Security Resource Center, NIST: Red Team is a group authorized and organized to simulate a potential adversary’s attack or exploit capabilities against a computer security system. enterprise. Red Team’s goal is to improve enterprise cyber security by illustrating the effects of successful attacks and demonstrating what actually works for the defense team (Blue Team) in a operating environment.
VSEC’s team of experts has succeeded in researching and finding Zero day vulnerabilities (unknown and unresolved software or hardware vulnerabilities) from the most popular software such as WordPress, Joomla, … to applications and systems of technology giants such as Microsoft,  Oracle, … all achieve high CVSS scores.
According to VSEC representative, officially announcing the provision of Deep Penetration Testing service – Red Team means that at the present time VSEC has full technological capacity, the team has international standard certificates and Practical experience participating in reputable security assessments, meeting all needs of all domestic and foreign organizations and businesses.
“In Vietnam, not many businesses and organizations are confident in using Red Team because they are still concerned about the capacity of domestic suppliers as well as risks in data issues. VSEC’s official announcement of the Red Team 2023 Deep Penetration Testing service with the full version “Red Team full version” will bring a new perspective on the security capabilities of Vietnamese experts, fully meeting the highest international standards”, Mr. Truong Duc Luong, Chairman of the Board of Directors of VSEC shared.
VSEC is an international standard MSSP (Managed Security Service Provider) information security management service provider operating since 2003. VSEC’s services meet the needs of all organizations and businesses regardless of the scale or complexity of the information technology infrastructure system. VSEC has obtained CREST (UK Information Security Service Standards) certification for Penetration Testing and SOC (Security Operation Center) services in 2021, 2022.
During 20 years of operation, VSEC announced that it has served more than 500 businesses and government organizations. Being a member of domestic and foreign associations and organizations such as VNCert – National Incident Response Network, VNISA – Vietnam Information Security Association, Command 86, FS-ISAC (The Financial Services Information Sharing) and Analysis Center), Blackpanda, RAPID7, Affinitas Global, CoreSecurity, RecordedFuture, …
Download announcement: HERE
See more at:
  • Vietnamnet newspaper: https://vietnamnet.vn/vsec-trien-khai-dich-vu-bao-mat-chuyen-sau-cho-doanh-nghiep-2133969.html
  • Dan Tri Newspaper: https://dantri.com.vn/suc-manh-so/ra-mat-dich-vu-kiem-thu-xam-nhap-sau-red-team-20230419160124678.htm
  • Bao Moi Newspaper: https://baomoi.com/vsec-trien-khai-dich-vu-bao-mat-chuyen-sau-cho-doanh-nghiep/c/45589171.epi
  • Thanh Nien Newspaper: https://thanhnien.vn/vsec-trien-khai-dich-vu-danh-gia-phuong-thuc-bao-mat-chuyen-sau-185230417172647058.htm

Distinguishing Between Pentest and Red Team

For pentester Outstanding Redteam Confession VSEC - BLOG

In the area of security, the terms Pentest and Red Team are often used interchangeably. So, what is the distinction between these two terms? We’ll discuss in this article to assist you learn more about which service would be the greatest fit for your organization.

Penetration Testing:

Pentester is someone who has hacker-like abilities and knowledge who approaches projects from a hacker’s perspective to undertake network, application, and device examinations. They look for ways to circumvent defensive measures and physical obstacles (bypassing) in order to find security flaws within targets or organizations. An skilled pentester can identify a target’s weak points while also building hacker scenarios for prospective attacks, methods of exploitation, and scope of impact, and then make recommendations for the best system handling and defense.

In this activity, Pentester employs automated testing tools to uncover a variety of cybersecurity issues, as well as manual testing to examine the organization’s attack vulnerabilities. Pentesting has become an essential requirement for most companies in assuring data safety in the light of an increasingly complicated cybersecurity ecosystem. Even firms that assume they do not have any valuable information to protect face hazards when hackers take control, install harmful software, disrupt services,… and cause substantial disruptions during operations.

Although many firms have IT teams that build, administer, and oversee daily security policies, it is nevertheless recommended that these units undergo pentesting to acquire a third-party view on the offensive aspects. Even if internal teams are doing well, this evaluation can help assess multidimensional defensive capabilities.

 

Red Team

Pentest’s goal is to find as many vulnerabilities and configuration flaws as possible, exploit them, and assess the level of risk. In contrast to Pentest, which seeks to identify all potential vulnerabilities, Red Team conducts targeted assaults using specialized tactics.

Red Team is often made up of a group of individuals who work together to thoroughly understand the amount of risk and the potential for real-world attacks across an organization’s technical, human, and physical aspects (assets, materials).

The Red Team employs a wide range of attack methods, including traditional deception, non-technical attacks (social engineering) on employees, and even impersonating a staff member in order to get administrator access. Red Team members are well-versed in the strategies, techniques, and processes that an attacker might employ in order to maximize the efficacy of their attacks.

Organizations with a strong presence in the information security business frequently use Red Team. After frequent pentesting and patching of most vulnerabilities, they demand individuals to undertake offensive assaults against the system’s security measures (bypass) in any feasible method, from numerous distinct angles.

 

Red team’s operations

The Red Team begins by doing reconnaissance in order to gather as much information as possible in order to comprehend the human factor, technology, and surroundings. This allows them to build and acquire appropriate tools for the attack. Red Team members can gather deeper insights into the infrastructure, physical assets, and employees by leveraging Open Source Intelligence Gathering, resulting in a better understanding of the target and its operations. This allows them to conduct more sophisticated attacks, such as writing malicious programs and configuring hardware trojans,…

Members of the Red Team will conduct a variety of attack actions, both technical and non-technical, in order to discover weaknesses in the target’s systems and processes. They then exploit these flaws to conduct attacks against servers, applications, networks, or to circumvent physical safeguards in preparation for escalation attacks.

Using Red Team provides organizations with a multifaceted view of their systems and processes, as well as the support of security experts to rectify, patch vulnerabilities, remedy issues, provide training, and address any necessary measures to ensure that those risks do not reoccur.

Security testing for one of the first joint stock commercial banks in Vietnam

Case study VSEC - BLOG

VSEC’s client is one of the first licensed commercial joint stock banks in Vietnam with nearly 300 branches and transaction offices across the country. In order to deliver the finest service possible to their end clients, this company has just begun actively utilizing digital transformation in banking activities. When a breach in information security exposes sensitive company data, the enterprise requires the involvement of a reliable security solution.

Following the data collection procedure, we identified the following distinguishing features of the company:

  • There has never been a thorough evaluation and testing of the information security of the complete IT system.
  • The information security team is currently insufficient to implement a thorough system-wide examination of information security.
  • A lack of an external, objective examination of security measures.

 

VSEC analyzes the situation and then confers with businesses to determine the optimal course of action. Accordingly, VSEC will offer Pentest, an IT security assessment and penetration testing service, to the customer. Server systems, network equipment, internal and external applications, and critical databases are all part of the scope of the project. 

We have uncovered security flaws in our customers’ IT systems with the help of our team of experienced specialists, which has allowed us to paint a more complete picture of our customers’ information safety. Information security risks are reduced, client confidence is maintained, and losses are kept to a minimum while the business benefits from implementation guidance and support.

Providing solutions for customers in the energy sector

Case study VSEC - BLOG

Organizations in the Manufacturing and Energy sectors are always prime targets for hackers. Although VSEC is a member of Vietnam’s leading energy corporation, its customers are no exception this time. The enterprise operates in national key fields, providing, and conducting the business of electric energy services in the Northern provinces.

There is a challenge that the enterprise owning many IT systems at various levels is subject to the regulations on information security of the State management agencies. Therefore, its implementation of information security solutions will have much higher requirements than that of other common enterprises. Like many previous cases seeking the aid of VSEC, this unit also lacks a well-equipped team of specialized personnel in information security to fulfill the requirements of large-scale information security assessment activities. This time, VSEC will have to carefully research and advise on solutions for the enterprise.

Through discussing with the unit and referring to the regulations of the State management agency, VSEC has assessed and tested the information security penetration for the entire IT infrastructure and several critical applications of the unit.

After a period of implementing assessment measures, our experts have detected numerous vulnerabilities in clients’ IT systems, thereby providing a comprehensive overview of the information security for clients. Based on that, they have provided recommendations and supported the client in implementing measures to mitigate information security threats. Moreover, we not only safeguard the client’s reputation but also minimize potential damages to the enterprise.

Security solutions for the pioneering corporation in eco-cities

Case study VSEC - BLOG

The client of VSEC is a major corporation that is the developer of Vietnam’s largest green urban project in the country’s northern region and which also has invested in many different sectors, including but not limited to education, health, clean agriculture, high technology, travel, entertainment, etc.

The cross-industry products are supported by a massive IT infrastructure and a workforce of over 300 personnel.

VSEC faces a difficult problem in maintaining its public business image given that the real estate industry deals with highly personal information about its clients. The company has a large number of servers and workstations, a broad set of operations, a widespread connection system, and frequent upgrades to a huge number of new apps, but no dedicated employees to ensure the security of this infrastructure. 

With nearly 20 years in the industry, we have successfully implemented a wide range of security solutions for clients including:

  • Conduct a comprehensive analysis of the existing IT system and current supported applications.
  • Deploy and monitor all servers and workstations of the enterprise
  • Forewarning and coordinated analysis to forestall data security breaches
  • Launch your account’s management page to take charge of all monitored components.
  • Export periodic reports and overview of information security events

Our experienced team has found security flaws in the client’s IT application system after conducting a Pentest and doing a system analysis. We then provide our clients with guidance and assistance during deployment in an effort to lessen their exposure to information security threats, protect their reputations as well as limit any resulting damage.

Meeting information security needs of Vietnam’s leading energy corporation

Case study VSEC - BLOG

As an energy production enterprise and a member of Vietnam’s leading energy corporation in Vietnam, VSEC operates in national key fields.

Operating in national key fields, owning a level 4 system, and complying with the regulations on information security of the State management agency. Having not yet met the requirements of information security activities as the specialized personnel team in charge of information security is still understaffed

Evaluating and reviewing the entire Information Technology system of the unit. Implementing a monitoring plan for all servers, workstations, and network devices of the unit. Alerting and coordinating to analyze and prevent information security threats.

Detecting vulnerabilities in clients’ information technology systems, thereby providing recommendations and supporting them to reduce information security risks. Monitoring information security 24/7 for clients’ information technology systems, promptly identifying information security problems to take appropriate handling measures. Helping clients meet the requirements and regulations of State agencies on ensuring information security in units operating in national key fields.

Deploying information security monitoring for multinational corporations

Case study VSEC - BLOG

The client is an FDI enterprise, a branch of a global corporation that specializes in the assembling and manufacturing of motorcycles and automobiles. The branch holds a market share in the top motorbike and automobile trading enterprises in the Vietnam market.

Enterprises comply with the general regulations on information security of holding companies. This branch employs external threat monitoring services (data leaks, web phishing, etc.) and monitors the reputation of international suppliers at a high expense. They are building a team in charge of local information security, so they need great support from their partners.

Services for external threat monitoring (data leaks, web phishing, etc.) and reputation monitoring are provided. Coordination and consultation with customers are required to continuously optimize the monitoring process.

VSEC SOC detects and immediately notifies clients of fake website information and the leaked information of customers’ data that is published for sale on the dark web, and dark forum. Provide services with reasonable cost and quality equivalent to international suppliers. Provide services at a reasonable cost and of a similar standard to foreign suppliers. Assist the local team in the process of assuring information security for businesses.