Information Security

Vulnerability management

The Information Security Operations Center (OCIB) solves the problem of managing vulnerabilities.


Maintaining the IT infrastructure in a secure environment is a comprehensive process for managing, monitoring and eliminating vulnerabilities, and minimizing damage from threats.


The vulnerability management process includes:


  • A technical survey of the customer's network and information infrastructure is carried out on a periodic basis
  • With a particular software, the infrastructure is scanned to obtain information about vulnerabilities in the dynamics of the previous state and results
  • After scanning according to the results of the survey, we generate a report on vulnerabilities, their severity, belonging to an asset, and prepare a plan to eliminate vulnerabilities
  • After eliminating the vulnerabilities, we do control testing to confirm the result of the work.


How the ASTEL Vulnerability Management System works:


Initially, scanning for vulnerabilities of the internal, external perimeter of the information infrastructure is carried out, 4 basic and 4 control tests are performed during the year, and if necessary, PCI and ASV scanning.


ASV scanning is an automated check of infrastructure connection points to the Internet for vulnerabilities.


Analysis and evaluation of scan results is carried out to assess applicability, classification, formulation of recommendations and preparation of a report.


A prepared report on the dynamics of an information security incident with recommendations for localization is sent to the customer.


In accordance with Article 7-1 of the Law of the Republic of Kazakhstan on November 24, 2015 "On Informatization", interaction and notification of the National Information Security Coordination Center about confirmed IS incidents occurs within the time frame established by legislative requirements.


Each time, attackers find sophisticated ways to exploit vulnerabilities and bypass protection in order to gain access to confidential information, steal information, or perform other malicious actions.


We guarantee the quality of the data.


Efficient data transmission from event sources (computer, server, database, service, software application, etc.) and data reception into the ASTEL (OCIB) system in the volumes and quality required for accurate search and analysis.


Our system can scale in parallel with the growth of sources and sites for data collection.


We use flexible deployment methods: SaaS, On-premise and Cloud.


Through the integration of Threat Intelligence, we provide additional threat content for more effective detection and investigation of information security incidents;


The main advantage of conducting work on checking vulnerabilities is the ability to automate a significant part of the tasks of IT and information security services in terms of security analysis, vulnerability management and compliance control of IT infrastructure components.

For more information on the vulnerability management system, leave a request, and we will make you an individual offer.