e-Xpert Solutions’ SOC Achieves ISAE 3000 Attestation.

by Caroline Reverchon | Dec 15, 2025 | SOC, Zoom sur l'actu

e-Xpert Solutions’ SOC Achieves ISAE 3000 Attestation.

We are proud to announce that we has obtained the ISAE 3000 attestation for its Security Operations Center (SOC), issued by Deloitte. This independent assurance confirms that the SOC operates with robust, continuously applied controls across critical domains, from governance and technical security to client isolation, access management, traceability, documentation, and operational quality.

What ISAE 3000 Means

Unlike typical certifications, ISAE 3000 requires auditors to verify real operational evidence—not just policies or intentions—any day within the past 12 months. The audit focuses on consistent, daily execution of controls, making this attestation a true reflection of operational excellence, not a one-time achievement. e-Xpert Solutions is currently the only SOC in Western Switzerland to hold this level of assurance.

The Scope of the Attestation

The SOC successfully demonstrated 19 critical controls, covering areas that matter most to CISOs:

Access governance: strict and traceable controls over user access
SOC/client isolation: verified and automated separation between internal and client systems
Monitoring and detection: advanced tools, including custom attack simulations and new IDS sensors
Operational quality and processes: resilient internal processes, continuous improvement, and thorough documentation
Traceability and recording: full visibility into all SOC and client activities

Achieving this required a combination of deep technical upgrades, rigorous process management, and meticulous documentation.

What This Means for you, Our Clients

For clients, the ISAE 3000 attestation provides an unprecedented level of transparency and assurance. It validates that the SOC doesn’t just define security practices—it executes them, maintains them, and proves them every day.

The Teams Behind the Achievement

This milestone would not have been possible without the dedication, expertise, and perseverance of the SOC team, supported by compliance, HR, technical, and management colleagues. Every individual’s contribution—from designing and implementing technical controls to ensuring documentation, reporting, and quality—was essential.

Thank you to all involved. This attestation reflects your work, your rigor, and your commitment to operational excellence.

The Managed SOC Service “At-Defense” by e-Xpert Solutions

by Caroline Reverchon | Mar 25, 2025 | services updates, SOC

Cybersecurity is no longer a luxury – it’s a vital necessity. In Switzerland, cyberattacks are on the rise: over 2,700 companies were targeted by ransomware in a single year, and one-third of SMEs suffered attacks in 2021. In response to this growing threat, Geneva-based cybersecurity specialist e-Xpert Solutions, with over 20 years of experience, offers a proactive defense solution: AT-Defense, a managed Security Operations Center (SOC) designed to meet today’s challenges.

Why choose AT-Defense ?

24/7 Continuous Monitoring

Thanks to a dedicated team of security experts, AT-Defense provides real-time threat detection, immediate incident response, and full crisis management. The service operates around the clock, with a guaranteed response time of under one hour in 24/7 mode.

Offensive and Defensive Expertise

The SOC is powered by a certified multidisciplinary team (GCIH, GCFA, GREM), with expertise in incident response, forensic analysis, threat hunting, and vulnerability research. e-Xpert Solutions’ experts are also key contributors to the cybersecurity community (MITRE ATT&CK, publications, etc.).

Turnkey Managed Service

With rapid deployment (2 days on-site), intuitive dashboards via Splunk, centralized log management, honeypots, darknet leak detection, and weekly reports, AT-Defense is designed for simplicity and efficiency. The service includes a strict quality control process (false positive review, four-eyes principle).

Reduced Operational Burden

By outsourcing security monitoring, organizations free themselves from operational complexity while maintaining full control through a personalized monitoring portal.

ISO 27001 Certified Solution

Our SOC has been ISO 27001 certified since 2021 – a guarantee of compliance with the highest international information security standards.

Cutting-Edge Technology, Proven Expertise

AT-Defense leverages top-tier technologies: real-time SIEM correlation, attacker-trapping honeypots, advanced sensors, threat hunting capabilities, and more.

Behind the infrastructure, a team of 10 certified security experts (GCIH, GCFA, GREM) ensures high-level monitoring, backed by their experience in both offensive and defensive security, and their recognized contributions (MITRE ATT&CK, publications, conferences…).

Fast, Agile, and Tailored Response

✔️ Deployed in just 2 days with on-site assistance
✔️ Responsive SLA with under 1-hour reaction time (24×7 mode)
✔️ Easy integration into client environments
✔️ Scalable services: IRaaS, managed XDR, advanced threat detection, etc.

Why choose e-Xpert Solutions?

Founded in 2001, e-Xpert Solutions is an independent Swiss company recognized for the quality of its services and its commitment to cybersecurity. AT-Defense is a clear reflection of this vision: a reliable, expert-driven, quickly deployed solution with controlled costs, low internal impact, and a high level of protection.

← Security Control Audit (SCA) Service e-Xpert Solutions’ SOC Achieves ISAE 3000 Attestation. →

[ VIDEO ] Course aux 0Days, au secours !!

by Molho Michael | Feb 6, 2023 | SOC, Zoom sur l'actu

[ VIDEO ] Course aux 0Days, au secours !!

Face aux 0Days, les équipes de cybersécurité sont bien souvent limitées et peuvent parfois se sentir démunies devant l’ampleur du phénomène qui ne fait que s’amplifier depuis ces dernières années.

Dans cette vidéo, notre expert Michael Molho, va vous donner 5 conseils pour atteindre un bon niveau de sécurité et vous aider à gérer au quotidien les 0days.

[ Vulnérabilité #Log4J ] Formation, Synthèse & Information par nos experts.

by Molho Michael | Jan 10, 2022 | SOC, Zoom sur l'actu

[ Vulnérabilité #Log4J ] Formation, Synthèse & Information par nos experts.

Depuis jeudi 9 décembre, le tremblement de terre Log4j déclenche un vent de panique et de messages plus ou moins fiables dans notre quotidien professionnel.

Après quelques jours d’échanges avec nos fournisseurs, clients et partenaires, nous réalisons que cette crise est non seulement majeure mais surtout que son impact est encore mal apprécié.
Nos experts sont mobilisés 24h / 24h depuis vendredi dernier pour assister notre clientèle dans cette compréhension, l’élaboration de plan d’action et le développement d’outils logiciels de “threat hunting”.

D’où vient-elle ? Quels sont les composants impactés ? Comment se protéger ? Comment la détecter ? Que faire en cas de compromission ?
Autant d’interrogations auxquelles un de nos experts vous répond de la manière la plus claire et complète possible. Vous comprendrez notamment pourquoi les systèmes non exposés sur Internet sont concernés par cette attaque au même titre que les systèmes frontaux.

https://github.com/e-XpertSolutions/atdefense-research/tree/master/log4shell/IOC

[ Log4Shell ] At-Defense Research

by Routin David | Dec 14, 2021 | Bon à savoir, SOC, Threat research

[ Log4Shell ] At-Defense Research

Dear All,

These last days were marked by the “Most sensitive vulnerability ever published on Internet” aka Log4j. Our team of researchers and SOC analysts worked hard since friday to create detections rules and prevent exploitation for our SOC customers.

Due to the criticity of this vulnerability we decided to publish our detections tools and some of signatures to help the community facing this huge issue.

You can find them on :

https://github.com/e-XpertSolutions/atdefense-research/tree/master/log4shell

This repository contains: – Updated IOC – Threat Hunting tool developped for both Linux & Windows to identify potentially impacted servers, and compromissions For the windows version it also supports large scale deployments – IDS (Intrusion Detection System) rules fully developped by e-Xpert researchers with a new (and unseen approach). Indeed, all published rules will collect flood of external attacks (impossible to differentiate from sucess one) and so are not of great interest…

These new rules used a completely different approach relying on the detection of ingoing/outgoing external LDAP trafic used in >90% of exploitation attempts.

If you did not consider this vulnerability you should use our tools quickly.

We hope that you will enjoy, keep safe.

AT-Defense SOC Team
e-Xpert Solutions.

[ Bulletin Sécurité ] Multiples vulnérabilités Apache Log4J – DEV

by admin | Dec 13, 2021 | Bon à savoir, SOC, Threat research

[ Bulletin Sécurité ] Multiples vulnérabilités Apache Log4J – DEV

Le 9 décembre dernier, Apache a publié une vulnérabilité zero-day (CVE-2021-44228) pour Apache Log4j appelée « Log4Shell ». Cette vulnérabilité a été classée comme « Critique » avec un score CVSS de 10.0, permettant l’exécution de code à distance avec des privilèges au niveau du système.

Lorsqu’elle est exploitée, cette vulnérabilité permet à un attaquant d’exécuter du code arbitraire sur l’appareil, donnant un contrôle total à l’attaquant. Tout appareil exploité doit être considéré comme compromis, ainsi que tout appareil ayant fait confiance à l’appareil compromis.

Les équipes e-Xpert ont investigué les produits développées par nos soins pour identifier l’impact de cette vulnérabilité pour nos clients. Les produits et composants suivants ne sont PAS concernés par cette vulnérabilité:

Device Manager
Analytics tool for APM (Insight)
SSLCert
Esas
Account
IP Reputation

Toute l’équipe se tient à disposition pour toute demande d’information.

Update 16.12.2021 : Les produits développés par e-Xpert Solutions n’implémentent pas Java. Nos produits ne sont non plus pas impactés par les vulnérabilités CVE-2021-4104 et CVE-2021-45046

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.