“Security visibility is not a TECHNOLOGY problem; it is a RESOURCE problem”
The IT Security industry is broken right now. Most businesses outside of the Fortune 500 cannot afford a Chief Information Security Officer plus an IT Security Team plus the cost of buying IT security tools. Therefore, businesses are left vulnerable and confused on how to protect and monitor their network; especially small and medium size businesses. Protecting a network is very similar to protecting a physical building. You need locks, gates, cameras, security dogs, security guards, etc. In the network world, it is very similar. There are multiple tools that you need; however, unless they are all working together, you are only getting a fraction of the real picture. Our customized security management platform is designed to get complete security visibility of your network allowing us to defend it effectively against today’s advanced threats.
24/7 threat hunting
“The 5 security pillars that no organization should be without”
Before it is possible to prioritize detected threats it is essential to understand the layout of the system and where critical assets are located. It is essential for security team to have an accurate, up-to-the-minute view of the assets and software operation within a network.
Passive Network Monitoring –
Arpwatch – monitor IP & hardware MAC address pairings. Used for inventorying and to detect MAC spoofing.
PADS – monitors IP headers to identify operating systems and running software packages.
P0f – monitors TCP/IP traffic for OS fingerprinting and basic network topography.
Active Network Scanning–
NMap – a network scanner that can identify hosts, the operating system as well as the services. NMap can often identify the software and version behind the services without having any credentials to the host.
Host-Based software inventory -OCS Inventory NG – a lightweight agent with a server based management interface that provides full enumeration of installed software packages.
Who is attacking? Where are they attacking? Are there any ongoing activities which are against policy? We will detect signatures of known attacks and patterns, which indicate malicious activity, malware, policy violations and port scans. Also, our security controls allow us to have great visibility into the modification of critical configuration files in order to stop advanced threats.
Network Intrusion Detection (IDS (Intrusion Detection System)) – detect signatures of known attacks and patterns, which indicate malicious activity, malware, policy violations and port scans. The tools used for this are:
Snort – a network intrusion detection/intrusion prevention system that can perform signature, anomaly and protocol analysis to detect malicious activity.
Host-Based Intrusion Detection (HIDS (Host-Based Intrusion Detection System)) – The tools used for this are:
OSSEC – host-based intrusion detection, which provides file integrity monitoring, rootkit detection, and policy monitoring. In addition provides log analysis of software packages installed on the host.
File Integrity Monitoring – Allows for centralized visibility into the modification of critical configuration files. Tools are:
OSSEC – host-based intrusion detection which provides file integrity monitoring, rootkit detection and policy monitoring.
After discovering the critical assets and services operating in the system it is important to understand where that system is inherently weak. Our vulnerability assessment operates in two modes: unauthenticated and authenticated scanning. The tools used for this process are: OpenVAS – a framework of several tools and services allowing for comprehensive vulnerability analysis. This scanner provides both authenticated and unauthenticated vulnerability detection. Originally created as a fork of the Nessus project when Nessus became closed source.
Vulnerability Assessment – operates in two modes: unauthenticated and authenticated scanning. The tools used for this are:
OpenVAS – a framework of several tools and services allowing for comprehensive vulnerability analysis. This scanner provides both authenticated and unauthenticated vulnerability detection. Originally created as a fork of the Nessus project when Nessus became closed source.
Anomaly detection. It’s important to understand how systems behave so we can identify any suspicious behavior. The tools used for this are:
Service & Infrastructure Monitoring
It allows continuous monitoring of services run by particular systems.
Nagios – A lightweight monitoring tool which provided continuous monitoring of operation systems and services.
Network Flow Analysis
It allows for the analysis of network traffic without having to provide the storage capacity required for full packet capture.
NFDump – a network flow tool that captures the summary information necessary to do network flow analysis.
NFSens – a graphical front-end for network flow analysis. NFSens can analyze and display data captured by NFDump or an other device capable of producing network flow data.
nTop – a lightweight network probe that provides network usage statistics and protocol detection
Network Protocol Analysis/Full Packet Capture
When protection outweighs any cost, full forensic capture of the network traffic is an unbearable insurance policy. Our security controls provide a web-based front end for inspection of packets.
WireShark – a packet capture library that provides protocol detection and filtering capabilities.
Tcpdump – a packet capture library that allows for high-speed packet capture and storage.
Security Intelligence: SIEM (Security Information and Event Management)
Our product comes with rules that have been pre-set, that way everything works together right out of the box. Correlation means we take all of the data that comes from the other security controls, and puts it all together to give intelligent data and minimize false positives. Security Intelligence takes the raw data from all sources and generates the actionable alerts.Free Consultation