Network Security Monitoring

The concept of our monitoring solution is quite simple: We monitor your network for attacks, intrusions,malware and other malicious activity. We do this with data generated by devices you already own and have in place. If you are lacking in any particular area, we can also find you cost effective solutions for a more complete picture of the data and devices on your network.

Our solution allows us to view your network from a high ground which gives us an advantage over an adversary. This high ground relies on intelligence in the form of logs generated by some, or ideally all, of the following devices:

• Network IDS/IPS
• Host IDS/IPS
• Firewall logs
• Network "flight" recorders
• Antivirus Logs
• Session tables
• Web server error and access logs
• Operating System logs
• Remote Access logs
• Asset inventory logs

The Secure Operations Center (SOC) is the common name for the group who uses the data mentioned above. Unfortunately the vast majority of companies with fewer than 5,000 employees do not plan on building a SOC. Most companies would like to have one but cannot due to reasons including budgeting, staffing and training. Despite those facts, one thing is certain - all companies would benefit by having one.

All companies, large and small are targets of attack. If you have an IP address, you're likely being scanned this very moment. In fact, an unpatched windows machine will last little more than an hour on the Internet before being compromised. There are ways of mitigating this such as the use of a properly configured firewall, but the point is that your network is being scanned for vulnerabilities numerous times per day!

By viewing the complete picture, we can see these scans and attacks to determine how far they've penetrated the network, if at all, and whether or not it was successful. In the unfortunate case that a penetration was successful, we are also qualified to handle incidents.

If you do your own security monitoring, make sure you can honestly answer the following questions. If not, please don't hesitate to contact us for any asstance - no matter how trivial it may seem.

• Do you review your operating system, antivirus, firewall and IDS logs at least once per day?
• How confident are you that you are 100% virus/worm free?
• How much would it cost your business if a critical machine was offline and not avilable to your employees or customers?
• Do you have the expertise in-house to handle such an incident?
• Is the staff performing your monitoring specifically trained for intrusion analysis?