WhiteHelm End to End Network Security
Managed Intrusion Detection

 

Managed  Intrusion detection and response service

Scenario..........
You believe your DMZ is  under attack from an extremist  who disagrees with your business philosophy. You want to begin to gather  an audit trail showing  attempted intrusions with the ability to respond in real time but you don't have the infrastructure to do this. What can you do?

 

As companies attach infrastructure  holding sensitive material  to public networks, like  the Internet, the security  of that private and proprietary material must be of utmost consideration. The security  of that information not only affects the company, but customers and shareholders as well. Unfortunately,  information security is a costly and complex undertaking  for companies, especially when it is outside their core competencies, and security expertise is expensive  and in short supply. You cannot merely implement  a software solution and achieve security. Security is a not a software product or a technology, but rather  an integrated and on-going  program. It is a vigilant program that must match  the determination and resourcefulness of the hacker community. Intrusion Detection, which provides notification of suspicious activity on your networks and servers, is an essential part of  a complete security process.  Due to the complexity of  the technology and its  resource intensive nature,  Intrusion Detection is  an ideal candidate for  partnership with a security  service provider.

Whitehelm  monitor networks and servers  to detect malicious activity  that may signal an intrusion. But we do not stop at detection and notification. In the event of an attack, Whitehelm’s  security experts will work  with your IT staff to help  businesses respond and protect their systems. Whitehelm provides two levels  of Intrusion Detection  to ensure comprehensive  coverage:

Using  state-of-the-art intrusion  detection tools Whitehelm`s intrusion detection services monitors your networks 24x7x365. Our trained professionals  at Whitehelm`s Network Operations Center monitor, investigate  and alert our security professionals when suspicious  activity occurs. We will  work closely with your  security team to define and coordinate appropriate responses for accurate and efficient handling of any incident.

Security is a process, not an event.  To address on-going security  needs and changing threats, our consultative approach to intrusion detection focuses on minimising business risk and making informed decisions.

Whitehelm  Managed Intrusion Detection Service works in conjunction with your firewall and authentication management,  as well as other security devices to provide comprehensive protection of your company's information and intellectual assets.

Our  unique approach to intrusion  detection takes your business from initial detection of suspicious activity through a full investigation and documentation of a compromising incident.

We provide the complete solution, so you don't have to deal  with installation, maintenance, or monitoring. Our Managed Intrusion Detection Service  includes:

  • Initial  consultation to review  your company's level  of incident response  preparedness and to provide recommendations for enhancement
  • 24x7 monitoring and management  through our Operations  Support System
  • A  team of certified engineers at our Network Operations  Center
  • 30-day Sensor tuning period to reduce "false positives"
  • Quarterly  consultation to ensure  current configuration of attack signatures is optimal
  • Regular  reports online via email
  • Whitehelms Proprietary suite of monitoring tools customised  to your environment.

Service  Features

Intrusion  Identification, Notification, and Response - Most  companies don’t find  out about misuse of their systems until well after it occurs, and may be reoccurring. The damage is often already  done. We provide immediate  identification of malicious  activity and immediate  access to the appropriate actions for protection of critical systems. This  can minimize the damage  and repercussions of an attack.

24x7 Coverage - It is difficult to staff an information  security effort full time,  though networks are connected to Internet 24x7 and hackers/crackers  rarely attack during normal business hours. Whitehelm  offers realisation of continuous  vigilance over access to networks and the information they contain.

Access to Real-time Information about the Security of the  Organisation - Access  to insight is a part of our service. Insight presents status information as well as historical reporting  on the security of the  network. This information allows you to maintain a realistic, informed view of your security so you  can make more informed  decisions in protecting your data.

Rapid  Implementation Period - Companies need this level of protection immediately. Implementations of these solutions in-house can often take months including  the training required for the IT staff for its support.  Whitehelm can save you time and money by deploying quicker and removing the need to train and retrain  their scare IT resources.

Access to Up-to-the-Minute Security Expertise and Protection - The security landscape  is continuously changing  as new technologies and techniques are developed and traded. It’s almost  impossible to for most  companies to keep up. Whitehelm  removes this burden by  constantly upgrading our  technologies and incident response knowledge through associations with government and private organisations  as well as software and hardware vendors.

Managed  Security Service Approach - Since software, hardware, and coverage is included in our service, there is no capital expense for  these items for our customers.

Types  of service

As your security partner, Whitehelms experts will work with your team to architect  an intrusion detection  solution. We often recommend  a combination of network  and host level intrusion  detection services as service functionality is complementary. Network Intrusion Detection  provides early warnings of a potential attack by watching network traffic in real time, while Host  Intrusion Detection watches for successful attacks against specific machines. Deploying both services offers intrusion detection and response at the network  level, while providing  machine-specific event  detail

Managed  Network Intrusion Detection Service

Whitehelms Network-Based Intrusion  Detection Service monitors  your network traffic for  intrusions that may occur on critical segments of  your infrastructure. Essentially, Whitehelm watches for telltale signs of attack and abnormalities  in network traffic that may signal an attempted  intrusion

To protect your system from these types of threats,  Whitehelm experts will work with your technology staff to understand which areas of your network are strategic  to your company. We use this information to architect  a solution to best secure your company by placing  sensors on these networks,  which listen for suspicious activity and maintain constant communication with our 24x7 Network Operations  Center. If we detect suspected  attack activity, our operators  launch notification, escalation,  and remediation recommendations.  These activities are tailored to your environment and  the expertise of your technology  staff.

As the security landscape is constantly changing,  Whitehelm has assembled a team of security experts to constantly upgrade our  technologies and response strategies. Our extensive  security resources and  partnerships allow us to  develop a robust knowledge base of security information.  We continuously push this knowledge to our customers in the form of updates, so they can maintain up-to-date  protection from malicious activity. Examples of the  activities we watch for  are:

  • Backdoor Signatures - Hidden software or hardware mechanisms that circumvent security controls
  • O/S  Exploits - Attacks specific to the operating system
  • Scans/Probes - An effort to gather  information about a machine or its users in order  to gain unauthorized  access to the system at a later date
  • Denial of Service Attacks - Inundation of hardware or a website with requests in order to deny legitimate  parties access.
  • Virus-Related  Activity - Anomalous  network traffic resulting from a virus outbreak
  • Internet Service Exploitation - Attacks that are specific  to Internet related services  (Finger, FTP, NETBIOS,  SMTP, TELNET, ICMP)

Managed  Host Intrusion Detection  Service

Whitehelms Host-Based Intrusion Service watches for compromises  of the operating systems  and file integrity on your  critical devices that may signal an attempt to gain  unauthorized access to  your system.

To protect your system from these types of threats,  Whitehelm experts will work with your technology staff to understand which of  your servers house information  or applications, which  are strategic to your company.  We use this information  to architect a solution to best secure your company  by placing technology on  these servers, which listens  for suspicious activity  and maintain constant communication with our 24x7 Network Operations Center. If we detect suspected  attack activity, our operators  launch notification, escalation,  and remediation recommendations.  These activities are tailored  to your environment and the expertise of your technology staff.

As the security landscape is constantly changing,  Whitehelm has assembled a team of security experts to constantly upgrade our  host-based intrusion detection  knowledge base and response strategies. As with network-based  intrusion detection monitoring,  we continuously push this knowledge to our customers so they can maintain up-to-date  protection from malicious  activity. Examples of the activities we watch for  are:

  • Failed Access -Failure to log-in  correctly multiple times  in a fixed period of  time
  • File Tampering - Changes to any file designated as critical
  • Rights/User  Changes - Additions of  users or changing user's  access rights
  • System Tampering - Modifications  to critical operating system files
  • Audit  Tampering - Attempts  to modify the system  log

Please call 0870 421 4023 to find out how your company  can benefit from Whitehelm`s  managed intrusion detection service, or e-mail anti-virus.team@Whitehelm.com requesting more information.

 

[Home] [Security] [Services] [Products] [What Sets Us Apart] [Contact] [Site Map]

Copyright ©2004-2007 Whitehelm Network Security Ltd
Copyrights, Trademarks & Disclaimers Terms & Conditions