Managed Intrusion detection and response service
Scenario..........
You believe your DMZ
is under attack from an extremist who disagrees with your business philosophy. You want to begin to gather an audit trail showing attempted intrusions with the ability to respond in real time but you
don't have the infrastructure to do this. What can you do?
As companies attach infrastructure holding sensitive material to public networks, like the Internet, the security of that private and proprietary material must be of utmost consideration. The security of that information not only affects the company, but customers and shareholders as well. Unfortunately, information security is a costly and complex undertaking for companies, especially when it is outside their core competencies, and security expertise is expensive and in short supply. You cannot merely implement a software solution and achieve security. Security is a not a software product or a technology, but rather an integrated and on-going program. It is a vigilant program that must match the determination and resourcefulness of the hacker community. Intrusion Detection, which provides notification of suspicious activity on your networks and servers, is an essential part of a complete security process. Due to the complexity of the technology and its resource intensive nature, Intrusion Detection is an ideal candidate for partnership with a security service provider.
Whitehelm monitor networks and servers to detect malicious activity that may signal an intrusion. But we do not stop at detection and notification. In the event of an attack, Whitehelm’s security experts will work with your IT staff to help businesses respond and protect their systems. Whitehelm provides two levels of Intrusion Detection to ensure comprehensive coverage:
Using state-of-the-art intrusion detection tools Whitehelm`s intrusion detection services monitors your networks 24x7x365. Our trained professionals at Whitehelm`s Network Operations Center monitor, investigate and alert our security professionals when suspicious activity occurs. We will work closely with your security team to define and coordinate appropriate responses for accurate and efficient handling of any incident.
Security is a process, not an event. To address on-going security needs and changing threats, our consultative approach to intrusion detection focuses on minimising business risk and making informed decisions.
Whitehelm Managed Intrusion Detection Service works in conjunction with your firewall and authentication management, as well as other security devices to provide comprehensive protection of your company's information and intellectual assets.
Our unique approach to intrusion detection takes your business from initial detection of suspicious activity through a full investigation and documentation of a compromising incident.
We provide the complete solution, so you don't have to deal with installation, maintenance, or monitoring. Our Managed Intrusion Detection Service includes:
- Initial consultation to review your company's level of incident response preparedness and to provide recommendations for enhancement
- 24x7 monitoring and management through our Operations Support System
- A team of certified engineers at our Network Operations Center
- 30-day Sensor tuning period to reduce "false positives"
- Quarterly consultation to ensure current configuration of attack signatures is optimal
- Regular reports online via email
- Whitehelms Proprietary suite of monitoring tools customised to your environment.
Service Features
Intrusion Identification, Notification, and Response - Most companies don’t find out about misuse of their systems until well after it occurs, and may be reoccurring. The damage is often already done. We provide immediate identification of malicious activity and immediate access to the appropriate actions for protection of critical systems. This can minimize the damage and repercussions of an attack.
24x7 Coverage - It is difficult to staff an information security effort full time, though networks are connected to Internet 24x7 and hackers/crackers rarely attack during normal business hours. Whitehelm offers realisation of continuous vigilance over access to networks and the information they contain.
Access to Real-time Information about the Security of the Organisation - Access to insight is a part of our service. Insight presents status information as well as historical reporting on the security of the network. This information allows you to maintain a realistic, informed view of your security so you can make more informed decisions in protecting your data.
Rapid Implementation Period - Companies need this level of protection immediately. Implementations of these solutions in-house can often take months including the training required for the IT staff for its support. Whitehelm can save you time and money by deploying quicker and removing the need to train and retrain their scarce IT resources.
Access to Up-to-the-Minute Security Expertise and Protection - The security landscape is continuously changing as new technologies and techniques are developed and traded. It’s almost impossible to for most companies to keep up. Whitehelm removes this burden by constantly upgrading our technologies and incident response knowledge through associations with government and private organisations as well as software and hardware vendors.
Managed Security Service Approach - Since software, hardware, and coverage is included in our service, there is no capital expense for these items for our customers.
Types of service
As your security partner, Whitehelms experts will work with your team to architect an intrusion
detection solution. We often recommend a combination of network and host level intrusion detection services as service functionality is complementary. Network Intrusion Detection provides early
warnings of a potential attack by watching network traffic in real time, while Host Intrusion Detection watches for successful attacks against specific machines. Deploying both services offers
intrusion detection and response at the network level, while providing machine-specific event detail
Managed Network Intrusion Detection Service
Whitehelms Network-Based Intrusion Detection Service monitors your network traffic for intrusions that may occur on critical segments of your infrastructure. Essentially, Whitehelm watches for telltale signs of attack and abnormalities in network traffic that may signal an attempted intrusion
To protect your system from these types of threats, Whitehelm experts will work with your technology staff to understand which areas of your network are strategic to your company. We use this information to architect a solution to best secure your company by placing sensors on these networks, which listen for suspicious activity and maintain constant communication with our 24x7 Network Operations Center. If we detect suspected attack activity, our operators launch notification, escalation, and remediation recommendations. These activities are tailored to your environment and the expertise of your technology staff.
As the security landscape is constantly changing, Whitehelm has assembled a team of security experts to constantly upgrade our technologies and response strategies. Our extensive security resources and partnerships allow us to develop a robust knowledge base of security information. We continuously push this knowledge to our customers in the form of updates, so they can maintain up-to-date protection from malicious activity. Examples of the activities we watch for are:
- Backdoor Signatures - Hidden software or hardware mechanisms that circumvent security controls
- O/S Exploits - Attacks specific to the operating system
- Scans/Probes - An effort to gather information about a machine or its users in order to gain unauthorized access to the system at a later date
- Denial of Service Attacks - Inundation of hardware or a website with requests in order to deny legitimate parties access.
- Virus-Related Activity - Anomalous network traffic resulting from a virus outbreak
- Internet Service Exploitation - Attacks that are specific to Internet related services (Finger, FTP, NETBIOS, SMTP, TELNET, ICMP)
Managed Host Intrusion Detection Service
Whitehelms Host-Based Intrusion Service watches for compromises of the operating systems and file integrity on your critical devices that may signal an attempt to gain unauthorized access to your system.
To protect your system from these types of threats, Whitehelm experts will work with your technology staff to understand which of your servers house information or applications, which are strategic to your company. We use this information to architect a solution to best secure your company by placing technology on these servers, which listens for suspicious activity and maintain constant communication with our 24x7 Network Operations Center. If we detect suspected attack activity, our operators launch notification, escalation, and remediation recommendations. These activities are tailored to your environment and the expertise of your technology staff.
As the security landscape is constantly changing, Whitehelm has assembled a team of security experts to constantly upgrade our host-based intrusion detection knowledge base and response strategies. As with network-based intrusion detection monitoring, we continuously push this knowledge to our customers so they can maintain up-to-date protection from malicious activity. Examples of the activities we watch for are:
- Failed Access -Failure to log-in correctly multiple times in a fixed period of time
- File Tampering - Changes to any file designated as critical
- Rights/User Changes - Additions of users or changing user's access rights
- System Tampering - Modifications to critical operating system files
- Audit Tampering - Attempts to modify the system log
Please call 0870 421 4023 to find out how your company can benefit from Whitehelm`s managed intrusion detection service, or e-mail sales@Whitehelm.com requesting more information.
Copyright ©2004-2010 Whitehelm Network Security Ltd
Copyrights, Trademarks & Disclaimers Terms & Conditions