Panoptic Cyberdefense®

Managed Security Services

If software and hardware could prevent every security threat, there would be no intrusions, hacking, malware, or ransomware – yet we hear about new attacks almost daily. Why?

Because security is a process, not a product. The most effective cybersecurity operations require 24/7 monitoring with a Security Operations Center (SOC), separation of true security threats and information from the benign, and an immediate response. That’s why we’ve developed Panoptic Cyberdefense.

Built for Banks, Available to All

Panoptic Cyberdefense® is our SOC Managed Security service, initially built for banks in 2004 by some of the most experienced cybersecurity professionals in the industry. Our Panoptic Approach maximizes visibility throughout your network, providing you with the best defense.

Panoptic Cyberdefense Goal: mitigate risk, protect sensitive data, provide visibility to upper management, elevate your security team, all while satisfying compliance requirements.

How Panoptic Cyberdefense Works

Our experts first get to know your network—inside, at the perimeter, and in the cloud—to establish baselines and thresholds and be ready for response. We tune to your policies, priorities, and procedures.

We then monitor, correlate, and alert on threats, anomalies, and compliance violations 24/7 by accepting security data from all systems in your network and in the cloud into the Panoptic SIEM®, our ELK Stack-based Security Incident & Event Manager (SIEM), both license free – or yours, if you have one that you can trust.

Panoptic Sensor®

The onShore Security Panoptic Sensor® is one of the most advanced network sensors in the industry with direct-driver memory access for real-time processing. It combines IDS with log, anti-malware, host detection systems, and more system correlation into one of the most advanced detection systems available. It also serves as the on-premise or virtual log collector for the cloud-based Panoptic SIEM. Sensors can be sized with multiple 10Gb ports and multiple days of look-back PCAP storage.

The onShore Panoptic Sensor differs from most in that parallel, sensor algorithms allow for the creation of correlation rules at the sensor so that actionable events are identified before they reach the SIEM. Tuning at the sensor can be integrated with threat hunting exercises for increased gains in accuracy. All network data, security data, and log data are fed into the sensors. Some additional special sensor features include malware machine-learning detection, exfiltration detection, passive asset detection, multi-protocol sink-holing, SNMP trap capture, and syslog capture.

The Human Element

It takes people to stop people with bad intentions – you cannot rely entirely on automation. That’s why onShore Security analysts are the human component that pushes our security offering beyond simple alerting or even detection and response. By integrating with your organization, onShore analysts achieve an end-to-end view of the security of your network, and provide the high-level analysis needed for larger organizations and critical industries that must report to regulatory bodies and directors.

3 Levels of Cybersecurity Protection

Three levels of detection, response, and analysis are available:

  • Features:

  • SOC2 Type II Audited
    All of our systems, data center, and processes (service and internal) go through annual controls audits by a 3rd party. Our SOC2 report is made available under NDA.
  • Panoptic ELK Stack-Based SIEM, license-free
    The Panoptic ELK Stack-based SIEM is our advanced, purpose-built SIEM for analyzing and reporting security data.
  • Optional Customer SIEM
    We support most major SIEM systems.
  • Panoptic Sensor (IDS+), license-free
    The onShore Security Panoptic Sensor is one of the most advanced network sensors in the industry, with direct-driver memory access for real-time processing.
  • 24/7 Threat-Level Alerting
    We apply ITIL categories with your response rules.
  • Analyze Any Log, End-point Protection, SNMP, or API Data
    We can customize parsers for almost any log or output source.
  • 12-Month SIEM, Log, and PCAP Off-Site Retention
    All log, session, alert, ticket, and tagged PCAPs data are retained off-site for 12-months by default.
  • Proprietary Signature Updates
    Our own 15-year signature set is updated continuously.
  • Banking Signature Updates
    We maintain banking-specific signature sets.
  • Community Signature Updates
    We collaborate with the cybersecurity community.
  • SIEM Reports
    SIEM reports aggregate the alerts and correlated security data and deliver it to you in an easily understood and communicated format.
  • Firewall Report
    We provide reporting for blocked and filtered content, threat detection, geo-activity, and bandwidth graphing.
  • Dedicated Security Analyst
    Your analyst knows you and your network.
  • Proactive Threat Hunting
    Security engineers mine your network data, investigating anomalies.
  • Incident Response
    We take defensive action 24hrs/day.
  • Inform Security Policy
    Detection checks for compliance too.
  • Network Behavior Analysis
    Deeper knowledge provides useful insights and reduces false-positives.
  • Security Orchestration
    We provide assistance in bringing together all cybersecurity efforts.
  • Board Reporting and Presentation
    Directors and upper management gain confidence on cybersecurity posture.
  • Monthly Security Briefing
    This briefing provides an understanding of the activity and its relevance.
  • Reporting to IT Committee
    As needed additional reporting and analysis.

  • Security Management and Reporting
    There are high value alerts that require immediate attention. Outsourced monitoring offers this peace of mind, without the cost or hassle of operating a SIEM.

  • Managed Detection and Response
    onShore’s Managed Detection and Response cybersecurity service includes alerting, analysis, and response for detected events.

  • Security Orchestration

    onShore Security's Security Orchestration adds a monthly security briefing and report with high-level summary data on events and activity as well as on the threat landscape.