The Panoptic Approach

Security is a process, not a product.

cyclical-security-process-final-600x600

Data Mirrors Policy

The onShore Security Process insures that Data Mirrors Policy. Our Panoptic Cyberdefense™ Security Operations Center (SOC) Service is a cybersecurity professional service involving high-level consulting, monitoring, data collection, analysis, security management, and reporting. We typically serve regulated industries and enterprises with complex networks and the need for 24hr cybersecurity response. We integrate with your IT organization to increase security visibility, provide reporting for management and regulators, and inform policy.


24-Hour Staff

We manage, monitor, analyze, alert, and dispatch 24 hours a day, 7 days a week.

Attacks are now often multi-vector, multiple exploit, with 55% of them beginning with social engineering. Our approach is holistic. In a post-Sony era, we assume every network is vulnerable inside and outside. Customer policy informs rules and tuning - what is best for one company may not be acceptable for another. During our two month onboarding process, we heavily tune our sensors to establish a baseline of your network with hundreds of parameters matched against characteristics of your policies, risk appetite, and regulatory compliance.


Correlation Across All Points

Governance Policy

We collect data from any system, our sensors on your site, cloud-placed sensors, netflow collectors, firewalls, and network devices, including encrypted payloads, and correlate that with logs from your systems to achieve an end-to-end security view. Security engineers analyze correlated data daily, augmenting and continuously tuning your customized signatures against industry sources and our own 15 year database.

Our reporting provides fully navigable SIEM data, as well as C-level status briefs and threat landscape reviews, currently making up 12 standard recurring reports and additional custom reports on request. All firewalls and sensors are managed with off-site logging, configuration management, and change control to your policies. We provide our audited SOC2 control matrix at your request.

IDS in Cloud

VM IDS collectors watch traffic to your applications.

IDS in Enterprise Network

Mirrored core-switch ports provide visibility, even into encrypted payloads.

IDS in Virtual Network

Micro-segmentation allows for fine tuning to application specific data.

Firewalls

Activity on both sides reveal the nature of an attack.

Storage Data

Monitor for compliance to access policies.

Host Data

Access and AD authentication logs correlate against network activity and alert on anomalous behavior.

Application Data

Application access and baseline behavior set alert thresholds.

Mobile Data

Remote user policy is monitored to match policy.