Security is a process, not a product.
Data Mirrors Policy
The onShore Security Process insures that Data Mirrors Policy. Our Managed Security Service is a customized monitoring, management, and remediation Cybersecurity service for regulated industries and enterprises with complex networks and the need for 24hr cybersecurity response. We integrate with your IT organization to increase security visibility, provide reporting for management and regulators, and inform policy.
We manage, monitor, analyze, alert, and dispatch 24hrs a day, 7 days a week.
Attacks are now often multi-vector, multiple exploit, with 55% of them beginning with social engineering. Our approach is holistic. In a post-Sony era we assume every network is vulnerable inside and outside. Customer policy informs rules and tuning - what is best for one company may not be acceptable for another. During our two month onboarding process we heavily tune our IDS sensors to establish a baseline of your network with hundreds of parameters matched against characteristics of your policies, risk appetite, and regulatory compliance.
Correlation Across All Points: A Panoptic Approach
We collect data from any system, IDS on your site, cloud-placed sensors, netflow collectors, firewalls, network devices including encrypted payloads, and correlate that with logs from your systems to achieve an end-to-end security view. Security engineers analyze correlated data daily, augmenting and continuously tuning your customized signatures against industry sources and our own 15 year database.
Our reporting provides fully navigable SIEM data as well as C-level status briefs and threat landscape reviews. Scheduled Vulnerability Scans and other tests are performed. We primarily follow the NIST framework for policy development and consulting, becoming part of your policy team. All devices are managed with off-site logging, configuration management, and change control to your policies. We provide our audited SOC2 control matrix at your request.
IDS in Cloud
VM IDS collectors watch traffic to your applications.
IDS in Enterprise Network
Mirrored core-switch ports provide visibility, even into encrypted payloads.
IDS in Virtual Network
Micro-segmentation allows for fine tuning to application specific data.
Activity on both sides reveal the nature of an attack.
Monitor for compliance to access policies.
Access and AD authentication logs correlate against network activity and alert on anomalous behavior.
Application access and baseline behavior set alert thresholds.
Remote user policy is monitored to match policy.