We have entered the era of targeted cyber-attacks. The question is not “if” your company has been breached, or even “when.” It has already happened. The real questions are: is your organization aware of it, and are you capable of detecting and responding to future threats?
An effective Security Operations Center (SOC) can form the heart of an organization’s operational defense against advanced cyber-attacks. However, many organizations struggle to implement their SOC ambitions. When developed in-house, SOC challenges include identifying suitably skilled resources to provide 24×7 coverage and leveraging the most effective technologies for advanced threat detection and reporting metrics.
Remote Monitoring Detection and Response
CyberWatch Managed Security Services is a 24x7x365 fully- or semi-automatic service to remotely monitor, detect, respond and neutralize cyber threats, enhanced by our NERC CIP aligned Security Operations Center (SOC). It is built on a next generation security intelligence and analytics platform powered by LogRhythm. The main objective of the CyberWatch service is to deliver the right information, at the right time, with the appropriate context, to minimize the amount of time it takes to detect (Mean time to Detect (MTTD)) and respond (Mean Time to Respond (MTTR)) to damaging cyber threats. The service is provided to our client’s OT/IT Infrastructure environment via data collection technology deployed as an appliance or as a software agent.
Utilizing the latest in threat management and incident response services, CyberWatch will arm our security operation analysts with the ability to proactively identify vulnerabilities for repair and quickly react to detected abnormal behaviors.
Security incidents will quickly be identified and alerted for faster isolation and repair through:
- Client infrastructure Data Collection: Gathers real time data collection within the client’s infrastructure covering Security, System, Audit and Application logs as well as data flows. The service is available in two (2) options:
- Hardware-based (appliance deployed into the client environment)
- Software-based (agent deployed into the client environment)
- Remote Monitoring, Detection, and Response Toolset: Powered by LogRhythm, 7 x 24 centralized collection, processing and analysis of events generated by monitored client infrastructure. The results are presented within a secure, client-facing web portal where authorized client and Long View personnel can view, analyze, and respond to alerts;
- Advanced Security Analytics: Customer infrastructure data is combined and analyzed with external threat intelligence to produce a prioritized set of alerts based on client and external information;
- Incident Response Orchestration: Security Incident Response Orchestration built upon a “Smart Response Automation Framework” that supports several execution options to automate or semi automate manual remediation processes reducing Mean Time To Repair (MTTR). All activities are tracked as part of the case history, providing real-time status and a tamper-proof audit trail. Threats are proactively identified, prioritized based on organizational risk and rapidly investigated within the Security Intelligence Platform; and,
CyberWatch Remote Monitoring Detection and Response Features