24/7 monitoring of your corporate network and assets. Detection of suspicious or anomalous activity through human analysis assisted by the latest in AI and Machine Learning. Remediation and strengthening of your overall Security Posture.
DDoS. Ransomware. SQL Injection. In this new age of heightened cyberthreats, companies both large and small are aware of the need to secure their enterprise infrastructure, against threats that are becoming almost commonplace. Many have implemented what are now considered basic and mandatory security precautions, such as endpoint (desktop, laptop, server) anti-virus, network firewalls, and VPN-secured remote access.
But what most enterprises are missing is a bird’s eye view of these interrelated security measures – a view of the forest. Our security services and solutions, delivered by IT security experts of the highest caliber, will provide your firm with a comprehensive and powerful threat detection and remediation strategy, based on centralized intelligence and analytics.
When it comes to IT security, the sum is greater than the parts.
A SOC consists of a team of dedicated security engineers and analysts who, equipped with a security intelligence platform (next-gen SIEM), provide real-time network and infrastructure monitoring and analysis.
With the exponential growth of threats, companies of all sizes have experienced attacks themselves. But setting up a SOC internally can be expensive, and cybersecurity talent is hard to find.
Our Virtual SOC gives you all the advantages of a dedicated internal SOC, at a reasonable cost, remotely operated by cyber professionals with rich civilian and military training and experience.
* MICRO FOCUS 2019 STATE OF SECURITY OPERATIONS UPDATE
* MICRO FOCUS 2020 STATE OF SECURITY OPERATIONS
Today a company’s digital footprint is in competition with its physical offices for most essential to business continuity. Visibility into your corporate infrastructure and network is no longer just a luxury. The ABCs of any physical security plan must include knowing the current state of the physical environment and detecting changes. Visibility into your company’s business-critical compute infrastructure is an essential step to safeguarding the continued functioning and success of your business.
An advanced artificiaI intelligence engine allows our analysts to collect information spanning millions of sources regarding any suspicious indicators, dramatically shortening event investigation times.
Our advanced User Behaviour Analysis (UBA) system utilizes machine learning to create benchmarks for users' normal behaviour patterns, enabling detection of anomolous activity.
Custom rules, searches and reporting crafted for your organization's unique environment, giving you actionable visibility in areas of greatest business impact.
BrothersKeep delivers a virtual Security Operations Center (vSOC) with a state-of-the-art Security Intelligence platform at its center, operated by a team of expert security engineers and analysts. This virtual SOC, dedicated to your enterprise, confers multiple security-related and operational advantages.
Continuous security monitoring allows for the detection of suspicious patterns and anomalous user and network activity within your corporate network and infrastructure. Such capabilities put you in a position to stay ahead of both external and insider threats.
Many compliance standards – including ISO 27001, PCI-DSS and HIPAA – require organisations to continuously monitor their their logs for significant security events. While compliance regulations rarely name specific technologies, utilizing a SIEM for security monitoring is the preeminent method of satisfying these requirements – as SIEM technology was developed for the purpose of advanced security event correlation and monitoring.
Automated network and infrastructure scanning helps you discover, manage and prioritize vulnerabilities within corporate systems and devices.
Post-incident, the logs ingested, analyzed and stored by our vSOC provide an ideal entry point for investigation of what actually occurred. Where did the attack begin? What is the threat vector utilized? Which devices or systems were involved? With logs stored for at least a month (or more, as per your requirements), security analysts can try to determine the start of an incident, its attack methods as well as which machines have been targeted and potentially compromised.
Infrastructure monitoring can provide insights into potentially inefficient processes, misconfigurations and shadow IT weighing on your corporate network.
Perhaps your organization has been breached in the past, and you know the kinds of threats you are up against. Or you’re an organization that wants to get ahead of future threats before they materialize.
At the beginning of a monitoring engagement, our security experts will sit with you to understand your business-critical assets and processes, and the potential threat vectors against them. This threat model, unique to your context, forms the basis of the monitoring strategy devised for your firm. The model informs which assets should be monitored as well as the types of indicators requiring prioritized investigation.
Onboarding
A SIEM – Security Incident and Event Manager – collects the logs that are produced by the different kinds of systems and devices on a corporate network. With these previously dispersed logs aggregated within a single SIEM platform, patterns begin to emerge that would prove elusive when observing single data sources. SIEM technology employs advanced correlation rules and machine learning to provide meaningful alerts.
Many security-related compliance standards require organisations to continuously monitor their their logs for significant security events. Compliance regulations don’t usually name specific technologies, as technologies change over the years, and regulations tend to stay more theoretical to be relevant over time. But such monitoring is almost impractical to deploy without using a SIEM. The SIEM collects infrastructure and network device logs, stores them in a central repository, and provides a layer of automated monitoring, with rule- and AI/ML-based alerts for events requiring further analyst investigation.
Every networked device or asset – desktop or laptop computer, corporate server, firewall, IoT devices, cloud resources – has built-in logging capabilities. Each device logs events such as logon successes and failures, process and network session starts and stops, admin activity, and API access, among many others. While such individual events don’t yet tell a story, correlating these events together, along with coordinating them with parallel events on other networked devices and applications, begins to uncover suspicious or anomalous patterns in corporate systems.
Deciding which assets to monitor comes down to a combination of several factors, including a. essential Infrastructure – devices such as firewalls, domain controllers, application, file and email servers, and anti-virus/anti-malware servers; b. business continuity impact – assets which are are most critical to your ability to do business; and c. budget constraints and requirements.
Our Security Intelligence platform can ingest logs from Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP), as well as enterprise platforms and applications such as Salesforce, Office 365, and Box, along with many more.
Monitoring plans are available in several tiers, with the price varying accordingly. The Essentials tier provides basic monitoring of essential corporate infrastructure, and is geared toward basic security, and fulfilling compliance regulations. The Advanced tier widens the monitoring scope, reduces response times, and includes User Behaviour Analysis (UBA), Vulnerability scanning and management, and other advanced SIEM components. The Custom tier is for organisations who want the most advanced and intensive security monitoring available, with comprehensive threat and vulnerability mapping and complex custom, environment-specific correlation rules.
