MANAGED DETECTION AND RESPONSE
- 24/7/365 Monitoring and Alerting
- Behavioral Data, System Data & Security Logs
Network Traffic Analysis – Inbound/Outbound Traffic
- Real-Time Process Monitoring – Disk/Fileless/PowerShell, etc.
Vulnerability Management, CVEs
Real-Time Vulnerability Scanning
Identification of all files on disks
Threat Intelligence
SIEM Log Correlation with Firewall, Windows Events & Endpoint Protection
Admin Privileges Granted/Removed
Malicious IP Detection
Brute Force Attack
Common Vulnerabilities & Exposures Detection
Suspicious Log Activity
User Accounts Created/Disabled
Local Firewall/Registry Values Modified
Root Cause Analysis
INTERNAL VULNERABILITY SCANNING
- Complete networking scanning for vulnerabilities across multiple vLANs
- Compares vulnerabilities to CVE ratings for remediation prioritizations
- Maps vulnerabilities to security frameworks such as NIST and CIS
- Active Directory Scanning of Users, Groups and Group Policy
EXTERNAL VULNERABILITY SCANNING
Tests the network as an intruder from the Internet would
- Scans for vulnerabilities from outside of the network
- Identifies any potential attack surfaces from the Internet
- Discover any exploitable security holes