Chat with us, powered by LiveChat

Threat Hunting

Customer Challenge:  Computer systems produce thousands of event logs every day.  How do you synthesize all these events into actionable items?

What is the risk:  Without organizational threat hunting, an organization’s cyber security controls become stale and ineffective.  Essentially there is no viable way of measuring the capacity to track and eliminate threats with out performing threat hunting.

Customer Benefit:  Customers using the CyberWatch threat hunting solution will be able to identify and eliminate real time attacks


Definition(s):

Threat Hunting is the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

Dwell Time: represents the length of time a cyber attacker has free reign in an environment from the time they get in until they are eradicated.  This is typically quantified by the following metrics of  Mean Time to Detect (MTTD) and Mean Time to Repair/Remediate (MTTR) and is usually measured in days. 

Security Operations Center

Customer Challenge: Implement and manage a Security Event and Information Management (SEIM) tool with out having to dedicate and train additional staff.

What is the risk:  Without out a viable SEIM tool, organizations cannot perform critical log collection and analysis.  Logs are created by various sources within the organizational infrastructure such as operating systems, network systems, and applications.  These security, network and system logs provide the first indicators of compromise.  Furthermore, organizations must understand how to remediate or add additional compensating controls once threats are identified within the infrastructure.

Customer Benefit:  Customers of the CyberWatch threat hunting service will automatically have their critical system logs ingested by the CyberWatch SEIM tool.  Customers will be able to review key metrics and indicators of compromise in their dedicated dashboard.

Sample images:

SIGNAL COUNT DETECTION

SIEM Overview

SIEM INVESTIGATIONS

SIEM Timelines

ANOMALY PRIORITIZATION

Anomaly Detection

MACHINE LEARNING

Job Management

EVENT DRILL DOWN

Signals

Chief Information Security Officer(virtual)

Customer Challenge:  A cybersecurity program involves technology, people, leadership, compliance, and customers.  How does a customer create, implement, and manage these types of programs with out dedicated staff?

What is the risk:  To often we see organizations making an investment in a tool or service, and in a few months the tool or service becomes unused and not relevant.  This is because organizations fail to understand that the implementation is only the first step.  A cybersecurity program requires additional management, leadership buy in, and measurements(metrics) to show the positive return of investment.

Customer Benefit:  Customers using the vCISO services have a fully managed and administrated cyber security program up and running within 30 days.  This program takes into account the following considerations as part of the development of the cybersecurity program:

  • Compliance Risk Assessments
    • HIPAA / HiTech
    • NIST 800-53 v.4 and v.5
  • Network Vulnerability Assessments
    • Internal agent or agentless scanning
    • System / Network vulnerability identification and categorization
    • Web services and applications analysis
    • Authenticated and Unauthenticated capabilities
    • External and DMZ scanning

The outcome of these assessments are represented as:

  • Residual risk mapping report
    • Threat vector identification
    • Control analysis and remediation recommendations
    • Compliance attestation preparation
      • SOC2, HIPAA Compliance, ISO 27001

Zero Trust Network Access

Customer Challenge:  The Internet is both a benefit and a harm to organizations across the globe.  Specifically the harm of exposing organizational infrastructure to a constant barrage of malicious activity through exposed services, ports and protocols, organizations put themselves at greater risk than necessary.

What is the risk:  Customers should think of the Internet as a doorway that leads to their organization.  Attackers simply scan the Internet for doors that are left unlocked, or have a poor “lock on the door” that can be broken or bypassed.  Attackers are well aware of the various ports, protocols, and services that are used in many common web pages and web applications, such as SQL, Java, IIS and others to numerous to name here.

Customer Benefit:  The CyberWatch solution can “hide” all Internet exposed gateways behind a secure and encrypted private domain.  Simply put, a customers webpages and web applications can no longer be scanned or detected.  Attackers cannot attack what they cannot detect!

CyberWatch Security

 

Top 5 reasons why organizations get hacked:

  1.  Applications and Systems with known vulnerabilities are not patched.
  2. Organizations do not have the expertise and resources to stop cyber attacks.
  3. General users are not educated in cyber security prevention techniques.
  4. The techniques and tactics for cyber attacks are constantly changing.
  5. Businesses don’t think that it will happen to them.

Type of Questions that we ask:

  • What are you trying to protect?
  • How much risk are you willing to accept?
  • Are there any laws or regulations that you must comply with?
  • What is your budget and project timeline?
  • What are the cybersecurity expectations of your customers?
HAVE QUESTIONS? WE HAVE ANSWERS!

CONTACT US

    Etiam magna arcu, ullamcorper ut pulvinar et, ornare sit amet ligula. Aliquam vitae bibendum lorem. Cras id dui lectus. Pellentesque nec felis tristique urna lacinia sollicitudin ac ac ex. Maecenas mattis faucibus condimentum. Curabitur imperdiet felis at est posuere bibendum. Sed quis nulla tellus.

    ADDRESS

    63739 street lorem ipsum City, Country

    PHONE

    +12 (0) 345 678 9

    EMAIL

    info@company.com