Threat’s environment has changed a lot over the last five years, and is characterized by the increasing number of attacks, their complexity and finally the significant impact they have on organizations. To address these threats, we have developed a strategy that is characterized by the principle that the information infrastructure of an organization is compromised and based on possible attack scenarios (use cases).
This strategy guided us to evolve the Managed Security Services we provide through our Intelligence-Driven SOC, using Artificial Intelligence, Network Behavior Analysis, User Behavior Analysis and Endpoint Detection & Response technologies.
The milestone of our Managed Security Services is the advanced and intelligent Netbull Threat Management NG platform, on which the use cases are built according to the organization's business activities, its IT infrastructure, security requirements and compliance with regulatory frameworks. The service provided in Prevention, Detection & Response areas.
Prevention
The Prevention services included in 24x7 RTTM service are (a) Global Threat Level Monitor service, (b) Vulnerability Assessment service and (c) Threat Intelligence service
(a) Through the Global Threat Level Monitoring service, our company globally monitors security events and provides Early Warning of new vulnerabilities and active attacks and Virtual Patches in the case of new software vulnerabilities whose manufacturer has not issued a security patch through the implementation of custom IPS rule, firewall rule, endpoint detection rule, etc.
(b) Vulnerability assessment service provides so that (a) in each security incident, the under-attack system vulnerabilities to be reported and false alarms to be reduced and (b) the organization can make the repair of the defined vulnerabilities. The service covers a wide range of vulnerabilities, protocols, applications, operating systems and services to identify all known vulnerabilities, providing accurate results and thus excluding false positive and false negative findings.
(c) The Threat Intelligence service or otherwise Threat Feeds was created to enhance the capabilities of threat detection mechanisms so they can detect more efficient known advanced attacks. Threat Feeds directly assist Incident Response teams in quickly identifying and responding to a known threat. Threat Feeds/Intelligence either in the form of a list containing IP addresses and Hosts or in the form of IOCs (Indicators of Compromise) remain static, “signatured based” defense tactics.
Detection
Netbull Security Analysts monitor 24x7 in real-time all attacks on nSOC customer’s infrastructure and depending on the type of incident they will take the necessary actions including update, validation, prioritization, treatment and investigation. The detection services include (a) Artificial intelligence & cognitive computing and (b) User Behavior Analysis (UBA) service
(a) Netbull integrated artificial intelligence technologies to its Security Operations Center (nSOC) and now has a state-of-the-art Security Intelligence Center (SIC). This service is designed to immediately detect at early stage an attack, understand the logic of the attack and the methodology of a specialized hacker.
(b) As an integrated service of our platform, UBA service utilizes behavioral models and Machine Learning (ML) to add user network to network flows, security incidents, vulnerabilities and threats for faster and more accurate attack detection.
Response
We use a four stages process to response security incidents
(a) Preparation. In the preparation stage, the response teams, the required infrastructure, the necessary procedures and policies as well as the proposed forms will be identified.
(b) Analysis. At this point the evaluation of the incident, the determination of the criticality and the treatment plan are made to avoid a serious impact in the organization.
(c) Interception/Eradication/Recovery. At this stage the incident management team will take action to reduce the organization exposure and damages, to identify the causes that caused the incident and return the organization its normal framework and operation.
(d) Review. At this last stage an overall assessment of the incident needs to be made. A report is created through which the organization is informed about the incident, what exactly happened, what measures were taken and what were the results.
DEMO/PoC Request
For more information, detailed presentation and/or PoC of Real Time Threat Management (RTTM) 24x7 Services, please fill the relevant Demo/PoC request form.