SecurIA is an integrated threat protection platform that was designed to control and monitor a heterogeneous mix of IT technology from top to bottom at every touch-point on the threat landscape, and it provides complete intrusion detection and prevention along with contextual analytics, security incident and event management and immediate response and remediation services.

 

It was designed to integrate multiple point solutions into a single, unified monitoring service platform. It combines leading edge web application and end-point protections with advanced behavioral analytics which preempt breaches post-infection and can identify sophisticated threat vectors and shut them down at the source.

 

It not only manages network and Internet security but also every infrastructure component, from servers to mobile devices, network devices and flow, applications, firewalls, databases, storage systems, virtualization, gateways, email and directory services. It also provides auditable and verified compliance with all HIPAA, SOX and PCI-DSS regulatory requirements.

SecurIA is available on a monthly subscription basis that includes all engineering, configuration, tuning, licenses and maintenance, along with a dedicated Security Operations Control Center providing support on a 24×7×365 basis with a 15 minute response SLA. We not only detect and identify the infection, but we contain and dispose of it and provide detailed evidence of the attack, managing the entire process through completion until you are back up and running normally and fully recovered.

6 Layers of Prevention To Recovery

Layer One – Log Monitoring

Security Information and Event Management (SIEM)  and/or Threat Hunting Analytics (THA) to monitor the logs and events for security incidents at real-time, along with A.I. modeling to identify threats with precision. 

 

A collector (physical or virtual, also from Cloud) will be deploy to aggregates and analyzes activity from many different resources across your entire IT infrastructure, i.e. security data from network devices, servers, domain controllers, and more.

Sample of SIEM Key Functions:

  • Data Ingestion and Analytics

  • Contextual Real-time Alerts

  • Threat response workflow

  • Manage Incident Notification Policies

  • Reporting and forensics about security incidents

  • Alerts based on analytics that match a certain rule set, indicating a security issue

Sample of THA Key Functions:

 

  • Measure threat hunting programs as a scale of increasing maturity levels

  • AI threat detection workflow automation

  • Supplement to SIEM to analyze all data

  • Quickly run specific queries across multiple entities and vectors of analysis

  • Auto correlation to connect the source, movement and impact of an attack

Integrated Prevention & Defense Firewall (IPDF) objective is to apply automation to stop malicious IP addresses, URL, & Domain Names from entering from the outside and connecting from the inside.  It works conjunction with most of the Firewall solutions and to increase the efficiency of the Firewall with over 7 TB of Threat Intelligence from over 850 sources without the network engineer’s resource to manage rules.

Sample of IPDF Key Functions:

  • stop malicious attacks from the public internet, including DoS or DDoS,

  • prevents activation of ransomware such as Cryptowall and Cryptolocker

  • protect internal devices from communicating to the malicious host from Spear-Phishing attacks,

  • create and maintain protection policies to block and allow what fits security requirements,

  • auto analysis firewall log by our S.O.C. and update the firewall rule without human interactive

  • prevents data theft and corruption by stopping malware from "phoning home" to threat actors;

  • customize controls to block, allow, or redirect DNS queries by Geo-region IP & domains, 

  • leverages DNS to protects all devices, any port, any protocol, and any application,

  • auto release blocked IP when it has become “clean.”

Layer Two – Autoblocking

 
 

Layer Three – Behavioral Analytics

Most security monitoring systems utilize a signature-based approach to detect threats, which allows the Advanced Persistence Threats (APT) to hide within networks to exploit all weakness or valuable digital assets before exfiltration. Network Behavioral Analytics (NBA) uses Machine Learning modeling to detect modern hacktivists’ extraordinary prowess in morphing signatures to evade detection by traditional security check posts, i.e. Zero Day Threats. 

Sample of NBA Key Functions:

 

  • generated by an extensive set of dynamic threat models, aided by machine learning techniques to detect both known and unknown zero-day attacks

  • cognitive abilities using Unsupervised and Semi-Supervised learning to quickly identify, contain, and eradicate advanced Zero-Day malicious exploits

  • identify and detect low and slow threats that manage to circumvent traditional north-south hard edges and navigate east-west [laterally] across the soft cores inside the perimeter of the network

  • rich library of models and algorithms that can deploy from date of installation, which can baseline the enterprise behavior from many different angles and data-points to detect network level broad anomaly, insider attack to threat specific attacks while they are happening

 

Preventative hygiene in vulnerabilities scanning should become a fundamental practice in cybersecurity, and Continuous Vulnerabilities Scanning Management (CVAM) is an important active defense, in order to assure that your entire IT infrastructure is current with relevant patches and security levels. This continuous management will keep security experts and IT administrators up to dates with known vulnerabilities along with Risk Trending Analysis can provide preventive insights to build best practices to increase the attack barriers and awareness of weakness.

Sample of CVAM Key Functions:

  • Automated alerts with score to easily identify the risk severity for prioritization

  • as part of the managed platform to eliminate the cost of an expensive tool and a process your IT team requires to learn and operate

  • Capabilities include unauthenticated testing & authenticated testing, with various high and low-level Internet/industrial protocols 

  • online reporting with Risk Trending on ongoing management process with gap analysis, relevant findings, and remediation roadmap

  • an ongoing vulnerability/configuration management program, and in support of demonstrable compliance initiatives for relevant framework and regulation

Layer Four – Threat Scanning

 

Layer Five – End Point Protection

End Point Protection is much more than Anti-Malware, it includes Data Loss Prevention, Phishing, Roaming DNS Firewall, SPAM Filtering, and MFA.  Most of other layers focus on the malicious attacks flow, and this focus on the End Users’ machine level to increase defense capabilities. Majority of the attacks are initiated from within the network, EPP with NBA and IPDF will provide the holistic defense requires to stop most attack vectors; signature or signatureless. 

Sample of EPP Key Functions:

 

  • SPAM Filtering detects potential phishing risks, generates an alert and sends it to the SIEM for correlation with other similar alerts. 

  • Roaming DNS Firewall Blocks or redirects malicious and unwanted DNS queries in real-time whenever the user goes; which also protects the machine from infecting malwares when outside of the company network protection

  • restrict non-compliant data transfers and verifiably protecting personal data

  • utilizes content discovery, and contextual analysis to identify and categorize sensitive data, plus encrypting file accessed by an unknown app

  • MFA with software, hardware and biometrics to authenticate the User, not a Robot

  • Tracking suspicious staff file access activities by investigation by timeframe, exposure type, file category, file name, file hash and more

 

Recovery or Business Continuity is a must for every business, and the keys to success is to make it affordable and user friendly for every business; along with InterOps reporting to identify Risk Trends in Detection & Resolution period to provide the single pane of glass for SecOps efficiency.  The Recovery is part of the InterOps process includes testing on the Backup files, setting up test environment for drills, and monitoring backup & replication activities to eliminate potential loss of data. InterOps is the service layers to enhance the triage of Technology, People & Process; a dashboard with risk indicators & trending analysis to determine the efficiency between Security and IT operation.  

Layer Six – Recovery with InterOps

 
Netswitch Hi_Res.png
  • Black LinkedIn Icon
  • Black Google+ Icon
  • Black Twitter Icon
  • Black Facebook Icon

Site Map

Contact Us

400 Oyster Point Blvd., Suite 228
South San Francisco, CA 94080
T +1 415 566-6228
F +1 415 566-4226
Email: contact@netswitch.net

©2020 by Netswitch Technology Management.