CommSec provide a fully managed Security Operations Centre (SOC) which includes a Managed Detection & Response service. 

We have trained certified cybersecurity engineers who can assess those anomalies and immediately alert you if something is amiss.

You benefit from our ability to use cutting edge tools, including Machine Learning/Artificial Intelligence, and our ability to stay on top of security trends, and from our security team’s expertise and experience.

SOC as a Service 

This involves the discovery of assets in your estate, we then provide continuous vulnerability assessments, intrusion detection and behavioural monitoring with a full Security Incident Event Management (SIEM). This includes Glacial Storage which is the untampered evidence that will stand up in a court of law should you wish to prosecute offenders.

All of this is supported by Alien Vault Labs Threat Intelligence OTX – Open Threat Exchange. The benefit of this is as soon as a threat is detected in another customer site, the Labs get updated immediately and this is then available to all customers of the service giving real time updates to the latest threats.

Most businesses;

  • Lack the in-house capabilities required to keep pace with changing business demands.
  • Compliance mandates, and emerging threats for strategic implementation of new IT security solutions.
  • Don’t have the capabilities to effectively monitor and manage the security infrastructure to ensure optimal utilization of current assets.
  • In-house IT staff spend far too much time on day-to-day operational security issues versus new strategic projects.
  • ACTIVE not REACTIVE: Depend on IT security tools and processes that provide a reactive, rather than proactive, approach to mitigating risk and minimizing data loss and downtime.

A SOC-as-a-Service helps you sleep better. We provide monitoring of your network and we review your network’s activity and detect anomalies. 24/7/365

We have trained certified cybersecurity engineers who can assess those anomalies and immediately alert you if something is amiss.

You benefit from our ability to use cutting edge tools, including Machine Learning/Artificial Intelligence, and our ability to stay on top of security trends, and from our security team’s expertise and experience. And you get this at a fraction of the cost you’d pay if you were to hire and build all the SOC elements yourself.

You don’t have the staff retention worries, the training costs, the purchase of bespoke tools and the maintenance of these tools. You have 24-7 monitoring and alerting with reviews of logs 8am – 6pm Mon- Fri.

  • We will investigate alerts using the latest techniques and alert you to any threats.
  • We can help you to remediate any issues and provide advice on how to prevent these issues from occurring
  • We believe in a People-Process – Technology approach – all three are needed to provide a quality service to our customers

The Technologies

What is a managed SIEM service?

SIEM technology is a combination of security event management (SEM) and security information management (SIM) technologies. It allows organizations to continuously monitor their on-premise and cloud IT infrastructure for threats and to provide the information needed to respond to attacks and to mitigate vulnerabilities.

CommSec has partnered with AlienVault to provide a world class managed Security Information and Event Management (SIEM) service organisations of all kinds in the Irish market.

AT&T CyberSecurity (AlienVault) SIEM technology collects logs and events from IT systems, devices and networks. We use this data to detect, categorize and analyse security incidents. The SIEM monitors threats in real-time and correlates events against the Open Threat Exchange (OTX – the world’s most authoritative open threat information sharing and analysis network).

What is a firewall?

A Firewall is a network security device that monitors, and filters incoming and outgoing network traffic based on an organization’s previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

Network firewalls are evolving to secure newer use cases, including cloud and sudden shift to growing remote workforce. Network firewalls can also offer additional capabilities, such as application awareness and control, intrusion detection and prevention, advanced malware detection, and logging and reporting.

We can install, configure, manage and support your firewall, whether on-premise or in the cloud. We deliver our resources, our expertise and our best in class change management, incident investigation and response management and integrated vendor support processes to ensure a fully effective firewall service protecting your network and services.

How Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) Work

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are both parts of the network infrastructure. IDS/IPS compare network packets to a cyberthreat database containing known signatures of cyberattacks — and flag any matching packets.

What is Anti-Malware?

An anti-malware is a software that protects the computer from malware such as spyware, adware, and worms. It scans the system for all types of malicious software that manage to reach the computer. An anti-malware program is one of the best tools to keep the computer and personal information protected.

An anti-malware is designed to eliminate malware from the computer. Although it has similarities with antivirus, an anti-malware program is different from antivirus. An anti-malware program has more advanced features and broader coverage. It addresses spyware, spam, and other threat issues that antivirus doesn’t.

What is vulnerability management?

Every year, thousands of new vulnerabilities are discovered, requiring organisations to patch operating systems (OS) and applications and reconfigure security settings throughout the entirety of their network environment. To proactively address vulnerabilities before they are utilised for a cyberattack, organisations serious about the security of their environment perform vulnerability management to provide the highest levels of security posture possible.

Vulnerability management is generally defined as the process of identifying, categorising, prioritising, and resolving vulnerabilities in operating systems (OS), enterprise applications (whether in the cloud or on-premises), browsers, and end-user applications. An ongoing process, vulnerability management seeks to continually identify vulnerabilities that can be remediated through patching and configuration of security settings.

 

What is identity and access management?

Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Systems used for IAM include single sign-on systems, two-factor authentication, multifactor authentication and privileged access management. These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared.

IAM systems can be deployed on premises, provided by a third-party vendor through a cloud-based subscription model or deployed in a hybrid model.

On a fundamental level, IAM encompasses the following components:

  • how individuals are identified in a system (understand the difference between identity management and authentication);
  • how roles are identified in a system and how they are assigned to individuals;
  • adding, removing and updating individuals and their roles in a system;
  • assigning levels of access to individuals or groups of individuals; and
  • protecting the sensitive data within the system and securing the system itself.

 

Interested in a Demo?

Get in Touch


Case Studies

...read more

Partners

...read more

Downloads

Terminology

SOC Security Operations Centre

SEM Security Event Management

SIM Security Information Management

SIEM SEM + SIM technologies

IDS Intrusion Detection Systems

IPS Intrusion Prevention Systems

USM Unified Security Management

OTX Open Threat Exchange.