Awareness & Response
It is not hyperbole to say that the computer security environment has changed dramatically over the past few years. Almost daily, the media report a new data breach, web site defacement, Denial-of-Service attack, or new zero-day threat.
Here are some points to consider:
- There are 200,000–300,000 new viruses created every day.
- In a recent analysis, 23% of organizations reported a web-related data or system breach.
- Mobile devices now outsell personal computers, are difficult to manage, and are vulnerable to exploits.
The security practices from several years ago, such as emplacement of firewalls and anti-virus systems, no longer provide adequate protection from current threats. Our experience has shown that the best approach for today’s threat environment is to have robust Awareness & Response capabilities. At MRETEC, we assume this two-pronged approach: “Something will happen – and will we detect it?”; and “Are we ready to respond?”
We can provide that approach to your organization via these methods:
Intrusion Detection Systems (IDS)
An Intrusion Detection System continuously monitors your network and hosts for known bad behavior and alerts your security team when attacks or suspicious actions are detected. An IDS provides a component of an organization’s “defense-in-depth”, and is usually required for regulatory compliance. We have expertise in the design, deployment, and operations of Intrusion Detection Systems, including Snort®, sguil, Snorby, Security Onion, and OSSEC.
Data Capture and Analytics
Networks process vast amounts of data that can quickly overwhelm traditional network monitoring tools. Detecting and capturing all the elements of an attack requires Big Data tools and analytics that can handle Big Data’s Three V’s: Volume, Variety, and Velocity. These tools provide the capture, analytics, and reporting capabilities needed to detect and track an attack from start-to-finish. We can assist your organization with the development and deployment of a Big Data Awareness solution, including:
- Analysis of existing network traffic and behavior
- Data Capture, Storage, and Retention requirements
- Integrated solutions for Analytics, Search, and Reporting
Incident Response (IR)
We approach Incident Response with a mind-set of “An incident will happen.”; and “Is an organization ready to counteract an incident or breach?” In practice, the best approach is to have the technology, teams, and procedures in place today. We can provide your organization with IR capabilities to include:
- IR Policy
- IR Procedures
- Definition of an Incident, Severity Ranking, Awareness/Monitoring tools, Team Structure, Escalation Procedures, Containment, Eradication, and Reporting
Active Defense is an advanced capability to consider for Response. An Active Defense can take many forms; for example, it may be configured to slow down or confuse an attacker’s probes, or it could include an attempt to counter attack and compromise the attacker. This is an emerging area, and each organization will need to carefully evaluate the options for Active Defense and select an appropriate strategy. We can assist you with this decision and help you design and deploy a solution.