eBooks/eGuides

Critical_Detection_Capabilities

Issue link: https://insights.oneneck.com/i/1517356

Contents of this Issue

Navigation

Page 1 of 6

Critical Detection Capabilities Fortra.com Once data sources are established, the information must be refreshed on a regular basis. We accomplish this through a tailored recurring polling process. IT estates are dynamic and always evolving, requiring constant updates to ensure asset coverage remains consistently high. We recommend and help you set up rediscovery of new assets through polling at least once per day, and more frequent polling as needed to identify more granular changes in areas like asset configuration. Alert Logic presents this coverage through a topology map which allows you and our Security Operations Center (SOC) analysts to view assets, configuration details, and protection levels, then integrate the data in any event investigation. Vulnerability Assessment Once visibility is achieved, the next step is to identify and classify weaknesses that could be exploited by a bad actor. This is achieved through internal and external vulnerability scanning to identify exposures including known vulnerabilities, misconfigurations, password complexity, and many more. Our vulnerability library contains approximately 120,000 vulnerabilities which combines open source intelligence feeds and metadata from our 4000+ customers. Our team also provides guidance to ensure you achieve efficiency with configuration, scoping, and knowledge transfer. Outputs are available in multiple report options allowing your security staff to choose which report or set of reports works best for vulnerability management. We also offer remediation guidance and tuning assistance. Alert Logic is a PCI Approved Scanning Vendor (PCI ASV) and provides dedicated scanning and reporting to satisfy PCI compliance requirements with remediation assistance. Other compliance mandates available include HIPAA, HITRUST, and SOC2. Alert Logic continually assesses your AWS and Azure configurations by applying cloud configuration checks. The checks cover security best practices, drawing from multiple sources like the Center for Internet Security (CIS) and the cloud providers themselves. CIS results are available to you as separate, certified reports as well as a unified list including scanning vulnerabilities. Continuously Updated Threat Intelligence Cyberthreat intelligence plays a critical role in providing effective managed detection and response. It requires a combination of knowledge and expertise to add context to make data action- able. Our threat intelligence team works as an organized and coordinated group of experts across different areas. Following is a sample of the different Alert Logic roles: Malware Analysts — study what different types of malware samples do when they get executed to help prevent them from spreading Network Security Experts — analyze attacks at the network layer to create effective detection techniques Reverse Engineers — take apart software programs and focus on how a vulnerability works Vulnerability Researchers — study how vulnerabilities can be detected as quickly as possible Data Scientists — study large structured and unstructured data sets to improve data models that create actionable outcomes Security Architects — bring all the elements together so customers can achieve their security outcomes ASSET LOCATION DATA SOURCE DESCRIPTION AWS AWS API + CloudTrail Cloud asset discovery and log file delivery for analysis Azure Resources API Cloud asset discovery Data Center & Google Cloud Platform Alert Logic appliance Discovery using IP address range belonging to network Windows/Linux Alert Logic agent Provides host-level metadata updates We integrate these data sources within several types of deployments: This result is a one-stop-shop that provides you with vigilance 24/7, eliminates noise and false positives, and validates incidents with severity and remediation guidance. Page 2

Articles in this issue

Links on this page

Archives of this issue

view archives of eBooks/eGuides - Critical_Detection_Capabilities