There are four key areas where EC Computers can assist businesses like yours:
We offer ongoing threat monitoring and detection that ensures cyber threats are identified in real time. Our solution promotes timely notification for clients of potential vulnerabilities as they are discovered as well as how to address the identified issues. The service is delivered by Cyber Analysts who monitor the activity across a client’s network, cross-referencing any suspicious activity against a Threat Intelligence Database and a continuously updated rule set which triggers alerts for potentially suspicious activities.
The requirements for the solution involve the installation of our service on each end point device which will then send log files for analysis in real time. The service is device-agnostic, can be installed regardless of location, and will not impact the performance of the device.
Our analysts work through vast reams of data to sift out and identify real threats, as well as noting false positives, a task that would be close to impossible for a company’s IT team. The clear benefit of this is that an IT department can focus on dealing with real threats and breaches, rather than trying (and usually failing) to identify which threats are real, and which can be ignored. Triggered alerts are classified on a scale of threat severity, from P1 (highest) to P4 (lowest). Minor threats will be sent through to the client on a monthly basis, and severe threats are sent through immediately. Analysts will advise customers on how to neutralise or mitigate threats that have been identified, as well as assisting with incident reports and forensic investigations.
In addition, the log files that are captured as part of our service are stored for 90 days so even if the log files are deleted in an attack, they are still accessible so the extent of the attack can be determined and all areas that have been compromised can be checked.
Monitoring is considered one of the ten steps to cyber security as published by the National Cyber Security Centre (NCSC).
“System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Good monitoring is essential in order to effectively respond to attacks. In addition, monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies. Monitoring is often a key capability needed to comply with legal or regulatory requirements.”
In partnership with CSA, we offer a range of Managed and Virtual Security Operations Centre (SOC) services that can be adapted to suit the needs of the customer. This solution works for organisations that don’t want to run their own SOC in-house due to the prohibitive costs and staff challenges that they present.
For many organisations, ‘SOC as a Service’ is a more effective, affordable alternative and can either be a managed SOC, or a virtual SOC.
This is an end-to-end solution which frees up an organisation’s IT department to spend their time on addressing identified threats. Most companies fail to identify genuine threats timeously and are thus unable to prevent attackers from gaining a foothold. Because our analysts have experience in dealing with the full spectrum of threat intelligence and cyber reconnaissance allowing them to finetune their tools and responses to cyber threats.
A virtual SOC is owned by the client, but the platform is set-up and managed by our analysts. We have experience working with leading SIEM (Security Information and Event Management) platforms, and if required, can assist with recommendations on platform purchase and configuration. Our virtual services are available 24/7 or can be customised to work out of hours dovetailing with a company’s internal team.
The process of reconnaissance helps organisations to understand the threats they face and to take proactive steps to mitigate those threats (as well as satisfying compliance requirements). We offer two different reconnaissance reports that firstly, identify the digital footprint of an organisation and secondly, the type of data that would be gathered during the reconnaissance phase of a cyber-attack. The reports include useful insights and actionable information that will help an organisation mitigate cyber, reputational and commercial risks.
The data employed in the reports includes open source feeds (such as search engines and social networks), closed source feeds (paid-for and closed invitation) as well as the Dark Web to gather intelligence.
In partnership with CSA, we act as a Managed Security Services Provider (MSSP) for the UK. Using AppGuard capabilities, processes that access endpoints or servers are stopped unless they are allowed. This ensures that all malicious software, whether known or unknown, is blocked. It works differently to anti-virus and anti-malware software as it does not rely on signatures for updates, and it will block zero-day attacks.