EC Computers, in partnership with CSA, has an agile, responsive team of highly skilled certified Cyber Security Analysts to help your business monitor and report on threats and mitigate cyber risk.

‘Investigating unreliable alerts wastes two-thirds of staff time while actual breaches go undetected an average of 146 days. You must be on constant lookout for security threats lurking in your network traffic – managed detection and response gives you actionable insight when it counts.’ Gartner's 2018 Intrusion Detection and Prevention Systems Magic Quadrant

There are four key areas where EC Computers can assist businesses like yours:

1. Threat Monitoring and Detection

We offer ongoing threat monitoring and detection that ensures cyber threats are identified in real time. Our solution promotes timely notification for clients of potential vulnerabilities as they are discovered as well as how to address the identified issues. The service is delivered by Cyber Analysts who monitor the activity across a client’s network, cross-referencing any suspicious activity against a Threat Intelligence Database and a continuously updated rule set which triggers alerts for potentially suspicious activities.

Hardware Requirements

The requirements for the solution involve the installation of our service on each end point device which will then send log files for analysis in real time. The service is device-agnostic, can be installed regardless of location, and will not impact the performance of the device.

Threat Assessment

Our analysts work through vast reams of data to sift out and identify real threats, as well as noting false positives, a task that would be close to impossible for a company’s IT team. The clear benefit of this is that an IT department can focus on dealing with real threats and breaches, rather than trying (and usually failing) to identify which threats are real, and which can be ignored. Triggered alerts are classified on a scale of threat severity, from P1 (highest) to P4 (lowest). Minor threats will be sent through to the client on a monthly basis, and severe threats are sent through immediately. Analysts will advise customers on how to neutralise or mitigate threats that have been identified, as well as assisting with incident reports and forensic investigations.

In addition, the log files that are captured as part of our service are stored for 90 days so even if the log files are deleted in an attack, they are still accessible so the extent of the attack can be determined and all areas that have been compromised can be checked.

Monitoring is considered one of the ten steps to cyber security as published by the National Cyber Security Centre (NCSC).

“System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Good monitoring is essential in order to effectively respond to attacks. In addition, monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies. Monitoring is often a key capability needed to comply with legal or regulatory requirements.”

2. SOC as a Service

In partnership with CSA, we offer a range of Managed and Virtual Security Operations Centre (SOC) services that can be adapted to suit the needs of the customer. This solution works for organisations that don’t want to run their own SOC in-house due to the prohibitive costs and staff challenges that they present.

For many organisations, ‘SOC as a Service’ is a more effective, affordable alternative and can either be a managed SOC, or a virtual SOC.

Managed SOC

This is an end-to-end solution which frees up an organisation’s IT department to spend their time on addressing identified threats. Most companies fail to identify genuine threats timeously and are thus unable to prevent attackers from gaining a foothold. Because our analysts have experience in dealing with the full spectrum of threat intelligence and cyber reconnaissance allowing them to finetune their tools and responses to cyber threats.

Virtual SOC

A virtual SOC is owned by the client, but the platform is set-up and managed by our analysts. We have experience working with leading SIEM (Security Information and Event Management) platforms, and if required, can assist with recommendations on platform purchase and configuration. Our virtual services are available 24/7 or can be customised to work out of hours dovetailing with a company’s internal team.

3. Threat Reconnaissance Reports

The process of reconnaissance helps organisations to understand the threats they face and to take proactive steps to mitigate those threats (as well as satisfying compliance requirements). We offer two different reconnaissance reports that firstly, identify the digital footprint of an organisation and secondly, the type of data that would be gathered during the reconnaissance phase of a cyber-attack. The reports include useful insights and actionable information that will help an organisation mitigate cyber, reputational and commercial risks.

The Two Types of Reconnaissance Reports

Risks Identified in Reconnaissance Reports

These are:

Data Used in Reconnaissance Reports

The data employed in the reports includes open source feeds (such as search engines and social networks), closed source feeds (paid-for and closed invitation) as well as the Dark Web to gather intelligence.

4. Threat Protection

In partnership with CSA, we act as a Managed Security Services Provider (MSSP) for the UK. Using AppGuard capabilities, processes that access endpoints or servers are stopped unless they are allowed. This ensures that all malicious software, whether known or unknown, is blocked. It works differently to anti-virus and anti-malware software as it does not rely on signatures for updates, and it will block zero-day attacks.