Managed Security Services (MSS)

Introduction

Budgets for technology spending are often constrained. Leading organisations are adopting ITSEC’s Managed Security Services (MSS) to keep the costs in control. Our MSS portfolio contains a variety of services to safeguard organisations’ information assets and sensitive data from the most severe cyber threats.

The cyber world is fast evolving. Measures to secure organisations are often lagging. In other words, organisations are more vulnerable to cyber attacks than ever before. Cybercriminals are looking for opportunities to exploit vulnerabilities. Organisations, regardless of their size, need to have a clear strategy to protect themselves from these threats. A comprehensive strategy includes regular monitoring, maintenance, auditing including security testing of their security management programs.

Businesses across many sectors are increasingly turning to ITSEC’s Managed Security Services (MSS). We help managing defence and response strategies for a variety of threats: customer data theft for example or targeted malware. Our service is particularly beneficial for organisations that have resource constraints and a shortage of skilled information security (IS) professionals.

ITSEC’s Managed Security Services (MSS) offers the following services:

  • Help to a full spectrum of information security requirements, including:
    • Managed Audits, Risk Assurance and Compliance.
    • Managed Enterprise Network Monitoring.
    • Managed Security Devices.
    • Log Management.
    • Vulnerability Management.
    • Endpoint Security Management.
    • Managed Security Staffing.
    • Managed Continuous Security Advisory.
  • Onsite consulting, perimeter management of organisations’ network, security monitoring, compliance monitoring, penetration testing, vulnerability assessment, as well as assistance in regulatory compliance.
  • Secured information systems, keeping organisations up-to-date on security, and dealing with new challenges.
  • Simplified business management by letting organisations focus on their core business while we fully manage their security proactively.
  • Streamlined technology budget resulting from control or reduction of technology and labour costs.
  • Security risk advisory and management of risks to organisational information assets.
  • Establishment of a security benchmark for future deliveries.

Managed Audits, Risk Assurance and Compliance

Information Security Audits

An information technology (IT) audit is the examination and evaluation of an organisation’s IT infrastructure, and their policies. The audit determines whether the existing IT controls protect corporate assets adequately. It ensures that data integrity aligns with the overall business goals and provides opportunities to improve.

On the other hand, an information security (IS) audit examines the maturity of information security in an organisation. IS auditing can have a broad scope. There are several types of IS audits: technical, physical, or even administrative. They all have different objectives and can require, among others, the examination of facilities and infrastructure.

With ITSEC’s expertise and proven record, organisations will successfully overcome the challenges of IS audits.

Some of the key benefits:

  • Help organisations to assess the objectives of the information security audits and their scope.
  • Help to frame a strategy, including defining the procedures to deal with audits.
  • Assistance in the identification of cybersecurity risks, including monitoring and control of organisational information assets.
  • Setting up a benchmark for delivering continuous improvements of audits.

Information Security Risk Assurance

ITSEC’s Information Security Risk Assurance service and associated workshops help enterprises identify risks and allow them to make the most of their security investments.

We determine flaws or gaps in organisations’ existing security policies, procedures, and controls in order to assist them with information security risk management. These international standards-based services for security, privacy, and continuity provide a proven basis for minimising business risks and maximising return on investments.

Transforming security and digital protection requires a measured and skilled approach. We help to protect organisations’ digital information infrastructure by mitigating risks and analysing evolving security compliance landscapes. To put the right security and privacy controls in place is crucial.

We can help enterprises define their strategy, to mature or to remediate gaps in their security systems.

Our risk assurance services can assist with:

  • Risk identification, management, and mitigation.
  • Risk assessment as to whether the level of organisations’ cybersecurity investment links to their business objectives.
  • Gap analysis as to the current state of organisations’ IS program for improvement.
  • Framing a business case for security managers in order to help them get their key stakeholders’ buy-in for enforcement of IS policies.
  • An assessment of whether organisations have the right controls in place.
  • Prioritisation of changes to technology and systems, review of operations, and implementation of evolving regulatory requirements.

ITSEC's information security compliance portfolio is a collection of services designed to create and adopt a security strategy that addresses the organisation’s key security risks. Consequently, we provide that the enterprises’ security function become adaptable to business performance drivers without an increased risk in compliance mandates.

We offer advisory and consulting services to help organisations assess their current state and implement the required changes.

We help organisations to adhere to the following compliance and regulatory frameworks:

ISO 27001 Implementation

The ISO/IEC 27000 family of standards helps organisations to keep information assets secure.

Using this family of standards will provide security of assets, such as financial information, intellectual property, employee details, or information entrusted to companies by third parties.

ISO/IEC 27001 is the best-known standard in its family, providing requirements for an information security management system (ISMS).

ITSEC has expertise in helping organisations to build robust and effective ISMS.

Peraturan Otoritas Jasa Keuangan (POJK) Compliance

Peraturan Otoritas Jasa Keuangan (POJK), or simply OJK, is the governing body of the financial services sector in the Republic of Indonesia. All financial institutions in Indonesia and their overseas entities are required by law to adhere to POJK’s compliance requirements.

ITSEC has over a decade of presence in Indonesia and is a leading service provider of information security, including security compliance. We can help organisations set up a compliance programme in accordance with the POJK regulations.

Payment Card Industry Data Security Standard (PCI DSS) Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations of any size that accept credit card payments from the major card schemes.

The PCI Standard is managed by the Payment Card Industry Security Standards Council. In order to protect credit card data, it enforces security controls by mandating organisations to comply with their rules.

Some of the PCI DSS rules require organisations to provide PCISSC evidence that the standards have been met throughout the year.

ITSEC can help organisations to perform a gap analysis. We also provide consulting on, and implementation of the ever-evolving PCI DSS compliance requirements.

The key benefits of the service are:

  • An assessment of organisations’ current state in relation to the PCI DSS requirements.
  • Gap analysis and consulting about how to continue to meet the compliance requirements.
  • Establishment of PCI DSS requirements and solution baselines for future references.
  • Secured networks, protected cardholder data, well-managed security program including IS policies.
  • Ability to remain on top of the ever-changing regulatory and compliance frameworks.

Threat and Vulnerability Risk Assessment (TVRA) Compliance

Threat and Vulnerability Risk Assessment (TVRA) is a method to identify cybersecurity threats to data centres. It explores operational weaknesses in data centres in order to determine the level and type of security that should be established to protect the facility.

In the financial services industry, the security requirements are amongst the most stringent. Various government bodies require the financial services providers to comply with local regulatory requirements. This can affect in many instances also foreign firms that are engaging in local business activities. This adds more complexities for businesses—locally and transnationally.

Financial institutions are often required to undergo TVRA assessment, such as auditing of data centres for security, evaluation of the safety controls, including hosted data centres, in order to demonstrate that their data centre assets meet the legal requirements.

The analysis of threats and vulnerabilities relating to data centres vary, depending on several factors: the criticality of a data centre, the geographic location, the tenant type, the potential impact from disasters, political environment, etc.

ITSEC can help organisations to comply with the requirements of protecting and safeguarding their technology assets with a risk-based approach TVRA. We apply the method to every asset individually depending on the elements that have to be assessed.

Our approach comprises different phases, such as the identification of perceived critical threats, a risk rating in terms of impact and probability, a detailed analysis of how such threats may impact asset directly or indirectly, and assistance in drafting a remediation plan within the constraints.

We deliver the following key services:

  • Vulnerability assessment.
  • Cataloguing of organisational IT resources, including assets and capabilities.
  • Identification of sources of greatest threats by assigning a risk-based quantifiable value and importance to the resources in order to highlight which configurable items are prone to the highest levels of threat.
  • Identification of the vulnerabilities or potential threats to each endpoint.
  • Mitigation or eradication of the severest vulnerabilities for the most valuable resources.

General Data Protection Regulation (GDPR) Compliance

The General Data Protection Regulation (GDPR) is binding on organisations processing personally identifiable information (PII) of individuals inside the European Union (EU).

The regulation applies to all enterprises that are conducting business in the European Economic Area. The GDPR provides rules in connection with transferring personal data outside of the EU.

Business processes in which personal data is handled require data protection by design and by default. Personal data must be stored using encryption, and the highest-possible privacy settings must be used by default. Data must not be available publicly without explicit consent.

ITSEC has the expertise to help organisations to comply with the requirements of GDPR.

Managed Enterprise Network Monitoring

ITSEC’s Managed Enterprise Monitoring service for corporates provides their entire security monitoring.

The following are the main areas of enterprise network monitoring:

Security Monitoring

It is imperative to identify events that pose a risk amongst a multitude of everyday transactions that take place in organisations’ network. This can be a difficult task.

Organisations often need security experts to monitor and review security logs, events, and alerts in order to detect any malicious activity quickly and effectively.

Log analysis in real-time and in bulk after storage requires special skills. It requires expertise to make sense of vast amounts of computer-generated records. A proper analysis of the records will assist within a security or audit compliance issues, digital forensics, security incident responses, or system troubleshooting.

Our Security Monitoring service covers the monitoring and analysis of organisations’ security logs and alerts. It is offered across virtually any security technology and critical information asset in an enterprise. The service helps to identify anomalies and provides a response to threats in real-time.

Regulatory compliance is facilitated when organisations can establish controls and generate digitally signed reports containing all the activity from across their environment.

ITSEC’s consultants map varying terminologies from different log sources into a uniform, normalised language to derive reports and statistics. A heterogeneous environment is created, in which the detection of failed processes, network outages, or protocol failures becomes easier.

Cloud Security Monitoring

Cloud computing allows ubiquitous access to shared pools of configurable system resources and higher-level services often over the Internet. The advantages are increased agility, flexibility, and optimised performance.

Un-monitored cloud logs can pose a threat to critical data and system security. Monitoring of these logs is therefore crucial.

Our cloud monitoring service increases organisations’ efficiency by identifying critical threats proactively.

Advanced Malware Protection and Detection (AMPD)

Our expert security consultants combine vast experience and advanced technology to help organisations dealing with targeted ‘zero-day’ threats.

Cybercriminals are using savvy methods in order to circumvent conventional security controls. A failing to detect vulnerabilities and response to threats is often based on an over-dependence on technology combined with a lack of experience.

Research by acclaimed industry experts supports the above statement. It has been revealed that the main reasons why organisations fail to prevent a security breach: the attack circumvented existing preventive security controls (65%) and lack of in- house expertise (35%). Cybercriminals are creating increasingly sophisticated malware designed to evade security defences, enter systems from an endpoint to the network and prey upon weak response measures. These ‘zero-day’ threats make malware harder to detect. Most organisations’ security teams often have not seen similar malware before and have no countermeasures in place to prevent the intrusion.

Since these new threats can compromise sensitive data, it is imperative that organisations have a solution that ensures the right technology, intelligence, and expertise are in place to detect and respond to advanced and evasive threats.

ITSEC’s Advanced Malware Protection and Detection (AMPD) service provides a top layer of defence against rising zero-day threats by inspecting enterprise emails, files, and web traffic. Upon detection of compromised patterns, our security consultants use the information gathered to analyse the events and to provide organisations with actionable data so that they can respond to the threat quickly.

The salient features of the service are:

  • Security monitoring by our team.
  • Real-time and historical visibility into enterprise network and specific data around attack vector.
  • A fully managed security service.
  • Full system emulation: detect a new class of malware designed to evade security controls.
  • Intelligence as a service: customised research with actionable insights to help organisations respond.
  • Accurate diagnosis: know what organisations are dealing with and how to react.
  • Accelerate response: get actionable data to reduce exposure to the malware threat.

Managed Security Devices

ITSEC’s Managed Security Devices service helps organisations streamline the management and monitoring of their firewall, Intrusion Detection System (IDS), and Intrusion Prevention System (IPS) devices.

Firewall Monitoring and Management

Firewalls that protect enterprise networks play a crucial role. They act on the front line of defence.

Security staff responsible for administering firewalls have a lot of responsibility. They have to ensure that only the right kind of traffic gets through when it should, and all the bad traffic gets blocked.

Firewall monitoring is a tedious task. It requires that security policies on firewall devices are continuously updated and that suitable controls are in place at all time.

Firewall administration and management is also resource-intensive and requires a high level of expertise. The potential risk of inadequate firewall management is high. Security policies and configurations on firewall devices must be updated regularly to ensure appropriate access controls are consistent with changing business environments. Monitoring of network firewall traffic must be in place to continuously identify and respond to threats before potential damage can occur.

Our Firewall Monitoring and Management service provides firewall administration, log monitoring, and response to security and device health events. Security and health events are correlated across organisations’ environment and analysed by our security consultants. Our consultants use global threat intelligence and have proven expertise in the assessment of threats. When a threat is detected, our experts respond immediately to counter the threat and protect organisations.

Intelligence gathered from our yearslong experience is continuously fed into the Firewall Management service in order to strengthen policies and analysis of firewall logs. We deliver a continuously improved service.

Organisations can depend on our Firewall Management service to reduce their costs of managing and monitoring firewalls in-house while complementing their security efforts with ITSEC’s proven expertise.

Our key services are:

  • Protection of systems and data through monitoring and detection of threats before the damage occurs.
  • Removal of the management and monitoring burden: free up resources and reduce overheads by leveraging our experts.
  • Supporting compliance initiatives: meet requirements for perimeter security, access control, and log analysis.

Managed Security Information and Event Management (SIEM)

A Security Information and Event Management (SIEM) solution contains two segments of security management: the Security Event Management (SEM) and the Security Information Management (SIM). The former provides for real-time event monitoring, correlation of events, and notifications. The latter takes care of storage, analysis, manipulation, and reporting of data collated by the SEM segment.

Many enterprises use SIEM systems to help detecting suspicious activity on their networks. However, to be effective, SIEM systems require a lot of expertise. A SIEM system can collect millions of security events per day, but many of these may be false positive alerts. Monitoring a SIEM system twenty four seven can be challenging. Furthermore, an adequate response to real threats needs to be available. If enterprise SIEM system does not get monitored correctly and actual threat-bearing events do not get actioned upon, a security breach is all but certain. A SIEM system’s correlation rules require constant maintenance and amendments. Many organisations fail to exploit SIEM systems fully because they do not have the expertise, the time, or the resources.

ITSEC’s security experts can help organisations fully manage their SIEM system to let them truly benefit from their investment in it.

We offer:

  • An increase in organisations’ capability in monitoring suspicious security events.
  • To ensure compliance with any regulation which requires adequacy of the security event monitoring process.
  • To allow cost cuts with our managed service at competitive rates.

Intrusion Protection System (IDP) and Intrusion Detection System (IDS) Management

Numerous security measures can be implemented to create an effective information security program, but there are two tools organisations shouldn't be without: Intrusion Prevention System (IPS) and Intrusion Detection System devices (IDS).

IPS/IDS devices need two things to provide a useful layer of security. The instruments must be tuned to the network they monitor and tuned-in to the latest threats.

To analyse big data and to know what action to take is difficult. IDS devices generate thousands of alerts daily, many of which are false positive results. Keeping the IPS/IDS devices tuned, up-to-date, and monitored appropriately can become a heavy burden especially given new emerging threats. Shifting this burden to a managed service staffed with security device experts can offer relief, along with improved insights that help organisations take the right action to remediate identified threats.

Enable a more efficient operation of the IDS/IPS by using our team of experts. We manage the maintenance, administration, and monitoring of the IDS/IPS in order to achieve another layer of excellent security.

If organisations are using Cisco, McAfee, Fortinet, Sourcefire, IBM, TippingPoint, Juniper devices, we can help them with a variety of tasks to ensure high performance, including:

  • Device provisioning and deployment.
  • Performance and availability management.
  • Device upgrades and patch management.
  • Policy and signature management.
  • Real-time threat monitoring and response.
  • Integrated intelligence.
  • On-demand security and compliance reporting.
  • Flexible co-management options.
  • Unlimited expert support.
  • Auditable and accurate change management.
  • Enterprise-class backup and recovery.

Our service includes:

  • Improving IDS/IPS effectiveness: expert signature tuning and device management in order to ensure that organisations get the maximum value out of their devices. We conduct extensive base-lining to tailor detection and alerting to their network.
  • Identification and response to threats faster: our security consultants monitor enterprise IDS/IPS alerts in real time. When a real threat gets identified, they alert immediately and help organisations to respond quickly.
  • Bolstering security with advanced intelligence: our visibility into billions of events per day enables us to identify and develop countermeasures for emerging threats. We correlate this intelligence with IDS events seen across our customer base and feed it back into our services to strengthen analysis.
  • Gain of visibility into security activity with regular reports that allow organisations to comply with the regulatory requirements easily.

Log Management

Every organisation, regardless of size, needs secure IT. However, to secure their infrastructure adequately from cyber threats requires knowledge of what transpires in their environment. To achieve that level of visibility, organisations need log management, a security control which addresses all system and network logs.

Many companies work with firewalls and Intrusion Protection Systems (IPS) and Intrusion Detection Systems (IDS). But often an important step is not included in their security management program—log management.

Almost every computing device generates logs. They often direct to different locations both on a local file system or remote servers. Implementing an active log management process is critical to assist in investigating security breach incidents.

Businesses need to collect logs over encrypted channels. Their log management solution should ideally come equipped with multiple means to obtain records. It should furthermore recommend the most reliable means of obtaining records.

With regards to log management system arrangement, organisations must consider the overall volume of logs and the geographical location of systems.

Log management deals with large volumes of computer-generated log messages, including audit records, audit trails, event logs. And it usually covers the following parameters:

Log Collection

By collecting and analysing logs, organisations can understand what transpires within their network. Log files can have the size of a few KB to few GB and contain many pieces of information, some of them might be invaluable. With appropriate analysis of this log data, organisations can identify intrusion attempts, misconfigured equipment, and more.

Log aggregation is an excellent way to bring together all logs into one location. It is critical to investigate all logs generated by all devices, and this is especially true if the locations and formats of these files are different.

There are various methods and tools organisations can employ to aggregate logs. Our experts can advise which method is most suitable for a particular organisation depending on their system architecture.

Log Storage, Rotation and Retention

When logs are collected, they also need to be preserved, compressed, encrypted, and stored. Especially large organisations need to critically analyse the functionality in their log management, so that a solution can be found as to where logs should be stored geographically. This will also help in achieving compliance requirements and ensure scalability.

Our consultants can help organisations to develop a strategy on log storage and retention that best fits their requirements.

Log Monitoring, Analysis and Reporting

It is imperative to identify events that pose a risk amongst a multitude of everyday transactions that take place in organisations’ network. This can be a difficult task.

Organisations often need security experts to monitor and review security logs, events, and alerts in order to detect any malicious activity quickly and effectively.

Log analysis in real-time and in bulk after storage requires special skills. It requires expertise to make sense of vast amounts of computer-generated records. A proper analysis of the records will assist within a security or audit compliance issues, digital forensics, security incident responses, or system troubleshooting.

Our Security Monitoring service covers the monitoring and analysis of organisations’ security logs and alerts. It is offered across virtually any security technology and critical information asset in an enterprise. The service helps to identify anomalies and provides a response to threats in real-time.

Regulatory compliance is facilitated when organisations can establish controls and generate digitally signed reports containing all the activity from across their environment.

ITSEC’s consultants map varying terminologies from different log sources into a uniform, normalised language to derive reports and statistics. A heterogeneous environment is created, in which the detection of failed processes, network outages, or protocol failures becomes easier.

Vulnerability Management

Vulnerability in organisational technology stack can be exploited by an attacker. Unauthorised actions can be performed within digital systems, and networks can be compromised. Vulnerability management refers to the practice of identifying, classifying and remediating vulnerabilities. This is crucial to ensure digital security.

Implementation defects and misconfigurations can lead to vulnerabilities. And their management requires expertise.

Our vulnerability management team helps organisations in eliminating administration and maintenance burdens. This allows organisations to focus on their core business.

The main components of this service are:

Vulnerability Scanning

Vulnerability scanning refers to the examination of the potential points of exploit on a network and the identification of security holes.

It is utilised for the identification and detection of vulnerabilities relating to misconfigured digital assets. This process can help classifying weaknesses in systems and assessing the effectiveness of countermeasures.

The higher the frequency of vulnerability scanning, the timelier the results.

Vulnerability scans can take a long time to complete which can be challenging for many organisations.

ITSEC’s Vulnerability Scanning service performs highly accurate internal and external scan audits across organisational information and digital assets, including network devices, servers, web applications, databases in on-premise and cloud environments, etc.

The service includes:

  • Identification of potentially exploitable vulnerabilities and information security risks and risk mitigation which also helps in meeting compliance requirements.
  • Tracking of the remediation workflow through a trouble-ticketing system.
  • High-quality vulnerability management delivery without the hardware, software and maintenance requirements of most scanning products.

Managed Web Application Scanning

ITSEC’s Managed Web Application Scanning service for corporates helps them in identifying potential security vulnerabilities and structural weaknesses in their web applications. It helps to discover, locate, and scan all of the exploitable configuration anomalies concerning web-based applications. The service enables an evaluation of web applications. Flaws that threaten online presence or the confidentiality of information will be identified.

The benefits of our service include automated testing and scanning of internal and external web applications, including complete assessment, vulnerability scanning, and identification. This will reduce costs and help organisations fulfil regulatory requirements.

Managed Policy Compliance

This service assists organisations to comply with the regulations and the demands of internal and external auditors.

Several regulatory requirements mandate the submission of evidence and supporting documents to demonstrate compliance in a time-bound manner.

Organisations must overcome the challenges of policy compliance, policy implementation, policy enforcement, as well as the management of exceptions to policies.

ITSEC’s Managed Policy Compliance service provides ready-to-use, Center for Internet Security (CIS) based policies. These policies include several thousand checks and serve as benchmarks to test enterprise environments. The service provides over 14000 checks to choose from—covering operating systems and databases as well as user-defined controls.

The solution provides enterprises with an actionable dashboard showing hosts, controls, technologies, and automated reporting where they can schedule detailed reports or configure for distribution.

Key services include:

  • Reliable and securely stored data not subject to manipulation.
  • Scalable deployment as the SaaS model eliminates costly and time- consuming build out.
  • An agent-less solution, configuring compliance is easy preventing issues with data sources.
  • Adherence to compliance, controls are mapped directly to popular frameworks and regulations.

PCI Scanning

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations of any size that accept credit card payments from the major card schemes.

The PCI Standard is managed by the Payment Card Industry Security Standards Council. In order to protect credit card data, it enforces security controls by mandating organisations to comply with their rules.

Some of the PCI DSS rules require organisations to provide PCISSC evidence that the standards have been met throughout the year.

ITSEC can help organisations to perform a gap analysis. We also provide consulting on, and implementation of the ever-evolving PCI DSS compliance requirements.

The key benefits of the service are:

  • Assessment of enterprises’ current state in relation to the PCI DSS requirements.
  • Gap analysis and consulting about how to continue to meet the compliance requirements.
  • Establishment of PCI DSS requirements and solution baselines for future references.
  • Secured networks, protected cardholder data, well-managed security program including IS policies.
  • Ability to remain on top of the ever-changing regulatory and compliance frameworks.

Threat and Vulnerability Risk Assessment (TVRA) Compliance

Threat and Vulnerability Risk Assessment (TVRA) is a method to identify cybersecurity threats to data centres. It explores operational weaknesses in data centres in order to determine the level and type of security that should be established to protect the facility.

In the financial services industry, the security requirements are amongst the most stringent. Various government bodies require the financial services providers to comply with local regulatory requirements. This can affect in many instances also foreign firms that are engaging in local business activities. This adds more complexities for businesses—locally and transnationally.

Financial institutions are often required to undergo TVRA assessment, such as auditing of data centres for security, evaluation of the safety controls, including hosted data centres, in order to demonstrate that their data centre assets meet the legal requirements.

The analysis of threats and vulnerabilities relating to data centres vary, depending on several factors: the criticality of a data centre, the geographic location, the tenant type, the potential impact from disasters, political environment, etc.

ITSEC can help organisations to comply with the requirements of protecting and safeguarding their technology assets with a risk-based approach TVRA. We apply the method to every asset individually depending on the elements that have to be assessed.

Our approach comprises different phases, such as the identification of perceived critical threats, a risk rating in terms of impact and probability, a detailed analysis of how such threats may impact asset directly or indirectly, and assistance in drafting a remediation plan within the constraints.

We deliver the following key services:

  • Vulnerability assessment.
  • Cataloguing of organisational IT resources, including assets and capabilities.
  • Identification of sources of greatest threats by assigning a risk-based quantifiable value and importance to the resources in order to highlight which configurable items are prone to the highest levels of threat.
  • Identification of the vulnerabilities or potential threats to each endpoint.
  • Mitigation or eradication of the severest vulnerabilities for the most valuable resources.

Vulnerability Threat Prioritisation

Best practice for vulnerability management is integrating organisations’ internal vulnerability scanning with external threat feeds. This ensures the setting of a real- world context when finding and remediating vulnerabilities. However, this is easier said than done. There is no simple way to bring together scan data and threat intelligence. The task requires hours of work to analyse, integrate, and prioritise.

ITSEC’s Vulnerability Threat Prioritisation service correlates organisations’ internal scan data with external Internet threats data. User vulnerability data is analysed in order to monitor, measure, and prioritise vulnerability remediation across organisations’ environments. The results of our findings, including risk posture visualisations, are displayed within a dedicated business intelligence dashboard. A consolidated, intelligent view of organisations’ scan data, asset data, patch data, penetration data, and other data is presented through our Client Portal.

The Vulnerability Threat Prioritisation service is accessible through our Client Portal.

Key benefits include:

  • Threat identification: scans can be set up to run automatically or on demand.
  • Asset prioritisation: discover which threats are most severe and how to resolve quickly.
  • Intelligence-driven defence: leverages our research team to stay ahead of the threats.
  • Real-time view of risk: Risk Meters provide a consolidated view of threats in real time.

Endpoint Security Management

Endpoint security is an approach to protect computer networks that bridge remotely to client devices. The connection of laptops, tablets, mobile phones, and other wireless devices to corporate systems create attack paths for security threats. Endpoint security attempts to ensure that such devices follow a certain level of compliance with standards.

Both client-server and SaaS models can fall within the purview of endpoint security management processes.

ITSEC’s managed portfolio for endpoint security include the following:

Advanced Endpoint Threat Prevention (AETP)

ITSEC’s Advanced Endpoint Threat Prevention (AETP) service is a preventative approach to defend against attacks. It takes a different stance from Advanced Endpoint Threat Detection and Response (AETD) service which aims at detection of threats and providing a response.

Traditional antivirus software is often inefficient to counter the challenges of today. There is an increasing number of alerts that require actions before attackers succeed to compromise organisations. Less than half of network security alerts are reliable and less than a quarter get analysed further.

Next-generation antivirus technology has been purpose-built to address today’s evolving cyber threat landscape better. Instead of using easily avoidable signatures, they take a system-centric view to identify and stop known and unknown threats more efficiently. Such cybersecurity solutions can be used to replace or enhance enterprises’ traditional antivirus set up.

ITSEC can recommend best strategy and solution suitable for organisations.

Advanced Endpoint Threat Detection (AETD)

ITSEC’s Advanced Endpoint Threat Detection (AETD) service is driven by attentive monitoring of endpoint activity by our security consultants. It provides real-time threat intelligence and provides visibility and interpretation of all of the data across a networks’ endpoints that are often the entry points for advanced threats. This can reduce the time to detect and the effort to respond to all types of threats.

Since the methods used by cybercriminals are getting more and more savvy, if organisations adopt our managed AETD service they will have complete peace of mind.

The main benefits to organisations are:

  • Monitoring and earliest possible warning and escalation of system outputs by our security analysts for advanced threats.
  • Reception of information about the compromised endpoints in enterprises’ network at the earliest.
  • The wholly managed service provides peace of mind as we make continuous changes to the software with the intelligence gathered from our expertise.
  • Remediation advisory is provided to eliminate the threat.
  • Gains from a quick incident detection and remediation results in cost savings.

ITSEC frequently dispenses AETD service in conjunction with Advanced Endpoint Threat Detection and Response (AEDR) service, or as part of a Managed Detection and Response (MDR) service, or as part of Managed Security Services (MSS) package which provides comprehensive organisational information security solutions.

Advanced Endpoint Threat Detection and Response (AEDR)

As organisations increase in size and expand beyond borders, they become increasingly susceptible to advanced threats emanating from compromised endpoints.

ITSEC helps organisations to meet the endpoint challenge. Endpoint Threat Detection and Response (EDR) is an emerging method that utilises the tools mainly used in detecting and investigating suspicious activities on a networks’ endpoints. The service helps to address the required monitoring of endpoints and network events.

An EDR solution requires the installation of an agent on each endpoint. This will allow the recording and storing of endpoint events including, tracking processes, registry alterations, file system activity, and network connections. The recorded information is stored in a central database where further analysis, detection, investigation, reporting, and alerting take place.

Certain analytics tools facilitate the ongoing monitoring and detection processes. They identify tasks that can improve the overall state of security by deflecting common attacks and promoting early identification of ongoing attacks. This includes insider threats and external attacks. The tools also enable a rapid response to detected attacks.

Not all EDR tools work in precisely the same manner or offer the same spectrum of capabilities. Whereas some EDR tools perform more analysis on the agent, others perform more analysis on the backend via a management console. The different tools can also vary in the collection timing and scope or in their ability to integrate with threat intelligence providers. However, all EDR tools perform the same essential functions with the same purpose—to provide means for continuous monitoring and analysis to more enhance the identification, detection, and prevention of advanced threats.

ITSEC frequently dispenses AEDR as part of a Managed Detection and Response (MDR) service or as part of a Managed Security Services (MSS) package which provides comprehensive organisational information security solutions.

Managed Detection and Response (MDR)—A Combined Solution

Prevention alone is not sufficient. Malicious actors are continuously adapting their techniques, tactics, and procedures (TTP) to evade controls put in place by organisations. The longer it takes to detect and respond to threats, the higher the risk and costs to remediation.

Depending on the size, organisations’ network comprises a variety of devices, including computers, servers, and mobile devices. These devices are often used as entry points for cybercriminals. From there they intrude networks profoundly and unnoticed.

Endpoint Detection and Response (EDR) is an excellent tool for threat analysis. It exposes severe blind spots for threat telemetry, especially when combined with a Security Information and Event Management (SIEM) solution.

ITSEC’s Managed Detection and Response (MDR) service leverages on Endpoint Detection and Response (EDR) in combination with appropriate Security Information and Event Management (SIEM) solution to expose momentous blind spots for threat telemetry and helps organisations meet the endpoint challenge.

Our fully managed MDR service helps increase the efficiency of organisations’ security system. It aids in early anticipation, detection, disruption, response, eradication, and root cause analysis (RCA) of threats and attacks. And it delivers a more effective endpoint or asset security while organisations can focus on their core businesses.

The main benefits to organisations are:

  • Getting insights into threat intelligence tailored to their environment, including vulnerability analysis, remediation recommendations; Advanced Endpoint Threat Detection (AETD); security event monitoring; cloud security monitoring; server monitoring.
  • Gaining visibility across the organisation, from endpoint to network and into the cloud, and widened view of the threat landscape.
  • Getting to know exactly where the issues are and where to focus as we pinpoint malicious activity in a sea of alerts on helping their security team.
  • Identification of the full scope of a threat and how to remove the breach.
  • Fully managed service that takes care of endpoint threat detection and response including security monitoring and escalation gives them complete peace of mind.

ITSEC frequently dispenses the MDR service as part of a Managed Security Services (MSS) package which provides a comprehensive organisational information security solution.

Managed Security Staffing

Information security is at the at the core of our interest.

It is often difficult for organisations to find the right personnel to support their security operations. The costs of dealing with cybercrime are mounting, and the pool of cybersecurity experts is small. An increasing number of employers are using temporary or contract staffing in the cybersecurity domain on an ongoing basis. Temporary or contract staffing helps to provide cover for their day to day security operations as well as short-term, medium-term, and long-term security projects.

ITSEC has been partnering with many multinational companies across different industries. We deliver high-quality information security staff depending on the precise requirements of organisations.

Relying on our talent network, we can bring excellent cybersecurity workforce solutions to organisations. We guide businesses with our expertise in dispensing flexible staffing services, including temporary and permanent solutions.

Our consultants stand out from the competition as they benefit from our expertise, including having access to our proprietary cybersecurity research and technical artefacts. They participate regularly in training and knowledge sharing sessions within our group and can pass on the gained advantage back to our clients.

We will continue to meet the evolving demands of flexible cybersecurity workforce solutions—both on a permanent or temporary basis. Our solutions will be tailored to organisations’ exact business requirements.

Managed Continuous Security Advisory

With ITSEC’s Continuous Security Advisory service, organisations learn the industry best practices about information security and benefit from our exceptional expertise.

Our advisory service spans over the entire business and information security lifecycle. It encompasses people, processes, and technology services in order to provide strategic clarity, process optimisation, organisational readiness, and governance support.

We guide businesses through the implementation of the right security policies, processes, architecture, and the workforce.

Our security advisory service provides organisations with cost-effective access to the expertise they need. We enable that organisations can benefit from innovation and advanced technologies while not being affected by the threats these technologies can impose.