Why do I need Patrol Services?
- Policy violation.
- Internal bad practice or misuse.
- Increased susceptibility due to build or configuration weaknesses.
- External attack.
- Third party misuse or bad practice.
- Unauthorised or suspicious user behaviour.
- Targeted intrusion and insider.
What are the Patrol Services?
Network communications entering, leaving and traversing an organisation are a source of important real time data; it informs who is communicating what to where. Therefore, forms a mandatory information feed for detection, investigation and validation of potential threats.
Network Patrol can also assist in identification through vulnerabilities being exploited, such as, inadvertent or malicious human actions or data breach due to systems being compromised.
Today organisations face a catch-22: you want to allow cloud communication and collaboration services as they can increase productivity and efficiency but by doing so, the risk of loss of sensitive data increases significantly.
Data Loss Prevention (DLP) policy and good practice behaviour must be maintained and monitored to limit the risk of Data Loss or Sabotage; the Policy Patrol Component does just that.
The biggest risk to an organisation is the user; for material breach, an attacker needs to compromise a user and assume the privilege given for their credentials, while an insider will abuse their privilege to access target assets. To mitigate these goals being achieved monitoring of access behaviour is required.
In the event of an alert of suspicious activity based on out of profile usage or evidence of known compromise the User Patrol Component can take remedial action based upon policy to block the activity or access or request re-authentication of the user.
No Endpoint Protection Technology provides a fool proof solution. Endpoint Patrol augments protective technologies by alerting on unusual behaviour, which can signify misuse or breach, and changes to posture, which can increase susceptibility to attack such as Operating System, Productivity Applications and Antivirus build variance and patch compliance.
The Control Panel is Secrutiny’s centralised security incident management system with advanced alert validation and forensic investigation toolset to confirm alert severity and remove false positives along with threat intelligence to enrich alerts. Alerts generated from the Service Components are processed through an orchestration engine which ensures that the appropriate response playbooks are applied.
For a 360o view, the Patrol Services can be extended with the ingestion of other data sources such as existing security technologies, activity log repositories and finance systems.