Protection, Detection & Control for Cyber Risks
Likened to a security guard, Patrol Services monitor all aspects of IT and behaviour to inform of change and risk as it appears in the business.
Within Information Security, a threat can only be considered a credible risk to the business if the organisation is vulnerable in the first instance and the threat is exposing that vulnerability. In other words, threats are only threats if they target a vulnerability within the organisation’s people, processes, IT estate or supply chain partners. To understand their Information Security risk profile an organisation needs to have knowledge of current operational IT behaviour and vulnerabilities, then it becomes possible to assess whether threats are capable of exposing risks. The Security Patrol range of services enables organisations to maintain such a posture.
The biggest risk to an organisation is the user; for material breach, an attacker needs to compromise a user and assume their privilege, an insider will abuse their privilege to access target assets. Both of these activities require monitoring and protection to mitigate their goals being achieved. User Patrol monitors access behaviour to corporate IT resources, device configurations, and password policies as well as providing protection for access control systems. In the event of suspicious activity, based on out of profile usage or evidence of known compromise, remedial action can be taken based upon policy.
Network communications entering, leaving and traversing an organisation’s estate are a source of important data; it tells us who and what is communicating with who and where and the type of data being transferred. Network Patrol detects Indicators of Compromise (IoC’s) such as unauthorised or clandestine network communications, user/device behaviours and file extractions.
Best practice posture and behaviour must be maintained and monitored; Policy Patrol does just that, broken into two services: 1. Build, Posture, Hygiene & Compliance Measures end point configurations, patch compliance and browser variance to detect deviation from gold standard. It also looks at malware existence and privilege misuse. 2. Data Loss Prevention Provides visibility into and protection against data loss through the browser or web, personal email, cloud storage and cloud applications.
Secrutiny Patrol ingests and processes alerts from all the patrol services providing a centralised Security Incident Management System. The service incorporates an Incident Response Toolset with forensic collection capability to validate alert severity and remove false positives while threat intelligence enriches alerts. Secrutiny Patrol can be extended to ingest other data sources such as existing security technologies and activity log repositories.