Cyber Threat Management
Information Technology and security management have become an area of expense and complexity. Organizations are concerned with the current state of their information security program and have aggressively sought out ways to help them in protecting the confidentiality, integrity, and availability of their data. It is difficult for an organization to track and address all potential threats and vulnerabilities as well as attack patterns, intruder tools, and current best security practices.
Packet Security is able to obtain advance warning of new vulnerabilities and gain early access to information on countermeasures. As computer attack patterns shift and threats to networks changes and grows almost daily, it is critical that organizations achieve reliable information security.
As a Managed Security Service Provider (MSSP), we offer the flexibility to support the needs of any company, big or small. Whether you are a looking to supplement your existing security team or have a dedicated partner for all of your security needs Packet Security is here to help.
Packet Security’s Cyber Threat Management Program includes the following services:
- Threat and Vulnerability Management
- Industry Reports
- Incident Response & Investigation
- IDS vendor Coordination
- Service Management and control
- Annual Security Strategy Refresh
- Dashboard & Trend Analysis
- Advanced Persistent Threat Management
- Patch management program
In addition to the above services, PacketSecurity offers a robust monitoring solution that utilizes a unified security management platform that accelerates and simplifies threat detection, incident response, and compliance management for your on-premises, cloud, and hybrid cloud environments. Our solution delivers support for Amazon Web Services, Microsoft Azure Cloud, Microsoft Hyper-V, and VMWare ESXi -- providing you a comprehensive solution for managing security across your public and private cloud infrastructure.
Whether large or small, all organizations need complete visibility to perform the following activities:
- Detect emerging threats across their environments
- Respond quickly to incidents and conduct thorough investigations
- Measure, manage, and report on compliance (PCI, HIPAA, ISO, and more)
- Optimize existing security investments and reduce risk
- Detect Ransomware
Our solution delivers complete security visibility by providing the five essential security capabilities in one unified platform, controlled by a single management console:
- Asset Discovery - active and passive network discovery
- Vulnerability Assessment – active network scanning, continuous vulnerability monitoring
- Intrusion Detection - network and host IDS, file integrity monitoring
- Behavioral Monitoring - netflow analysis, service availability monitoring
- SIEM - log management, event correlation, analysis, and reporting
Our Threat Intelligence subscription maximizes the effectiveness of any security monitoring program by providing regularly updated correlation directives, intrusion detection signatures, response guidance, and much more. These constant updates enable the SIEM platform to analyze the mountain of event data from all of your data sources, and tell you exactly what are the most important threats facing your network right now, and what to do about them.
Our threat experts spend endless hours analyzing and scrutinizing the latest exploits, malware strains, attack techniques, and malicious IPs. We incorporate this expertise into our extensive and growing library of customizable correlation directives that ship with the platform, eliminating the need for you to conduct your own research and write your own correlation rules, giving you the ability to detect and respond to threats on day one.
PacketSecurity also provides the ability to monitor additional solutions with your cloud devices.
Google applications are used on a daily basis by many teams. With our solution you can monitor and detect threats against your G SUITE account directly. It collects log data directly from the G SUITE Activity API and looks for anomalies by leveraging built in threat intelligence.
- G Suite Security Monitoring Gives You Security & Compliance Assurance
- Apply Threat Intelligence to Your G Suite Events
- Centralized Visibility of your Entire Security Posture
- Retain Logs Beyond 180 Days for Compliance
What is Monitored
- File Access & Sharing
- Administrative Changes
- Ransomware Detection
- User & Admin Access/Login Activities
Our solution enables security orchestration between the SIEM and Carbon Black Cb Protection and Cb Response. Once an intrusion or threat is detected, you can manually or automatically trigger a response action towards Carbon Black, providing the ability to isolate the compromised or infected device.
- You Can Automate Incident Response Activities to Work Faster and Smarter
- Helps You to Isolate Infected Devices Quicker
How It Works
- The SIEM collects and analyzes events from Cb Protection and Cb Response via the Syslog server.
- The SIEM identifies host or network activity that indicates a compromised endpoint, such as a server infected by malware, and generates an alarm.
- Based on the alarm, you can either trigger a manual action or create an automated orchestration rule to send the compromised endpoint’s IP address to Cb Response.
- Cb Response uses the IP address to isolate the endpoint involved in the alarm from the rest of your environment.
Our solution gives you the ability to have closed loop threat detection and automated response with your Palo-Alto Networks (PAN) Next Generation Firewall (NGFW) products. The SIEM collects and analyzes inbound PAN-NGFW log data and cross correlates that information with other network, application, system and device logs. The SIEM also monitors outbound traffic and when a malicious IP address is detected, it can automate a response to the PAN-NGFW letting it know to block the IP address or take additional actions.
- Monitor Your IPS + IDS Activities in a Single Pane of Glass
- You Can Automate Incident Response Activities to Smarter and Work Faster
How it Works
- Automated Response - You can create an orchestration rule in USM Anywhere that will “tag” an IP address and send it to a PAN-NGFW to block that IP. You can “tag” the following: Alarm Destination IP, Event Destination IP, Event Source IP and Alarm Source IP
- Manual Action Response - Even if you do not have a rule defined to automate the automatic action response towards the Palo-Alto, you can manually trigger an action to the PAN-NGFW in response on any alarm.
Okta is an enterprise-grade, identity management service. With Okta, IT can manage any employee's access to any application or device. Our SIEM enables you to monitor user activities and detect threats against your Okta account. It monitors users’ single sign-on (SSO) and multi-factor authentication (MFA) Okta activities, helping you to safeguard user credentials through early threat detection and rapid response.
- Supports Your Identity & Access Management (IAM) Security
- Helps identify and detect threats against your OKTA account
How it Works
- The SIEM collects and analyzes data through the Okta API, including authentication events, user profile updates, and changes to your Okta account. Our unique Okta plugin parses the API data and generates events in USM Anywhere.
- If the SIEM detects an anomalous or suspicious event, such as user sign on from a known malicious host, it raises an alarm, letting you know what to investigate.
- The SIEM has a pre-built, interactive dashboard for Okta that summarizes authentication events and failures, so you can quickly identify anomalies and drill down to investigate—all within USM Anywhere
Our SIEM now allows you to open new ServiceNow incident tickets directly from the interface in response to vulnerabilities, events, and alarms. Tickets automatically populate the relevant details about incident, and allow you to add other comments or info.
- Makes It More Efficient and Less Error-Prone to Open Incident Response Tickets
- Helps You to Reduce Your Time to Remediation
- Automates Your Incident Response Workflow
How it Works
From the SIEM , you can create a new ServiceNow incident ticket in response to any event, alarm, or vulnerability. You can automate this with orchestration rules, or you can manually trigger ticket creation.
- Automate Ticket Creation with Orchestration Rules - You can create an orchestration rule in the SIEM that will automatically create a new ServiceNow incident ticket based on any defined event.
- Manually Open a Ticket on Any Vulnerability, Alarm, or Event - You can manually open a ServiceNow ticket on any vulnerability, alarm, or event in the SIEM
Ransomware growing to be a top security concern for organizations today whether big or small. Malicious threat actors continue to develop new techniques and strategies to manipulate victims into downloading and installing the ransomware on their systems. Many IT and Security teams are not equipped to detect and respond to these threats. You can detect Ransomware with both of our Cloud & On-Premise monitoring solutions.
Ransomware is simply a type of malware that encrypts files on a system. The files are then inaccessible until a ransom is paid in exchange for a decryption key. Given the complexity and variety of new ransomware threats emerging daily, it can be difficult for IT teams of any size to figure out how to detect ransomware and respond to it while managing the rest of their cybersecurity needs.
Our solution provides advanced detection for new threat actors that are distributing ransomware. When and IP address or a URL is visited, the system will generate an alarm and provide drill down details into the attack.