While not everyone is subject to compliance standards such as PCI and HIPAA, we’re all concerned with security. The adoption of cloud, an increasingly mobile workforce, and a vast increase in mobile devices have greatly expanded the number of entry points that can pose a risk to your data.
Understanding the challenges
Gathering data from firewalls, anti-virus agents, and security logs from hundreds of devices is by itself a substantial task. Analyzing this data is yet another hurdle, and when an attack is in progress, it’s imperative to act quickly.
To add yet another layer of complexity, some attacks are subtle and can easily go unnoticed. For example, an attacker could gain unauthorized access to a mailbox and simply gather intelligence without taking any action. Confidential communication would be immediately accessible, allowing the attacker to craft credible communication to finance, human resources, executives, or even partners of the organization for personal gain.
Introducing RocketCyber SOC
Complete IT has partnered with RocketCyber to combat this threat, which provides advanced detection and response capabilities to stop sophisticated cyber threats. RocketCyber’s security operation center (SOC) detects malicious activity across three critical attack vectors: endpoints, network, and cloud. This gives us real-time, comprehensive insight into the security of a customer’s entire organization.
The most important benefits are easily summarized:
- It improves our awareness by gathering operating system, cloud, and network device audit logs that are monitored 24 x 7 for suspicious activity.
- It improves our ability to triage security incidents effectively by allowing us to automate the process of isolating infected computers from the network. This quickly halts the spread of malicious code, while still allowing us to retain remote access for remediation.
- It leverages RocketCyber’s continually evolving threat awareness to effectively detect and combat new exploits and attack methods as they become known.
Responding to threats
When an incident occurs, the RocketCyber SOC will begin investigation within minutes of detection and will provide updates to Complete IT within the timeframes provided below:
| Identified issue and response time (Detection / Notification / Action) | |
|---|---|
| System breached or attack in progress. | 1 Min / 5 Min / 10 Min |
| AV quarantine action failed, O365 forwarding rules detected, O365 Successful login from other countries detected. | 1 Min / 5 Min / 10 Min |
| Unusual activity, but no breach by malicious party was detected. | 2 Min / 10 Min / As Needed |
| System is showing failed logon attempts or other events generated by customer network systems or users and not part of a cybersecurity threat. | 2 Min / 10 Min / As Needed |
| No effect on the system – informational data only which may be useful for investigation. | 5 Min / As Needed / As Needed |
Additional information
These capabilities go beyond simple log monitoring to provide a comprehensive security solution that we are proud to now offer. For full details, please review the PDF provided below, or reach out to us with any questions you may have!
— The Complete IT Team
