Identify threats targeting your on-premise and cloud networks
Detecting and responding to threats targeting your organisation’s network security is a highly specialist and resource-intensive process. To be truly effective, network security monitoring not only demands the latest technology to capture event data from your cloud and on-premise environments, it also requires expert personnel with the skills and availability to analyse and triage security incidents around-the-clock.
ThreatDetect™, Redscan’s Managed Detection and Response service, provides the essential capabilities needed to eliminate wide-ranging threats from across your network. By providing complete visibility of assets and network event data, and delivering latest threat intelligence updates and detailed remediation guidance, ThreatDetect reduces the complexity of network security monitoring.
Threats and IOCs identified by our ThreatDetect Network monitoring service:
Command & Control (CS2) activity
Unauthorised authentication attempts
Web server attacks
Malware infections (including botnets, Trojans, rootkits, and more)
Offered as part of our monthly network security solution
Asset Discovery & Inventory
Network scanning provides visibility of all IP-enabled assets across your physical, virtual and cloud environments in order to identify trusted and unauthorised devices. Information supplied about each asset includes what services are installed, how they’re configured and whether any active threats are being executed against them.
ThreatDetect Network includes Cloud-based intrusion detection (CIDS), Network-based intrusion detection (NIDS), and Host-based intrusion detection (HIDS) systems. These are installed and optimised by our qualified Cyber Security Operations centre analysts to monitor your organisation’s traffic and hosts to identify anomalous activity. IDS data is correlated with other sources of security information to provide increased threat visibility.
Managed vulnerability scanning uses the latest signatures to provide visibility of network security risks, such as use of weak credentials and unpatched or out-of-date operating systems and software. Scan results are carefully analysed by our ThreatDetect CSOC analysts to provide actionable remediation advice.
For deeper security analysis, our CSOC team conduct data packet capture and network flow analysis to identify threats and trends relating to protocols, hosts and bandwidth usage. Combining network flow data with asset inventory and event data enables us to facilitate swifter incident response.
Correlation of Network Events
Correlation directives are policy rules that link together events and raise an alert when specific threats or behaviours are identified. By including managed Security Information and Event Management (SIEM) as part of our ThreatDetect network security solution, Redscan’s CSOC team ensure that systems are optimised with new correlation rules to detect the latest threats and minimise the volume of false positives.
For enhanced protection against cyber threats, add Endpoint Detection and Response (EDR) to your monthly ThreatDetect service.
ThreatDetect EDR monitors your organisation’s endpoints, including desktops, laptops and servers in order to hunt for hidden threats, minimise the dwell time of attacks and quickly isolate infected systems.