Network Threat Detection

A network threat detection service must provide the capabilities to ensure continuous monitoring, in order to detect the threats bypassing the preventive security controls. The types of attacks seen today can appear very advanced, but often they are easily identified by monitoring the network traffic.

We offer the following deliverables within this service:

  • Hotline Support: day to day troubleshooting and support
  • Professional Services: implementing threat detection in your network
  • Managed Services: A fully managed threat detection service
  • Solutions: best of breed products integrated to fit your demands

 

Services

Hotline

When things get complicated, we will support you and provide direct access to the vendor support.

Hotline is available via email, phone and the customer portal.Response time is defined by the SLA you attach to the agreement:

  • 8 x 5 x 4
  • 24 x 7 x 4

Professional

Analysis & Design
Years of experiences reviewing existing infrastructures, and providing an optimized network design

Implement & Configure
If you buy the solution, we can do more than a simple Rack & Stack. We will support throughout the deployment and deliver a detailed set of system documentation.

Deployments are always performed by combining best practices from the vendor with our own experiences.

Typically we can estimate deployments beforehand and are delivered using fixed pricing. We have the following deployment options available:

  • Small: 15 hours
  • Medium: 50 hours
  • Large: 100 hours

Managed

Secu Network Threat Detection
Fully hosted and managed threat detection service, by utilizing Tenable SecurityCenter, Tenable Network Monitor and LCE.

Requires a virtual system on-premise and a site2site VPN connection.

On-Premise Network Threat Detection
RSA Netwitness for Logs & Packets

Technologies

RSA

RSA Netwitness for Packets differentiates by performing full packet capture and is unique for incident response and threat detections.

Key Benefits:

  • Extensive visibility across logs and packets to find the threats that matter most
  • Prioritized alerts enhanced with business and security context in real-time
  • Faster analysis with real-time sessionized data capture and indexed metadata
  • Secure cloud networks (AWS and Azure) with flexible hybrid or all cloud deployments
  • Expose lateral movement and Command and Control (C2) and see early signs of threats
  • Reconstruct suspicious emails, websites and more to see what really transpired
  • More completely understand the full scope of the attack across your network with the RSA Logs and Packets
     

Read more here.

Tenable

Tenable Network Monitor identifies vulnerabilities and compromised systems. No packet capture capabilities.

Key Benefits:

  • Eliminates Critical Blind Spots
  • Monitors Everywhere
  • Continuous Visibility
  • Asset Discovery
  • Immediate Vulnerability Detection
  • Suspicious Traffic Identification
     

See more here.

All solutions can be combined with Symantec (Blue Coat) SSL Visibility appliance, in order to obtain visibility into encrypted sessions.

Fortinet

Fortinet’s flagship FortiGate security appliances deliver ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet’s broad product line of complementary solutions goes beyond UTM to help secure the extended enterprise – from endpoints, to the perimeter and the core, including databases and applications.