Managed Security Services

No business or organisation with a computer network is immune from the threat of data breaches, unauthorised access, and malicious activities performed from INSIDE the firewall. In fact, more than 70% of all cyber-security incidents were the result of internal security issues that no firewall, anti-virus, or malware device could have prevented.

These attacks do not just take place against large, well-known corporations. While those are the big stories that make the evening news, 60% of all cybersecurity incidents happen to small companies.

70%

of all cyber-security incidents were the result of internal security issues that no firewall, anti-virus, or malware device could have prevented.

60%

of all cyber-security incidents happen to small companies. 60% of these hacked SMB’s go out of business within 6 months

89%

of businesses are vulnerable to insider threats, yet most focus on protecting against external threats.

95%

of data breach victims do not have a system in place to self-detect data breaches or the required knowledge of how to deal with the incident

To combat these problems, Complete Cloud Solutions have a managed service to help organisations gain insights and confidence into what is happening within their environments.

At the heart of the solution is the Network Detective Detector SDS, which is effective at identifying a wide range of internal cyber-security threats and generating a daily email alert or internal ticket of anything suspicious it discovers.

As a stand-alone software appliance, a Detector SDS is attached to your organisations network and configured to run a daily internal cyber-security scan.
The Detector SDS’ proprietary scanning technology is non-intrusive, but it does a deep dive through the network in search of anomalous user behaviours, along with unexpected changes to network settings, configurations, assets, and other types of internal threats.

Examples of typical internal threats that Detector SDS can discover include:

  • Unauthorized logins or attempts to restricted computers
  • New user profiles suddenly added to the network
  • Applications just installed on a locked down system
  • Unauthorized wireless connections to the network
  • New users just granted administrative rights
  • Unusual midnight log-in for the first time by a day-time worker
  • Sensitive personal data such as credit card numbers, social security numbers and birth dates stored on machines where it doesn’t belong

In addition to the daily alerts, the Detector SDS will automatically issue a weekly notice. Weekly notices contain some information that daily alerts do not, such as new wireless networks, DNS changes, and switch-port connection changes. These notices can be saved and used for reporting or archived for future threat analysis.

 

The Bronze Level is an introductory tier that is provided to everyone free of charge.

When potential threats are detected, your company is emailed first to allow you to triage the problem internally. Should you need any assistance with this, Complete Cloud Solutions will be available to escalate the problem to their subject matter experts on a time and material billing basis.

The alerts that are part of the Bronze Level are access control related and bring a higher degree of network awareness to your organisation.

The basic policy set, which is pre-configured in the Bronze Level Service:

Monitor Access Controls to allow you to:

  • Restrict access to accounting computers to authorised users
  • Restrict access to business owner computers to authorised users
  • Authorise new devices to be added to restricted networks
  • Restrict IT administrative access to minimum necessary
  • Strictly control the addition of new users to the domain
  • Strictly control the addition of new local computer administrators
  • Authorise new devices to be added to restricted networks

Through monitoring, organisations can gain much more awareness on what is happening within their environment to allow greater control without restricting users from doing their day to day activities.

This plan level addresses the most basic security:

  1. Improper administrative access
  2. Improper access to computers with sensitive information
  3. Lack of change control leading to rogue users and systems on the network

Similar to the Bronze Level plan, the Silver Level adds additional alerts which are configured to be sent to your internal technicians directly. These alerts are designed to help prevent configuration drift and allow companies to get ahead of potential issues that could lead to increased cost and risk within their environment.

The policies shown denote the incremental detection protocols covered by the Silver Level service, above and beyond those included in the Bronze Levels:

Monitor Access Controls to allow you to:

  • Restrict access to IT admin only restricted computers to IT administrators
  • Restrict users that are not authorized to log into multiple computer systems
  • Users should only access authorised systems
  • Only connect to authorised printers

Monitor Computers to allow you to:

  • Install critical patches on network computers within 30 days

Monitor Network Security to allow you to:

  • Only connect to authorised wireless networks

This plan level addresses the most common security vulnerabilities:

  1. Inadequate or no perimeter defence
  2. Inadequate patching to prevent vulnerabilities
  3. Improper administrative access
  4. Improper access to computers with sensitive information
  5. Lack of change control leading to rogue users and systems on the network

The Gold Level internal cyber-security offering is considerably more comprehensive. The configurations for this service plan cover a more comprehensive set of security issues, and deliver enhanced security by incorporating internal vulnerabilities scans.

The policies shown denote the incremental detection protocols covered by the Gold Level service, above and beyond those included in the Bronze and Silver Levels:

Monitor Access Control to allow you to:

  • Investigate suspicious logons to computers
  • Investigate suspicious logons by users
  • Only connect to authorised printers

Monitor Computers to allow you to:

  • Changes on locked down computers should be strictly controlled
  • Restrict Internet access for computers that are not authorised to access the Internet directly
  • Install critical patches for DMZ computers within 30 days

Monitor Network Security to allow you to:

  • Only connect to authorised wireless networks
  • Remediate high severity internal vulnerabilities immediately (CVSS > 7.0)

This plan level addresses a large array of additional security weaknesses and follows best practices dictated by security frameworks like the NIST 800-171 for detection.

  1. Lack of change control on specific high value systems
  2. Limiting or restricting Internet access on high value systems
  3. Detect and remediate internal network vulnerabilities
  4. Identify and investigate suspicious user behaviour

The Platinum Level internal cyber-security offering offers top end internal cyber-security services that focuses on clients whose lines of business deal with highly sensitive data and strict IT compliance requirements.

Typically, this would be any covered entity in the health care field, any client involved with financial services, and any with an e-commerce site, retail operation, or where financial transactions pass through the organisation’s networks.

Again, the more comprehensive policy set comes already pre-configured in the Detector SDS Platinum Level Service. The policies shown denote the incremental detection protocols covered by the Platinum Level service, above and beyond those included in the Bronze, Silver and Gold Levels:

Monitor Access Controls to allow you to:

  • Restrict access to computers containing ePHI to authorized users
  • Restrict access to systems in the cardholder data environment (CDE) to authorized users

Monitor Network Security to allow you to:

  • Remediate medium severity internal vulnerabilities (CVSS > 4.0)
  • Detect network changes to internal wireless networks
  • Detect network changes to internal networks

The Platinum plan builds upon the Silver and Gold plans and increases the level of detection to the standard required for standards such as PCI and HIPAA. The plan is designed to address the proactive detection requirements by these security frameworks and addresses the issues below, which adds unique compliance-level auditing:

  1. Compliance-level auditing