IT Monitoring: Enterprises at any scale are seeking more and more sophisticated solutions in the decision-making process of where and when to protect critical assets.

Although statistical and analytical prediction models and technical security tools are deployed across the multiple layers of the enterprise architecture, such as firewalls, DoS, IDS/IPS (network perimeter), EDR or end point protection software (endpoint or host level), identity management or multi-level authentication controls (user level) etc, these controls are not always successful in predicting, detecting or preventing multi-faceted threat behavior. Adversaries keep evolving their tactics and techniques orchestrating reconnaissance or phishing attacks with malware execution (e.g. ransomware attacks), exploitation of vulnerabilities and lateral movements causing data breach, downtime of production systems, and several other risks. Real time detection and prevention of threats and risks related to cybercrime activity, insider threats or inadvertent actions remains a foundational step for many enterprises today.

Benefits

Conventional IT security approaches have limitations in terms of scale, network-wide monitoring and resources for analyzing millions of data on daily basis. On the other hand, threat analytics and big data technologies combined with threat intelligence are able to identify the source of the attack at the beginning of the adversary action, perform user and system profiling for detecting unusual behavior, baselining of network traffic to identify irregularities, vulnerabilities management and more. The identification and prevention of such risks requires high detection speed, accuracy and adaptation to different attack intensities. Yet, enterprises may not always afford the investment cost to 24×7 on-premise monitoring of their infrastructure or to hire threat analysts with incident response skills. Obrela’s Managed Detection and Response (MDR) service can instead support real-time monitoring and analysis of security event data correlated to non-transactional data of core IT applications, systems and networks empowering a multi-layer security intelligence approach. Obrela’s IT Monitoring solution integrated with our MDR service provides enterprises with a turnkey threat detection and response service that significantly reduces the mean time to detect and respond to attacks in their IT and network infrastructure.

Key Features

Obrela’s Managed Detection & Response (MDR) service combines collective intelligence practices and methods with leading edge security analytics and sophisticated risk management technology to identify, analyze, predict and prevent cyber-security threats in real time. Thread detection analytics, an integral part of the MDR service, collect and analyze structured and unstructured security related data from multiple systems, network devices and other critical assets, generating valuable intelligence for new, emerging and advanced security threats. Obrela’s SOC, also an integral part of the MDR service, staffed by threat analysts with IT monitoring expertise provides 24×7 monitoring, incident escalation as soon as a threat is validated providing to the customers MITRE-like recommendations for fast and effective security incident response.

Obrela’s IT monitoring capabilities include:

• Monitoring of systems’ and applications’ non-transactional events of hundreds of vendors and products covering certain log categories related to authentication, authorization and account management, system standard configuration and administration actions, system standard errors, auditing configuration, data auditing, security equipment events, networked activity, and custom application activity.
• Large number of use cases and correlation rules which address, on top of systems’ and applications’ events, normal to advanced security threats and non-compliance issues related to Web Protection, Account/Privilege Management and Misuse, Mail Protection, Remote Access Tools, Malware and Ransomware attacks, Process and Command Level Monitoring, Privileged User Monitoring, Advanced Persistent Threats, Configuration Management, VPN Activity, DDoS Identification, Proxy/Web Filtering evaluation and others. The authoring of the use cases is influenced by industry practices and methodologies (e.g. MITRE, OWASP, SANS, OBRELA Security Labs, etc).
• Industry/infrastructure specific use cases and correlation rules which identify threats and security implications that target the business operation. Utilizing logs from custom or specialized applications related to financial institutions, online merchant, manufacturing, telco and other domains, special analytics uniquely combine technical information with domain-specific logs or transactional data.
• Network Perimeter Analytics which allow the collection and processing of huge amounts of network log data analyzing behavior and identifying suspicious and out-of-the-ordinary communications.
• User Activity Analytics which help organizations to achieve compliance and implement a solid security oversight providing complete visibility of all critical user/system account activity by linking the user, role and group information in active directory and identity management systems with the actual activity logs across the whole enterprise.
• Exposure analytics which allow automatic modelling and analysis of vulnerability scan metadata into “Vulnerability” related indicators and contributing to a risk-based prioritization approach of attack.
• Compliance Analytics which provide a comprehensive system for the implementation, assessment and monitoring of control effectiveness, including access control changes, administrative activity, log-in monitoring, as well as change and risk management.
• Crimeware & APT Analytics which provide a deep methodology against advanced persistence threats taking advantage of the collected Cyber Threat Intelligence, Real-Time Sandbox Execution and Correlation engine to process and identify indicators at any stage of the APT Lifecycle.
• Web Resource analytics which enable the assessment of the integrity and availability of web resources, in order to identify and respond in-time to scenarios such as Defacements, Misconfigurations / Errors, Client-Side Malware, Sensitive Data Disclosure, Unauthorized Content Modification.

Obrela Factor

Obrela’s Threat Detection Analytics enable advanced and in-depth analysis of large amounts of log data from multiple system and network log sources leveraging threat intelligence, expert rules and advance security analytics algorithms to reveal abnormal or suspicious behavior and patterns. Alert management capabilities enhance 24×7 monitoring to detect threats as soon as possible triggering meaningful alerts and security response procedures.

Our clients are offered the advantage of fast integration to Obrela’s Managed Detection & Response (MDR) service and day one visibility of security threats in their enterprise environment. Clients can build on top customized processes and procedures for risk compliance and incident response plans.

If you are interested in a quote please email or give us a call at +44 (0) 203 397 8723