With our Managed Security Services launch, we now have the ability to help customers not only recover their data after a security incident, but also to provide services so customers can defend against those attacks. We’ve been big fans of the NIST Cybersecurity Framework for a long time, and are truly excited to be able to bring solutions to customers and partners so that they can complete the circle of protecting their data.
There are four managed security services 11:11 Systems provides, all of which are mature, proven solutions built on the strengths of excellent partners like Fortinet and Coda Intelligence.
Continuous Risk Scanning (CRS)
To start defending data, customers need to first identify where the vulnerabilities in the environment are and the relative risk to critical data. To do this we’ve partnered with Coda Intelligence to create a service that can scan customer environments both internally and externally to track vulnerabilities. The 11:11 Systems Security Operations Center (SOC) works with every new customer to identify and prioritize their systems based on how accessible they are, how critical they are to the business, and how they interact with each other. Then, initial scans are conducted and used to establish a baseline of the risk that each system presents in their environment.
Reports can then be run to identify vulnerabilities based on the context of the customer’s environment, rather than an arbitrary ranking based on the generic Common Vulnerabilities and Exposure (CVE) score. This context also utilizes cybersecurity intelligence that tracks which vulnerabilities are being exploited in the wild. This focus on risk instead of just vulnerabilities results in customers receiving a report that will maximize their limited time to patch without worrying about the thousands of vulnerabilities discovered each year that go unexploited.
Security is an ever evolving landscape, so scans of the customer’s environment occur on a regular basis, providing continuous updates on the risk of their environment as new vulnerabilities are discovered, new systems are brought online, and new exploits are released. These scans can be conducted remotely for an external perspective and/or internally to give customers an understanding of their risk if malicious activity starts inside the protected network. The 11:11 SOC is there to help provide regular analysis of these reports and alerts, and to provide recommendations to further improve the customer’s security posture.
In order to fully protect an environment, the movement of data in and out of the network needs to be properly monitored and secured. To do this, we have partnered with Fortinet to utilize their FortiGate next-generation firewall, which provides advanced threat protection that goes beyond searching for signatures to also look for behaviors that may indicate suspicious activity. Some of these threats include:
● Network-based malware
● Intrusion detection
● End-user based attacks
Once detected, all of the associated traffic can be blocked to reduce or eliminate the impact of the incident. This intelligent detection and protection can be communicated across a distributed network of FortiGate devices. This helps ensure similar activity in other locations can be detected and stopped. Additionally, traffic flow between sites and the internet can be monitored and adjusted to optimize network performance.
All of this is completely managed by the 11:11 SOC in consultation with the customer. Customers have full visibility into how data is being handled, but don’t need to worry about maintaining the firewalls or the rules that manage data flow. Regular reports are generated and analyzed by the 11:11 SOC and are then provided to the customer with recommendations for any adjustments.
Managed Security Information and Event Management (SIEM)
Being able to detect an active threat in the environment requires the analysis of an extraordinary amount of data. Because we’re leveraging Fortinet’s FortiSIEM solutions, we can help customers detect threats from across the infrastructure by cross-referencing events on disparate systems that would never be identified by manual means.
At its most basic level, a SIEM is a centralized logging system, but the addition of automated analysis across all the systems makes it possible to identify threats and creates contextual and actionable alerts that cut down on the noise usually associated with monitoring systems. Storing all logs in a single unified location also eases the burden of incident analysis after a security event and can help with many compliance requirements.
The 11:11 SOC will monitor these alerts and help customers identify what is worth reacting to and how best to react. They will then follow up to tune the system to reduce the noise of unimportant alerts and ensure customers see only the alerts they want to see at the time and place they want to see them.
Managed Endpoint Detect and Response (EDR)
Time is the most critical asset when it is time to respond to a security threat. The best place to enact this response is in the place where users and data live. To do this, we again partnered with Fortinet to utilize their FortiEDR product, which provides agent-based visibility and analysis on customer’s endpoints, while maintaining centralized control and threat intelligence updates.
The agents has a constantly updated engine that uses both signatures and behavioral analysis to detect malicious activity and immediately react by blocking process execution or placing systems into quarantine when necessary. A wide compatibility with the agent covers laptops, desktops, mobile devices, and servers in order to cut down on reaction time as much as possible.
Every new customer starts in “observation-only” mode to establish a baseline for typical user behavior. Based on this baseline, the 11:11 SOC will work with the customer to define rules based on general best practices and the customer’s specific needs before turning the agents fully on. Centralized reporting will then be available and used by the 11:11 SOC to analyze trends and highlight observed risks to the customer.
Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS)
Sometimes all the best defenses will fail, at which point every customer will need to recover either individual pieces of data or the entire environment. Partnering with companies like Veeam and Zerto, has allowed iland to provide services like Secure Cloud BaaS and Secure Cloud DRaaS for years, and have consistently given customers award-winning “last line of defense” capabilities for protecting their data.
There are no guarantees in life or in IT, but with multiple layers of defense that include advanced technology and an experienced security operations team, customers can be assured their data is well taken care of. The purpose of the NIST Cybersecurity Framework was to help organizations ensure they had the proper tools in place to identify risks, protect from threats, detect attacks, respond to malicious activities, and recover from contamination within their environment. By combining managed security services, cloud backup, and cloud recovery under one banner 11:11 Systems can help customers of all sizes to achieve enterprise-level protect of their data across all of these stages of data security.