Gone are the days when a good firewall along with anti-malware and anti-spam software were enough to keep your corporate computer network reasonably secure. The rapidly increasing sophistication and proliferation of cybercrime activity has elevated the threat to your network and data security to epidemic levels, with small organizations being targeted as often as large ones.
Ignoring these threats is not a wise choice. Doing so means it’s a matter of when, not if, you will suffer consequences which could include
- business disruption
- data corruption
- data loss
- data theft
- lost productivity
- lost profits
- loss of customer confidence
- damaged reputation
- legal issues.
One component of a strategy to address these threats is our ongoing Cyber Security Monitoring Service. This is available for different levels of monitoring.
The first level includes real time monitoring of your Active Directory Server. Real time alerts are generated on unusual activity allowing action to be taken in a timely fashion to resolve or prevent unwanted network activity. Monthly reports detail changes and activity. Failed login attempts, locked out accounts and new user creations are examples of reported activity. Alerts and reports are reviewed and irregularities investigated as part of this service.
The next level of monitoring adds your Firewall. This includes real time monitoring and email alerts of unusual activity. In addition, IP addresses with high intrusion attempts are blocked and countries know for intrusion attempts are blocked.
Monthly reports of firewall activity include:
- Network traffic reports (bandwidth, sessions, applications, services destinations, sources)
- Web traffic – top allowed categories & sites, top blocked categories and sites
- Top sources of blocked and allowed web requests
- Malware detections, targets, sources and history
- Botnet detections, targets, sources and history
- Intrusions detected, targets and sources
- Intrusion severities and history
- VPN events (IPSEC tunnels, SSL-VPN tunnels)
A further level of monitoring includes your File Server. Here we can track all changes to file objects in folders, sub-folders, shared folders (eg. file/folder created, copy & pasted, deleted, modified, permission changed). We can also track changes made to a particular type of file such as “.log” files.
Prior to implementing BSC’s Cyber Security Monitoring, an initial Cyber Security Assessment must be completed as a baseline report of the current state of your Cyber Security. Any areas needing remediation are addressed, followed by implementation of the chosen level of monitoring.
Today’s security best practices call for ongoing monitoring and maintenance of internal and external security, since networks are ever-changing. What was secure yesterday might be exploitable or have vulnerabilities today.