
MANAGED DETECTION & RESPONSE (MDR)
Whatever the size and scope of your organisation, it can be difficult and expensive to find, and retain, the right expertise to maintain and develop your cyber security protection. More and more people are now deciding to outsource cyber security management to a specialist Managed Security Service Provider.
Utilising over twenty years experience, our Managed Detection & Response (MDR) approached is designed to be at the forefront of security services and ready to handle any cyber threats.
All of our solutions are bespoke to your organisation and business needs. If you are having difficulty finding the information you need or would prefer to chat through your specifications, you can call us on 01274 736 223. Alternatively, email us at info@ecsc.co.uk and we will be in touch as soon as possible.
Each ECSC solution is supported by 24/7/365 monitoring, alerting, and incident response services. See below for some of the services we offer.
We have all seen how a cyber security breach can cripple IT systems and affect organisations reputations, so when you suffer an incident it is crucial that you act immediately, calmly and involve specialists at the earliest opportunity.
What is Incident Response?
Incident Response is a methodology used for handling cyber security incidents' breaches and cyber threats. By having an Incident Response Plan in place, you will be able to:
- Investigate - understand the scope of the incident by thoroughly investigating the suspected breach, the exposure of data and why the incident occurred.
- Contain - prevent the incident from occurring again by securing the identified weakness. This could mean downtime while the incident is secured or some lost functionality in the short term to provide greater security.
- Recover - recover any lost data or system functions in order to operate again.
- Communicate - timely, accurate and detailed communications should be shared throughout the incident.
A well designed incident response plan allows you to effectively identify incidents, minimise damage and reduce the associated costs of a cyber attack in a timely manner.
If you are unsure on what steps to take or need some guidance, our 24/7 Incident Response service can provide rapid on-site support. Whether you are new to ECSC, an existing client, or have a guaranteed response retainer in place, you can call us now and speak to one of our experienced Security Engineers on 0844 3763 999 or complete our form here.
With organisations recognising that data, and its security, is their greatest asset and technology transforming the way we all do business, cyber security is of critical importance.
For all IT teams, cyber security technical challenges can be immense. Each year there are approximately 15,000 new technical vulnerabilities discovered worldwide, demonstrating that the risk environment is ever increasing. Having skilled and experienced personnel to understand new risks while continuously monitoring, improving and protecting your IT infrastructure has never been more important.
What is a SOC?
A Security Operations Centre is a centralised function within an organisation, or outsourced, that constantly monitors and improves an organisations security protection by detecting and responding to cyber security incidents. The latest SOCs use a combination of human and artificial intelligence technologies to apply expertise to vast quantities of system data.
In-house vs. Outsourced
In-house teams are often a way of reducing perceived expenditure and ensuring control over your systems. With the intelligence of attacks increasing, it is important to ensure that your in-house IT team is accurately staffed to provide SOC capabilities while supporting the other business functions you require. Critically, developing the essential 24/7/365 coverage is often the biggest challenge, especially where single country operations requires night-shifts to achieve this.
Outsourcing your cyber security, can provide clear roles and focus for your in-house IT team. While your outsourced team focuses on understanding the threat landscape, managing your specialist devices and services, and detecting events, your in-house IT team can focus their time on understanding your business IT service requirements, administering IT systems to deliver service uptime and interfacing with users, all without having to worry about whether your security is in-hand.
ECSC's Outsourced SOC Solution
Operating from our UK and Australian centres, we are able to provide support 24 hours of a day, 365 days of the year. We selected our locations on their trusted government and regulatory environment, and availability of highly skilled and qualified personnel.
Our solution is designed around three basic principles:
- Protect - the design and management of technologies to protect your networks and critical systems e.g. Web Application Firewalls.
- Detect - monitoring of security alerts, initial analysis and alerting your internal team and giving them advice, support and guidance e.g. SIEM and SOAR.
- Respond - escalation of important events to ECSC Incident Response Team, supporting you with incident management, investigations and external communications
Our SOC is designed to provide comprehensive cyber security protection, detection and response regardless of office hours, and utilises our cyber security expertise, combined with the latest Artificial Intelligence, to ensure organisations are secure.
As with all of our solutions, we offer bespoke solutions for each organisation, meaning each organisation will have a solution tailored to their business to ensure the appropriate level of protection.
If you would like to see our SOC in operation to understand how we work, email info@ecsc.co.uk.
What is SIEM?
SIEM is software which collates, logs and stores data generated by an organisations systems and networks in a central location. This is then used to provide analytical insight to monitor the security and integrity of your data. SIEM systems review the centralised data against a predefined set of rules in order to identify any 'events' which may have occurred and produce alerts and reports.
Do I need a SIEM solution?
Security of your data, and the continued operation of your IT systems, should be the priority of any organisation. Without this, the simple fact is you would not be able to operate.
As the world continues to become more connected, security threats have evolved and gone are the days when a firewall was sufficient protection. You will see regularly in the press about serious breaches, these are the tip of the iceberg with the majority of breaches going undetected or unreported.
Having a centralised location where all of your cyber security related data is gathered will allow you to identify risks, more effectively data mine, evidence robust security monitoring and enable you to react speedily if there was an incident.
A SIEM solution should always be in addition to your existing security solutions as it does not prevent an incident from occurring. SIEM software is simply the tool used to collate data and monitor based on a defined set of rules and does not perform any ongoing actions based on this information.
Evolution of SIEM to SOAR
The term Security Orchestration, Automation and Response (SOAR) is relatively new to the wider market but is something that we have been doing, here, at ECSC for more than a decade. SOAR is simply using the outputs from SIEM and other security solutions and taking the findings to the next level by adding a human element. Utilising experts, the data outputs are analysed to create actionable intelligence which either in-house staff can move forward or your outsourced team will resolve for you.
If you want to know more about SIEM & SOAR, you can download our free papers by clicking on the links below. Alternatively, we provide a free of charge webinar which explores the different type of solutions and how best to utilise your data whether it is simply SIEM software or full SOAR support. For more information, email info@ecsc.co.uk
What is NEBULA?
Using ECSC's advanced KEPLER AI technology, and the ECSC SOC, our in-house experts have developed NEBULA. The purpose of NEBULA is to support you to develop an effective SIEM or SOAR solution in the cloud. Taking logs from your traditional IT environments, remote workers and cloud systems, NEBULA gives you essential 24/7/365 detection, investigation and response capability.
How it works
NEBULA comes with a range of bespoke service options, and can work with all sizes of organisations and budgets. NEBULA integrates logs from a wide range of systems and platforms, including Microsoft (Office) 365, Azure, AWS, and Google Cloud, in addition to your more traditional IT environments.
NEBULA is designed to support a number of requirements set out by the various cyber security standards. The Information Commissioner's Office (ICO) also recognises the importance of breach detection by including it within their 'Security Outcomes' as a minimum requirement to be GDPR compliant, whilst also recommended by the National Cyber Security Centre (NCSC).
In summary Nebula:
- Can be delivered into any organisation with any technology and budget requirements
- Has a low cost of entry to ECSC's proprietary KEPLER Artificial Intelligence (AI) engine technology to identify breaches
- Has no long-term contract requirements
- Has a range of tailored options, including full 24/7 global SOC alerting and advice
- Includes expert configuration and ongoing tuning options
- Offers full 24/7 incident response
As well as offering solutions to support you through your PCI DSS assessment, we also provide managed services to ensure you meet your compliance obligations.
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) was first published in 2004 and and since then has undergone a series of revisions as technology, the threat landscape, and information security best practices have changed.
PCI DSS was introduced to help prevent increasing levels of Credit and Debit Card fraud. In the years since its introduction, card theft has become increasingly sophisticated and is now the domain of organised crime. The threat has not reduced; however, the introduction of improved security through PCI DSS has been a significant factor in managing the risk.
For organisations that handle payment card data, meeting all the requirements of PCI DSS is a significant challenge. Numerous technologies are available to outsource payment processing, which removes the need to meet many of these requirements. But, where this is not an option, it is extremely important to determine the areas of technology, policy and process to which the standard applies.
Managed Solutions
As a certified PCI DSS Managed Security Service Provider, we are ideally placed to help you solve your particular challenges and ensure you have a smooth route to compliance. ECSC was the UK's first 'PCI Cyber Security Level-1 Service Provider', and therefore has the longest experience available in the design, deployment, and management of managed IT security solutions that meet the requirements of PCI DSS.
Whether a retailer or service provider, ECSC can help you apply the PCI DSS efficiently, accelerate your route to full compliance, and help you prevent a costly breach.
As part of any ECSC PCI DSS managed security solution, an ECSC QSA takes responsibility for project compliance. This means you can be confident the solution meets the demands of the standard. You will need extensive management, monitoring and review processes with many of these needed to operate daily.
ECSC has built these processes, and operates them through our certified Security Operations Centre (SOC). You can visit our secure facility and see how we work. This is often an essential step in building a partnership with your existing IT team. As we advise many organisations, from small e-commerce start-ups to major banks, on their PCI DSS compliance, we are ideally placed to ensure that any managed solution meets your needs, delivering security protection and the complexity of compliance.
What is a firewall/WAF?
A firewall monitors incoming and outgoing network traffic and decides based on an established set of rules whether to allow or block traffic. The firewall is useful in blocking unwanted probes against your web server; for example, people trying to log into the server as an administrator. However, those attacks have largely disappeared.
Today, most attacks against web servers are through the mechanism of a 'valid' web request - but one carefully designed to hack the web server. The normal firewall simply lets them through, as they look like a valid request.
The WAF, or as it used to be called, an Intrusion Prevention System (IPS), looks inside each web request and checks against known suspicious content that could indicate a malicious attack. This is much more sophisticated than a traditional firewall, but also (if configured and managed correctly) very effective at blocking attacks.
Essentially firewalls are the gatekeeper to your data and your first line of defence.
Do I need a firewall/WAF?
Every business that has a network or accesses web based solutions should have a firewall as a means of basic protection. A firewall/WAF safeguards your data by protecting your servers from hackers.
Some of the benefits are:
- Protection from common attacks
- Affordable security
- Builds client trust and promotes privacy
- Monitors network traffic and prevents hacking
- Stops virus attacks
- Stops spyware
To learn more about WAF download our brochure 'Management Guide To Protecting Web Servers'.
What actually is phishing?
Phishing commonly tends to be an email that mimics a person or organisation that you know in order to convince you that the source is legitimate. The email will include a link to click, a file to download or ask you to perform a task with the aim of confidential data being shared or the hacker gaining access to your device.
Phishing attacks are often the starting point for wider security breaches as it enables the hacker to gain their first entry point into your network.
Hackers are constantly changing their approach and techniques to try and access your data. It is crucial that your polices, procedures and protection for phishing are reviewed and monitored regularly to make sure they are as effective as possible and reflect today's working world.
Most organisations conduct an annual 'tick-box' assessment that all staff are required to take, in an attempt to prove their awareness of phishing and meet certain compliance objectives. With the increasing regularity and sophistication of attacks, this is not sufficient and does not equate to good cyber security.
The ECSC approach to phishing
Preventing phishing is not easy. It requires experience, skill, and sustained effort, combining technical and people related defences and include the following stages:
- Email Filtering
- User Awareness
- Cyber Security Protection
- Incident Response
Email phishing attacks are now the most common form of cyber security breaches likely to impact your organisation, so rather than trying to and educate against all cyber risks, most of your awareness programmes should focus primarily on phishing.
The ECSC solution involves sending regular simulated phishing emails to your employees, to identify the users putting your organisation most at risk, meaning you can follow up with prompt further training. The solution allows all users to report what they perceive to be a phishing attempt, turning users from a vulnerability into a cyber security asset.
Depending upon the risks to your user environment and your internal cyber security expertise, we have a range of options available from DIY to a fully managed solution including Incident Response.