It is vital to your business to differentiate between technology that enables the detection of unauthorized activity and a full managed network surveillance program that includes constant intervention of cybersecurity professionals like Abacode’s Cyber Lorica. The managed network surveillance platform is a tool that when properly configured, operated, and maintained, will enable the organization to detect attacks. Managed network surveillance requires human intelligence and human decision making to analyze the attacks and determine the proper course of action or response that should be enacted to protect the organization.
Managed Network Surveillance Technologies
Abacode’s Cyber Lorica combines an Intrusion Detection System (IDS), a Security Incident and Event Management (SIEM) system, Vulnerability Scanning technology with additional Mobile Device Management (MDM) capabilities, custom built security, and open source solutions in a platform that is monitored 24 hours a day, 7 days a week by cybersecurity experts. The type of managed network surveillance provided by Abacode is considered proactive because we identify vulnerabilities before these are exploited by hackers and detect high risk behavior before it leads to a breach.
Our visionary Security Incident and Event Management (SIEM) system provides:
- Security Incident and Event Management (SIEM)
- Vulnerability Assessment (VA)
- Asset Discovery
- Network and Host Intrusion Detection (NIDS/HIDS)
- File Integrity Monitoring (FIM)
- Open Threat Exchange
- Threat Intelligence
The Open Threat Exchange community enables sharing of Internet Protocol (IP) and URL reputation information. Independent, third-party cybersecurity laboratories provide integrated threat intelligence feed to Cyber Lorica that includes updates to signature, vulnerability, correlation, reporting, and incident response content.
Through the integration of Enterprise Mobility Management into the Cyber Lorica managed network surveillance platform, Abacode’s cybersecurity professionals are able to identify security issues with the organization’s mobile device fleet.
Abacode has the MSSP expertise to develop plugins that integrate unsupported devices, systems, and applications into AlienVault. Such integration capabilities enable our cybersecurity professionals to monitor systems that are not supported out-of-the-box to identify internal and external unauthorized activity.
Cyber Lorica has multiple deployment options, including Cloud-based, physical appliance, and a virtual appliance. Abacode recommends the physical or virtual appliance option in most solutions as it keeps the security data and logs contained within the organization’s data center. In Cloud-based deployment, the security data is encrypted and transmitted to a cloud server where it is stored for analysis and reporting purposes and destroyed when the security data becomes irrelevant.
All available features of the network IDS are enabled by collocating the Cyber Lorica appliance with the primary firewall and core switch in the data center. In this manner, the appliance can be set up to inspect all traffic going through the firewall in addition to having access to the firewall generated syslogs.
Network appliances and devices such as routers and switches are configured to forward their syslogs to the Cyber Lorica appliance for storage and analysis. In the case of Unix and Linux servers, host IDS and file integrity monitoring is accomplished through the installation of an agent application. This agent has a small footprint and utilizes minimal amounts of RAM and CPU cycles.