1. Network Survey: Service Planning
We will work together with your team to determine the best deployment option. Our unique service can be deployed with physical on premise gateways where extreme high performance is required or via our cloud hosted services where flexibility is paramount. We will work with you to determine the location for any physical gateway devices, including space requirements, tap port access, etc. We will also meet with your security team to discuss your company’s particular cyber posture and specific requirements to ensure proper configuration and outcomes.
2. Installation: Cloud Provisioned & On-Premise Filters
We are uniquely able to offer on premise mitigation services where our extreme performance is needed. Where flexibility is paramount for satellite offices we provide a high-performance cloud solution. In each case, we will deploy or provision our ultra-high performance threat intelligence gateway(s) to remove the "all risk and non-business" traffic. We will handle all gateway connection, configuration, and setup. We will work with your team to establish connections to any existing threat intelligence sources you may have and connect to your existing SIEM if desired.
3. Activation: Real-Time Intelligence Threat Feed
Intelligence must operate at machine speed. We will activate our ACT intelligence service, which is a massive collection of critically valuable threat intelligence data from a host of industry sources, collectively representing over 5 million indicators of compromise (IOCs), that is carefully curated, aggregated, and used to eliminate the “all risk non-business” traffic. With this massive reduction in event volume we will then hone in on the advanced threats.
4. Configuration: Setup the Policies
We will establish and configure all required threat feed subscription parameters, critical blocking rules, and cyber enforcement policies within the gateway to meet your security requirements. Initial configuration immediately yields significant results to improve your threat posture, but as important will be the work our team does in continually fine tuning the intelligence and investigations for advanced threats. We implement broad detection policies with full PCAP forensics for advanced threat detection.
5. Reporting: Visibility Dashboard
You need a real-time view of your network risk. QuickTHREAT Analytics is a cloud-based security dashboard that provides important visibility. We can access all event data in real time to effectively monitor your security posture and vulnerabilities. This tool helps our security experts understand the threat landscape, including specific attack history, policies, rules, traffic patterns, transaction PCAP and other significant security related metrics. You will be given access and can even observe which attackers, from which locations, are attempting to connect to which of your workstations, servers and devices.
6. Ongoing Security Analyst Support
As part of the service engagement, you will be provided dedicated network engineering and security analyst support. Our team will be available to assist in incident review, adapting policies, and creating risk models tailored to your enterprise. We will work closely with your security team to understand current threat mitigation workflow and identify opportunities for increased impact and efficiency using our powerful technology. We will be responsible for producing daily, weekly, and executive summary reports of all security work. We operate at your direction and analyze all relevant threat results.