Monitor. Over the longer term monitoring trends and access allows you to see if there are “holes in the fence” that need to be mended! What if someone accessed your environment in a legitimate way, but should not have had that access? Monitoring your organisation’s infrastructure is an ongoing activity after you put systems and processes in place to ensure:
- It is doing what it should be doing
- Everything is being patched the way it should be.
Monitoring the fences and access gives you the ability to act upon events inside your organisation – positive and negative.
Secure-ISS can provide monitoring with Product 1, Product 2 and Product 3.
Cyber Protection. We secure both the gateway inside and outside.
You need solutions on your perimeter to stop external access coming in as well as solutions that sit on your internal infrastructure that monitors, detects and protects against any malicious activity that eventuates inside the machines.
Audit. This is a discovery activity that will tell you what you don’t know about your environment. Remember you can’t protect something you aren’t aware of!
As part of the asset discovery, we provide information on the vulnerabilities that may be out there in your corporate network (and cloud environments) giving you the opportunity to address any issues with a pro-active approach.
The audit is on the overall company infrastructure. From endpoints such as PCs , laptops and mobile devices through to and other things out in the field that can connect to your system. You pick up all the holes in the system.
“You don’t know what you don’t know”. A client had a security deficiency in his equipment. That caused his computers to become vulnerable which allowed hackers to place software on there that sent confidential information out. The lawsuit cost over $10,000.
The organisation had hundreds of desktops and notebooks as well as many servers. On this equipment they had applications that should have been licenced. When it came to updating the PC’s and notebooks they discovered over 100 notebooks missing. In addition to that when they realised that they had been paying for hundreds of unused licences.
Access Management. This ensures that the people that have access to your computers and services are authorised. You can then decide whether that access is audited or recorded against.
We were working with a client that needed to protect their server environment. Everyone had access which meant they had no way of protecting their information. By putting in the access management system, they then knew who/when accessed the important information and they limited the people that had access to that information.
The problem that led a customer to us was that confidential information was stolen. As they didn’t have an Access Management system in place, meaning you have no visibility over whom/when/how people access important and confidential information, they had to call in the police. The costs for the company where close to $1000 in lost productivity and on top of that it became an internal cultural issue as the trust between management and the team was gone.
A disgruntled employee who had access and managed servers decided that they would change the passwords before they left to go overseas to another job. Two weeks later when the next person went to access the server to make changes they had no access. The system could not be updated or maintained.