We maintain a Security Operations Center from which we monitor and protect our clients’ environments day and night, year-round. The SOC is staffed 24/7/365 with highly trained and certified security analysts who deliver services including Security Information & Event Management (SIEM), Managed Detection & Response (MDR), Incident Response (IR), and more. Geidi serves businesses from every industry with an emphasis on regulated industries with high compliance needs including SOC 2, CMMC, NIST, etc. All analysts and engineers monitoring or working on the systems have a minimum of 3 years’ experience and a mix of relevant industry certifications including CISSP, Security+, GPEN, Cisco CCNA, Fortinet NSE, Splunk Certified Administrator, etc. We get vulnerability alerting from various sources that guide our decision making including CISA, Australian Cybersecurity Centre, DHS, Microsoft, vendor specific alerts, as well as many others. We keep an inventory of software and hardware deployed to our environments to determine the relevance of the security alerts we are receiving and direct it to the appropriate teams to be dealt with.
Bitdefender Gravityzone has XEDR deployed to the environment. Extended Detection and Response begins with rapid elimination of threats through faster processes, policy driven response capabilities, and complete visibility into your endpoint environment, with full-context, real-time forensics. XDR unifies prevention, detection, and response in a seamless, human-led, service-technology offering powered by our own certified analysts, machine learning processes, and automation of powerful tools. A best of breed service, XDR is a comprehensive threat management solution for your endpoints. Logging is fed from Gravityzone into Splunk for analysis and trending. The alerts are fed into the SOC and responded to by a team of individuals led by the SOC lead following the playbooks for response and remediation. When a threat is detected, it is classified by risk to the environment. Automatic triage by the local agents is triggered depending on the threat being executed, i.e. blocking activity or access to the network/files. If the threat is blocked, it is sent to review by the team to make policy adjustments as necessary or take further action.
Our SIEM (Security Information and Event Management) service aggregates and correlates logs from across your network and monitors network traffic so that our security experts can quickly stop threats. This means aggregating data from our Bitdefender Gravityzone endpoints directly into our Splunk SIEM with a backend powered by Splunk Phantom. This allows us to decrease the Dwell Time. Reducing your Time to Remediate (TTR) is essential to keep attackers from doing costly damage in systems. Our 24x7x365, Security Operations Center (SOC) is watching your network around-the-clock pushing policy changes in real time and responding to incidents as they occur. Our SOC is fully-staffed with trained and certified professionals that become an extension of your team. You are only alerted when action needs to be taken by you but most remediation is performed in the background and threats analysed without needing client interaction.
• 24x7x365 monitoring and alerting
• Security event logging, retention & monitoring to meet compliance obligations
• Vulnerability scanning to detect weaknesses in your network prior to exploit
• Dashboards for visibility
Through Bitdefender Gravityzone, we conduct routine scans to help identify vulnerabilities in your network. Using this information, we create policies or recommendations to the client for changes that would make the environment more secure. All too often, critical, and high-risk vulnerabilities appear on report after report because they are not getting the necessary attention between scans. These scans occur daily and based on these results the risks are ranked and assessed for organizational impact and a plan put in place for remediation.
Please contact us to see how we can protect your network environment.