Being able to detect behavior anomalies, malicious traffic, and unauthorized access is required by regulations and is critical to the security of your network infrastructure. The ability to detect threats as they emerge will determine if you’re able to stop threats in their tracks or your entire network is compromised.
We deploy and manage a comprehensive intrusion detection system on premises or in your cloud environment (both Azure and AWS). This also includes a network intrusion detection (NIDS) and host intrusion detection system (HIDS). We also collect and correlate your events from your existing infrastructure such as firewall, IPS, and DPI into a single console which provides complete security visibility while protecting your investments, patient files, intellectual property, and providing compliance. Our security analysts have eyes on your network 24 hours a day 7 days a week.
Attack Intent & Strategy
- System Compromise – Behavior indicating a compromised system.
- Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
- Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
- Reconnaissance & Probing – Behavior indicating an actor attempt to discover information about your network.
- Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.
With intrusion detection you can see complete attack methods, related events, source IP and destination IP, as well as remediation techniques. Being able to see entire threat in a unified view means faster response and more accurate remediation strategy.
All data is correlated with multiple security tools which reduces false positives.
Integrated threat intelligence means we know when a threat is a known bad actors and can more accurately predict which actions may be taken or vulnerabilities exploited. Threat intelligence is automatically updated inside our intrusion detection system every 30 minutes as well as viewed from several other sources. This means we have up to the minute information on threats.
Continuous Intrusion Detection Delivered by Blackthorn Secure
- Network IDS signatures
- Host-based IDS signatures
- Asset discovery signatures
- Vulnerability assessment signatures
- Correlation rules
- Reporting modules
- Dynamic incident response
- Newly updated data source plug‐ins
Security Operations Roles and Support
According to a recent study by SecurityWeek.com the average number of days that attackers were present on a victim's network before being discovered dropped to 146 days in 2015 from 205 days in 2014. A trend that shows positive improvement from 416 days back in 2012. Unfortunately, Blackthorn Secure responded to a recent breach at a medical facility that was undetected for more than 180 days. It's important to understand how response time can greatly reduce the amount of damage done in a breach.