Intrusion Monitoring
According to CERT, Computer Emergency Response Team, cyber security incidents increased by an average of 85% per year from 2000 to 2003. In 2004, CERT stopped tracking incident reports altogether when they became too commonplace to be meaningful. Today, not only are the new types of vulnerabilities growing by leaps and bounds; the pace at which they strike has accelerated at an alarming rate.
hover to enlarge
SecuRNOC DiagramSecuRNOC Diagram
If you have just one computer on the Internet, then network security is an issue for your institution. It is quite common for businesses to put locks on the doors and windows, subscribe to a security service and even install cameras that are used to record all the traffic entering and exiting the building. Unfortunately, this attention to detail is not always paid to the institutions network. Usually a firewall is put into place on the perimeter, much like installing locks on the doors. Sometimes an intrusion detection sensor is put into place in sequence, either before or after the firewall, to monitor traffic into and out of the network, like the security service. The main oversight when implementing an Intrusion Detection or Prevention Sensor is that they are usually neglected after initial installation. Unlike a firewall, intrusion detection and prevention sensors need to be updated and monitored by a trained professional dedicated to that function 24 hours a day, 7 days a week. For most companies, this option is simply not financially feasible.
DataComm pairs a best-of-breed device with best-in-class service. Our proprietary device, securSHIELD, has the ability to monitor activity on multiple network segments with real-time blocking of suspicious activity. DataComm’s Intrusion monitoring service, secuRNOC, uses certified security technicians that interpret the suspicious activity and respond to threats in a customer-specified manner. For as little as $395 a month, our customers can sleep easy knowing that their networks are secured.
DataComm implemented their network operation center in Tampa, Florida in 2000. The network operations center has two distinct parts, the network operations center and the security operations center, each catering to specific client needs. Since security is the service that is being provided to our customers, DataComm’s physical and data security is well structured and tested. The physical building is a cement block structure with two authorized entry points. The security operations center is located in the center of the main building. The room is protected by steel doors and only authorized personnel may enter. Biometric access is required for both entry to the secured facility and to logon to the workstations.
The security operations center is staffed 24x7x365, by trained security technicians. The Security Operations Center has redundant high speed Internet Access, isolated electrical circuits, On-site UPS battery back-up system, On-site gas generator, plus a Fire Detection and suppression system. To further ensure uninterrupted service to our customers, DataComm also supports an Off-Site Disaster Recovery Center at Brunswick Electric Membership Utility in North Carolina. This facility has been built to withstand category five hurricane winds of up to 180 mph. The site also has redundant telephone carriers providing Internet Access. Electricity to the location is backed up with independent generators supplying UPS power to the facility in the event of power failure and all data connections to the building use Optical technology providing total isolation.
Alert, Block then Call. DataComm takes these three simple steps seriously, and uses them to guide our everyday practices. When an attack is detected, our security technicians are alerted. At that point in time, a technician would analyze the attack and the potential severity and act accordingly, either by blocking or monitoring for further malicious activity. When an actual attack is discovered, DataComm would then call the customer and inform them of the attempted breach.
hover to enlarge
SEM Blocked Sites ManagerSEM Blocked Sites Manager
DataComm provides electronic monthly reports that satisfy federal regulatory requirements (GLB, SOX, HIPAA). The reports include an extensive look at your network activity in the raw data logs and a more thorough report of high level alarms and actions taken by DataComm’s security technicians in the incident response logs. The executive overview, also included in the report, minimizes the amount of time required to review the report.
| Features |
Function/Benefit |
| Appliance |
|
| Real-time Intrusion Detection, Prevention and Response |
The sensor sits inline between the Internet router and the corporate firewall, proactively blocking attacks before they hit the perimeter of the network. The sensor also provides real-time monitoring of potentially malicious activity traversing the network. Sniffing interfaces can also be added to monitor the inside of the network which reduces the need for expensive host based solutions. |
| Resistance to Evasion Techniques |
The sensor reassembles and reorders fragmented packets and TCP streams using application layer decoding pre-processors which prevent polymorphic attacks that compromise typical security devices. |
| Transparent Operation |
The sensor seamlessly integrates into your network and is completely transparent to the end user, providing an increased level of security without sacrificing performance or functionality. |
| Signature and Anomaly Sensing |
The sensor utilizes both known and recorded attack patterns, signatures, as well as zero-day attacks, anomalies, to provide a comprehensive security solution. |
| Integrated IP Address Lockout |
The sensor has the ability to block malicious IP addresses on the Internet from reaching your data network. The blocking can either be permanent, or for customer specified period of time. This function can be done on the sensor itself, or in conjunction with the corporate firewall for failover. |
| Scalable Internal Sensing Presence |
The sensor has multiple ports that can be used to monitor various network segments, 1 external IPS and 3 internal IDS. The external IPS port can handle network traffic of up to 45-Mbps and the internal IDS ports can handle Gigabit traffic. |
| Service |
|
| Comprehensive Monthly Logs |
DataComm documents suspicious activity and resolution as reported by the IDS/IPS which is required by Federal Exams. The report includes an executive overview, raw data collected by your sensor over the period of a month, as well as a unique feature, incident response logs, which shows how DataComm’s technicians responded to all high level alarms. |
| Updates (Software, Signature and Rules) |
DataComm performs rigorous tests on the updates in a test environment before implementing them on your sensor. Updates are performed by the DataComm staff to make sure that all updates are current. Updates include the latest software releases, exploit signatures, and both anomaly and correlative rules. |
| E-Mail Summary Reporting |
DataComm sends an overview of events, based on a customer specified period of time, via E-Mail as part of service, giving access to activity on the network daily. (Must have an in-house E-Mail server) |
| Around the Clock Protection |
Network security analysts observe alarms 24x7x365, including holidays, and follow pre-determined real time responses. |
Call Us at 1-800-544-4627, or send an email
info@dcninc.com