baseMSP > IT Cyber Security > Managed Network Threat Detection and Response Service

Network Threat Detection and Response
as a service

Attackers are not static. They often have to enhance their position.
When they do, we must catch them in the act.

Traditional network-based detections are however failing to detect today´s threats. This is due to the fact they are based on short-lived and reactive intelligence and that they fail to learn unique customer traffic patterns to be able to detect anomalies. A global view is not enough, we need local context.

Many businesses base their threat detection
only on logs or on endpoint data.

The challenge with this approach is that not everything is logged, and not all endpoints can run detection agents. Or indeed, there may be third party endpoints not owned by your organisation. Network-based threat detection provides an optimal way to get the full view of threats traversing the network without blind spots caused by machines without endpoint sensors or missing log data.

Traditional network-based detections are however failing to detect today´s threats.

This is due to the fact they are based on short-lived and reactive intelligence and that they fail to learn unique customer traffic patterns to be able to detect anomalies. A global view is not enough, we need local context.

The Solution

To address these challenges, we offer a managed service that leverages
machine learning (ML) for detecting threats based on network traffic. And, by applying supervised ML techniques, the service can detect threats that have never been seen before based on their behaviour.

Alongside this, unsupervised machine learning maps and adapts to your unique network profile continuously over time, meaning that the service has greater context around activities that are unique to your environment and therefore, reliably detects what is anomalous.

Network Tap - Physical & Virtual Sensors

Sends copies of all traffic that should be monitored to the sensor which will extract relevant information and forward this data to the central “brain”. The brain will apply different detection models to monitor for a range of threats..

Cloud Platform Integrations

The solution also integrates with leading cloud platforms, utilising AWS virtual private cloud
(VPC) traffic mirroring and/or similar virtual tapping techniques in Azure to monitor all infrastructure-as-a-service traffic.

Account Activity Monitoring

Account activity is also monitored utilising specific artificial intelligence (AI) techniques to identify malicious behaviours and hijacked accounts (including Office365 integration) to cover complex hybrid and multicloud environments end-to-end.

Monitoring, Alerting & Analysis

The SOC monitors the central brain for alerts. They will be collected, analysed, and classified by the security experts in the SOC. Once a threat has been confirmed, you will get an incident notification in accordance with the SLA for that specific priority level.

Need to discuss your business cyber security further?

Chat with us online now! We can answer your IT support questions quickly, so you get the information you need.

Chat Now
Complete network visibility

Cover the network security gap and integrate with other solutions (EDR and SIEM) to provide complete visibility.

Detailed analysis

Detailed enriched detection context helps in providing detailed analysis. Signatureless detections based on identifying attached behaviour within the network using AI/ML.

Cost effective

Our SOC provides security analysts and platform expertise as a service. This gives you great visibility at a lower cost than most log-based solutions and less integration effort.

Rapid response

Security analysts on hand to isolate threats and limit the impact of breaches. Recovery will be provided to minimise risk to the business.

Is it for my business?

Challenges

  • 24×7 SOC coverage required.
  • Staffing a security platform management team with subject matter experts
  • Continuous management of network monitoring to ensure enough context for analysts without producing “alert fatigue.
  • Applying global intelligence to cyber security threats

When should you consider it?

  • If you require experts to help deploy and run a sophisticated managed network detection service.
  • If you require a provider that not only provides network detection but also log and endpoint based monitoring as well as actionable Cyber Threat Intelligence.
  • If you require 24×7 or 8×5 managed threat detection.
  • If you require additional Managed Threat Response capabilities.

What do we do?

  • Deployment of the Vectra platform.
  • Platform management of Vectra Cognito Detect™
  • Continuous incident triage, analysis and prioritisation by Security Analysts.
  • Critical Asset monitoring (Scoped)

What will you get?

  • Fully Managed Platform operations.
  • Real-time incident analysis and alerting.
  • Monthly security and operational reporting.
  • Cyber threat hunting.

Request call back

Please call us, email us or fill in the form below and we will contact you back. We endeavor to answer all enquiries within 24 hours Monday to Friday.
01252 268552