Investigating unreliable alerts wastes two-thirds of staff time while actual breaches go undetected an average of 146 days. You must be on constant lookout for security threats lurking in your network traffic – managed detection and response gives you actionable insight when it counts.
Gartner’s 2018 Intrusion Detection and Prevention Systems Magic Quadrant
Cyber criminals are getting more sophisticated with attackers conducting in-depth reconnaissance to find vulnerabilities before launching their attack. Firewalls, anti-virus and patching are often not resilient enough to protect your IT from being compromised. As illustrated above, often once a breach occurs cybercriminals have access to a network for long periods of time without the breach being discovered.
To combat this increased level of threat larger companies, have been deploying managed detection and response capabilities. This is achieved by either operating an in-house SOC (security operations centre) which is expensive to set up and operate or by commissioning a managed service like BORDERPOINT which has been designed and built to provide an affordable solution to businesses of all sizes.
WHY Fresh Mango Technologies?
The Borderpoint Security Operations Centre (SOC) is operated by experienced cyber security analysts overseen by James Griffiths and Dave Woodfine; both of whom have extensive experience in setting up and operating SOC monitoring services for large corporate organisations including the MOD and the Bank of England.
The BORDERPOINT service has been designed and built based on experience gathered working for organisations where the highest standards of security are demanded.
INCIDENT DETECTION & BORDERPOINT RESPONSE
Activity and Security Analysis
BORDERPOINT collects system and security data from your IT devices (on-site or cloud) and then forwards it securely to Fresh Mango. This data is indexed and analysed against bespoke rule-sets and a threat intelligence database to identify potential threats, behavioural anomalies and to detect intrusions.
Intrusion Detection
BORDERPOINT provides real-time scanning that looks for cyber threats and suspicious anomalies at the host level. This enables the CSA Analyst to investigate and respond to advanced threats and attacks against your IT. BORDERPOINT can uncover more complex exploit processes, used to bypass Anti-Virus systems, through the integration of the CSA Threat Intelligence database to identify indicators of compromise.
Flexible Incident Respone
BORDERPOINT can provide an optional automated active response service that can be used to block a network attack, stop a malicious process or quarantine a specific user or file. This tailored service will be developed to meet an organisations individual automated response requirement.
BORDERPOINT SECURITY HEALTH & MONITORING
Software Audit
BORDERPOINT will conduct a full software audit every 12 hours on each monitored device. This inventory check will provide a detailed list of all software installed including patching status. This near real-time service will provide assurance that you understand what software has been legitimately installed on your devices and will be used to inform the BORDERPOINT vulnerability assessment service.
Vulnerability Assessment
The automated vulnerability assessment feature helps to find the weak spots in your IT. BORDERPOINT uses the output from the software audit to provide a continual vulnerability assessment for each monitored device. BORDERPOINT achieves this by comparing the results against the latest CVE (Critical Vulnerability and Exposure) database of known vulnerabilities to identify weaknesses that need be addressed.
File Integrity Monitoring
BORDERPOINT monitors selected files to identify changes in content, permissions and attributes of the files that are important to an organisation such as files that a hacker or malware would target or those containing sensitive financial information or personal data in HR records. BORDERPOINT will generate an alert if it detects that a file has been changed or modified and can identify the user(s) involved. File Integrity Monitoring will also provide inputs into the BORDERPOINT regulatory compliance service.
Security Configuration Assessment
BORDERPOINT monitors operating system and application configuration settings to identify where areas of potential attack can be reduced. BORDERPOINT will detect and alert against common system misconfigurations that may be present on monitored devices. Each device will have a security configuration assessment score that will be available through the user dashboard. These scores can be benchmarked and tailored against an organisations security policy.
BORDERPOINT REPORTING & COMPLIANCE
Regulatory Compliance
BORDERPOINT alerts and reports against compliance with some of the mandatory security controls for various industry standards and regulations. BORDERPOINT is configured and mapped to the technical controls of the PCI DSS (Payment Card Industry Data Security Standard), GDPR, NIST and HIPPA. Additionally Fresh Mango are working on the technical controls for the Cyber Essentials accreditation and ISO 27001.
User Dashboards
BORDERPOINT has been designed with its own unique user accessible dashboard. Each dashboard is pre-configured to display the core features of BORDERPOINT and can be tailored to meet the individual needs and requirements of each client. This single interface provides a real-time view of your monitored IT infrastructure that some clients will appreciate while others will just want to be alerted when there is a real issue that has been identified as part of the Fresh Mango managed service.
TECHNICAL SPECIFICATION
|
AIX 5, 6 and 7 |
OpenSUSE |
|
Amazon Linux, Amazon Linux 2 |
Oracle Linux 5, 6 and 7 |
|
CentOS 5, 6 and 7 |
Solaris 10 and 11 – i386/sparc |
|
Debian 7 and above |
Suse 11 and 12 |
|
Fedora 22 or above |
Ubuntu 12.04 and above |
|
HP-UX 11.31 |
Windows XP Service Pack 2 and above |
|
MacOSX Sierra or above |
Windows Server 2003 and above |
BORDERPOINT Encryption
All BORDERPOINT logs are sent from the monitored device to the processing manager using AES 256 bit encryption via either UDP or TCP.
Installation
The BORDERPOINT agent can be installed using both .msi for Windows-based operating systems and .sh command-line script for *nix based operating systems. A full installation guide is provided if required. The agent install is fully automated and will automatically register with the BORDERPOINT service.
ADDITIONAL Fresh Mango SERVICES
Providing around the clock managed cyber services from the SIOC from a team of Cyber professionals.
Our range of security assessments cover both technical and operational aspects for any business
Fresh Mango produces its own and re-sells a number of specialist cyber products.
Our crisis response service is run through the SIOC providing a number of services to help companies when something goes wrong.
Fresh Mango provides a range of cyber training services designed to meet your needs.
The Senior Team at Fresh Mango provide a range of cyber consultancy services to assist companies to understand cyber security
CONTACT US:
If you would like more information or would like to request a demonstration of the BORDERPOINT managed service then please contact us via:
