NetSure360° is the perfect companion for our Consultancy, Network & Security capabilities, providing our customers with Infrastructure and Security Management as a Service. Built to embrace the complex challenges created by the growth in cloud services, mobility and advanced security threats,
NetSure360° delivers around the clock visibility, control and assurance across your entire IT security, network and cloud infrastructures.
Launched in 2012, NetSure360° is built upon the integration of our world class Security & Network Operations Centre’s (SOC & NOC) to provide granular visibility of your corporate network and security landscape. Uniquely, NetSure360° integrates security, network and performance management assuring the performance, security and reliability of mission critical applications across the entire enterprise.
Completely modular and scalable, NetSure360° simplifies the simultaneous monitoring and management of tens of billions of events on thousands of devices from dozens of vendors and multiple network and security systems. This continuous real-time assessment is delivered via NetSure360°’s dashboards so that administrators, managers and business leadership have a clear view of the network and the threats facing it. Our service is underpinned by the ISO20000/1 service delivery standard and a feature of our service innovation is the focus on turning the technical and operational service reporting into business and risk focused management information (MI) presented quarterly at our executive team meetings, allowing the executive team to make decisions that ultimately improve service.
In March 2015, we launched NetSure360° Orama, our new mobile app providing CIOs and CISOs with a precious window of time in which to prioritise, communicate and manage potentially serious security incidents. Orama is included free to all NetSure360° customers providing real-time visibility of critical network incidents and security threats from across the security and network infrastructure direct to mobile devices.
Orama is a simple to install and easy to configure mobile app available immediately for NetSure360° service subscribers on iOS and Android devices. Orama ensures that only incidents and alerts that are of importance to your business are received and updated until they are resolved.
ITC’s 5 Steps to Security Model is fundamental to the successful delivery of our NetSure360° Security Management Service. ITC’s refreshing approach to infrastructure security focuses on the critical assets of your business using our straightforward ‘5 Steps to Security’ programme which is simple and structured way of identifying genuine and potentially damaging intrusions. These simple steps help our clients manage risk, inform the business and build appropriate recovery plans against potential likely scenarios
Logging is not security, however both real time and forensic security analysis require quality time synchronised logging from multiple platforms. We see a move away from infrastructure centric logging, which has been dominant until recently, towards ubiquitous logging – the centralisation of logs from multiple platforms including infrastructure, servers and applications.
Ideally logging platforms should offer adequate long-term storage, have the capability to process logs from the required multiple sources, have an element of fault tolerance in the event for instance of a Wide Area Network outage, and be centrally searchable.
With the multitude of systems on any enterprise network, identifying and processing each and every potential security alert against each component is a difficult if not impossible task. For this reason ITC builds an asset model of the customer’s estate to reflect both geography and topology, but also business critical or vulnerable systems. This includes internet facing applications or revenue generating systems such as order processing or manufacturing automation systems.
The asset model will be utilised along with vulnerability data (see Implement vulnerability assessment) to contextualise and prioritise security alerting.
Vulnerability assessment is the process of scanning servers, infrastructure and applications for known vulnerabilities. It is used to drive prioritised remediation through patching and upgrade and also to enable security alerts to be appropriately scaled. If we know a device is not vulnerable to a specific threat, there is no need to set the klaxon off when we observe that threat against it; rather we can just log the event.
Now that we have logs from everywhere, an asset model and vulnerability data, we are in good shape to define our security ‘use cases’. This goes above and beyond the alerting from individual security devices, what chain of events will drive an appropriate alert which can be investigated.
Some examples of security use cases might include the identification of privileged access or escalation in the front office, VPN access by users already logged on internally, brute (check) forced login attempts across multiple similar systems, intrusion prevention device alerting that corresponds to a threat against a vulnerable system
ITC has a growing library of security use cases built for general use and in some cases for specific markets such as the recent DDOS threats against financial services organisations.
With the solid base identified above, we believe that any use case that can be articulated on a piece of paper can be coded and delivered as part of the SIEM system.
Many organisations such as Digital Shadows, HP, Cisco, McAfee or the open source ArcOSI provide rich real time threat data which they can derive and consolidate from their multiple security endpoints, both internal and customer located.
This data can consist of sites with known bad reputations, current high-risk attack sources or specific attacks, and new malware in the wild etc. ITC recommends consuming threat data from as many sources as possible.
An example of how this data can be utilised is the identification of traffic from or two known Malware (Botnet) command and control sites which can be indicative of Advanced Persistent Threat (APT) infection within the enterprise.