CyberWatch IoT Threat Hunting
& Vulnerability Monitoring
CyberWatch Threat Hunting and Vulnerability Detection services are designed to supplement those organizations who do not have the Cybersecurity staff, or skill sets, necessary to detect, investigate and re-mediate potential attacks on their organizations systems, networks, and applications.
CyberWatch services include the backend infrastructure, implementation services and threat hunting procedures necessary to compliment the implementation of our Securolytics IoT Device Security Platform. Solution Synergy is unique in its Cybersecurity offering as we provide the Securolytics Connected IoT Device security platform, the CyberWatch Threat Hunting team, as well as a Security Event Information Management (SEIM) tool at no additional charge.
Four Different Service Plans
- Four different service plans are offered: Bronze, Silver, Gold and Platinum
- Bronze, Silver and Gold services have a 30 minute or less response time notification, where as Platinum has 15 minutes or less upon identification of a critical event.
Methods of Notification
- Email Notification – an email will be sent from CyberWatch to the assigned client contact, with a delivery receipt added to ensure arrival at the clients mailbox.
- SMS Notification – an SMS message shall be sent from CyberWatch to one (1) client recipient
- Phone Notification – a telephone call from a CyberWatch Security Analyst will be sent to a pre-assigned client contact. If the client contact is not available, the Security Analyst will leave a message in the CyberWatch log, noting what time the call was placed, and the client contact name the message was left with.
Hours of Service
- 5 x 8 operations – 5 days a week by 8 hours per day, or
- 24 x 7 operations – 7 days a week by 24 hours per day
CyberWatch Alerts and Use Cases
- MITRE ATT&CK Tactics, Techniques and Procedures – Monitor and Analyze Operating system services based upon know hacker organization exploits.
- Authentication Tracking – Monitor and Analyze failed authentications, local or remote connection attempts, brute force attacks.
- Securolytics and Internet of Things – Customized configuration monitoring of IoT devices, communication channels, ports / protocols, and known vulnerabilities
- Qualys Integrated Vulnerability Assessments – Customized configuration monitoring of external and internal scanned organizational assets. Monitoring of known vulnerabilities based upon port/protocol/services. Provides prioritized threat identification for critical, high, moderate, and low threats.
- Multi Factor Authentication – Customized authentication monitoring using multifactor authentication solutions. Provides monitoring of critical assets that requires MFA authentication
- Network Connections – Full network monitoring of network flow packets, including port, protocol and service. Defines “top network talkers” across infrastructure and network transaction types such as DNS, DHCP, ICMP, TLS, etc….
– AVAILABLE 5X8, OR 24 X 7
|Daily review of primary threat hunting dashboards||X||X||X||X|
|Configuration of “X” Critical alerts & Notification Response Protocol||2||3||4||8|
|Critical Alert response time 30 minutes or less||X||X||X||X|
|Monthly reporting of agents and monitored||X||X||X||X|
|Integration of “X” applications via Rest API||1||2||3||4|
|Assignment of Primary Security Operations Analyst||X||X||X|
|System level monitoring of CPU, RAM, Hard Drive Utilization||X||X||X|
|Dedicated Security Operations Center Analyst||X||X|
|Assignment of Secondary Security Operations Analyst||X||X|
|Weekly reporting of agents configured and monitored||X||X|
|Critical Alert response time reduced to 15 minutes||X|