Do you know what’s going on on your network?
Most organisations are aware of what constitutes “good security”, and have robust anti-virus, carefully configured firewalls and have educated their teams to be cautious when sharing sensitive information with others. Lacunae Risk have developed an innovative service offering that allows the busy IT manager to proactively detect threats, and the CIO to track effectiveness of deployed controls.
What is it?
We place a dedicated sensor unit inside your network. Agents on workstations and servers send events which together with information from firewalls, web servers, and our own network monitoring and intrusion detection is sent to Sentinel (our monitoring portal), which correlates with known threat sources and allows our expert engineers to monitor your network security. In addition we are able to run vulnerability scans both on your internet-facing systems and internally from our deployed sensor units.
We are able to integrate with market leading vendor equipment already on site so the risk of unwanted “rip-out” cost is minimised.
Why do you need it?
Modern IT & Computer networks are complex creations. Users log in, and can access web applications, file sharing, document management, email, payroll, and other business critical applications at the click of a mouse. All these computer systems generate event logs and audit trails but in the modern business world, few organisations have the time and expertise to analyse these. Security standards such as PCI DSS mandate that monitoring and logging of security information must be performed, and our solution completely fulfils these requirements.
Case Study – find the insider threat
Company A had experienced random, inexplicable failures of their computers for months. Mission critical servers were erasing their hard drives seemingly at random. Key staff would arrive at work to find their workstations dead, unresponsive. IT staff were working overtime to try and keep the company running, and the board were becoming increasingly concerned. To rub a little salt into the wound, a parade of consultants were trooping in and out of the company, offering network redesign, new servers, penetration testing, and proving the saying that when you only have a hammer, every problem looks like a nail!
Lacunae Risk were called in, and our first response was to undertake a quick forensic analysis of an affected machine. No malware involved – Good News! But clearly, the cause of this problem needed to be identified. We deployed a SIEM sensor unit on site linked to our cloud monitoring platform (Sentinel). The miscreant employee was identified within three days.