ATD | ADVANCED THREAT DETECTION

WHAT IS ADVANCED THREAT DETECTION?

Advanced Threat Defense services provide protection against the latest web-based attack types and vectors.  These attacks are designed to be stealthy, well-coordinated, and in some cases undetectable by standard security solutions.  RedLegg’s Advanced Threat Defense service protects against:

  • Malware
  • Zero-day exploits
  • Spear phishing attacks
  • Malicious URL  

RedLegg’s Advanced Threat Defense solution protects networks from advanced threats that may by-pass traditional security solutions.  The ATD Service monitors the network around the clock, and can monitor and defend against malware and advanced cyber threats.  To mitigate this risk, RedLegg’s ATD Service provides protection from vulnerabilities and evolving threats with constantly updated threat feeds and in-line threat prevention technology.

SIEM-Pillar-Banner

Pretty much everything you'd need to know about co-managed SIEM. 

LEARN MORE

SECURITY OPERATIONS CENTER

Managed Security Services are implemented and delivered by the RedLegg Security Operations Team.

24X7 SUPPORT:

The RedLegg Security Operations Team is available 24x7 for customer support, in your time zone.

MONITORING:

RedLegg’s Security Operations Team enables monitoring and alerting for your on-premise equipment, based on your pre-defined escalation procedures.

TICKETING:

The ticketing system is available online to track all cases, and a customer portal is available as well to check the status of tickets.

ALERTING:

For threat detection services, RedLegg will configure automatic alerts based on pre-determined criteria or critical services.

ADVANCED THREAT DEFENSE SERVICES

Once the RedLegg ATD solution has been fully deployed or in the event that RedLegg is taking over monitoring of your existing deployment, RedLegg Security Operations will commence with ATD Monitoring services.  RedLegg includes the following features in its ATD Monitoring Service:

EVENT REVIEW

RedLegg’s Security Operations staff will perform a review of events generated from the ATD solution. In a situation where an actionable event is detected, then a ticket will be opened within the RedLegg ticketing system and you will be sent a notification.

AUTOMATED ALERTING

RedLegg will work with you to determine the events that you will want to receive automatic notifications for. Automated alerts will arrive as an email and will be created in our integrated ticketing system.

INTEGRATED TICKETING SYSTEM

When actionable events are identified by RedLegg SOC or an Automated Alert is generated, all information is submitted into our Ticketing system for investigation, tracking, and auditing purposes. The ticketing system is available through our customer user portal.

DETAILED ON-DEMAND REPORTING

On-demand reports are available detailing statistics and analysis of the activity of the hosts reporting in to the service. Many of the reports available are tailored to security or compliance requirements.

  • EVENT REVIEW
  • EVENT REVIEW

    RedLegg’s Security Operations staff will perform a review of events generated from the ATD solution. In a situation where an actionable event is detected, then a ticket will be opened within the RedLegg ticketing system and you will be sent a notification.

  • AUTOMATED ALERTING
  • AUTOMATED ALERTING

    RedLegg will work with you to determine the events that you will want to receive automatic notifications for. Automated alerts will arrive as an email and will be created in our integrated ticketing system.

  • INTEGRATED TICKETING SYSTEM
  • INTEGRATED TICKETING SYSTEM

    When actionable events are identified by RedLegg SOC or an Automated Alert is generated, all information is submitted into our Ticketing system for investigation, tracking, and auditing purposes. The ticketing system is available through our customer user portal.

  • DETAILED ON-DEMAND REPORTING
  • DETAILED ON-DEMAND REPORTING

    On-demand reports are available detailing statistics and analysis of the activity of the hosts reporting in to the service. Many of the reports available are tailored to security or compliance requirements.

ADVANCED THREAT DETECTION MANAGEMENT

  • HEALTH AND PERFORMANCE
  • AVAILABILITY AND OUTAGE NOTIFICATIONS
  • PATCH AND SOFTWARE UPDATES
  • TUNING AND CONFIGURATION

HEALTH AND PERFORMANCE

Health and performance of the appliance is monitored by RedLegg operations.  In the event of a system or performance issue, the RedLegg SOC is notified so that problems can be investigated.

AVAILABILITY AND OUTAGE NOTIFICATIONS

Availability of the equipment is monitored 24x7.  In the event that the device becomes unreachable, RedLegg SOC staff will begin investigation of possible network connectivity issues.  In the event that the device remains unreachable for the determined threshold, you will be notified using the escalation procedures established in our Data Gathering Form.

PATCH AND SOFTWARE UPDATES

When new software updates or patches are available, RedLegg staff will work with you to establish maintenance windows if downtime of the service is unavoidable.

TUNING AND CONFIGURATION

From time to time, RedLegg may need to tune or make changes to the configuration of the ATD solution to keep up with any changes the Client makes to their network.  Also, tuning may be required from time to time to keep up with attack vector changes.

  • HEALTH AND PERFORMANCE
  • Health and performance of the appliance is monitored by RedLegg operations.  In the event of a system or performance issue, the RedLegg SOC is notified so that problems can be investigated.

  • AVAILABILITY AND OUTAGE NOTIFICATIONS
  • Availability of the equipment is monitored 24x7.  In the event that the device becomes unreachable, RedLegg SOC staff will begin investigation of possible network connectivity issues.  In the event that the device remains unreachable for the determined threshold, you will be notified using the escalation procedures established in our Data Gathering Form.

  • PATCH AND SOFTWARE UPDATES
  • When new software updates or patches are available, RedLegg staff will work with you to establish maintenance windows if downtime of the service is unavoidable.

  • TUNING AND CONFIGURATION
  • From time to time, RedLegg may need to tune or make changes to the configuration of the ATD solution to keep up with any changes the Client makes to their network.  Also, tuning may be required from time to time to keep up with attack vector changes.

OUR APPROACH

RedLegg is an innovative, global security firm that delivers managed cybersecurity solutions and peace of mind to its clients.

RedLegg’s approach to information security protects the confidentiality, integrity, and availability of critical data based on a sound risk management framework. This approach allows organizations to engage business owners in defining acceptable levels of risk and to participate in the process for evaluating threats.

RedLegg’s ARMEE (Assess, Remediate, Monitor, Educate, Enforce) methodology institutes a lifecycle that allows for an ongoing process to continuously improve the security posture of the organization. This methodology is designed to be portable to all business, legal, regulatory, and security requirements of the organization. It is flexible enough to account for the constant flux in the market place, attack vectors, and protection mechanisms.

The final step in RedLegg’s ARMEE methodology is to implement solutions that enforce security measures needed to protect against threats that may affect an organization’s core business.

ARMEElogo-1

Resources

     
MSS-Monthly-Sample-Report

 

MSS-Slick-3D

 

Case Study_SIEM-International-Law-Firm-SOC-3D-1

 

SIEM-Architecture-Review

 

MSS Monthly Report Sample Managed Security Info Sheet Managed Security Case Studies SIEM Architecture Review

 

BETTER YOUR VISIBILITY.

Better defend your network.

REACH OUT