Security Monitoring
An important element of protecting IT systems against vulnerabilities and potential attacks is a mechanism of rapid detection and taking appropriate corrective actions before the vulnerabilities are effectively used by intruders. It is particularly important in systems providing Internet services.

The security monitoring service we offer consists of four independent components:
  • Notification of new threats and vulnerabilities
  • Security monitoring of external network services
  • Vulnerability analysis of external network services
  • Constant security monitoring
Notification of new threats and vulnerabilities

Perpetual updating of new threats and vulnerabilities for software is often treated as an additional task for administrators. They are often overloaded with other obligations associated with the current IT systems support. The key component of the notification service is sending reports containing information about new threats and vulnerabilities, with reference to the monitored devices and software versions, immediately after their publication. The reports are forwarded to the designated individuals in the organization. The report contains a detailed description of the threat or vulnerability, vulnerable platforms, assessment of potential impact and recommendations for possible actions aimed at minimizing the risk, if a device or software vendor does not provide an immediate solution.

Security monitoring of external network services

Changing firewall configuration, installation of new software version or even installing a patch may result in an incorrect configuration causing the additional ports opening or disclosure of information about used infrastructure or software versions. Security monitoring service is a periodic verification of particular system visibility on the Internet. Visibility is assessed on the basis of available network services (open ports), information about the network services software version and other information which might facilitate a potential attack (such as internal IP addressing). An end result is a report indicating detected changes. The report is transferred to designated individuals.

Vulnerability analysis of external network services

Vulnerability analysis is an extended version of external network services security monitoring. In addition to scanning open ports, an interim vulnerability analysis of the system is carried out by the use of automated scanning tools. The analysis includes a series of security tests related to type and version of devices and software used. An end result is a report indicating detected vulnerabilities of monitored systems. The report is transferred to designated individuals.

Constant security monitoring

Many events recorded by the systems and applications can be crucial for the security of information processed. The key to detect security incident and provide an opportunity to take the appropriate response on time is often a current analysis of recorded events. Undoubtedly, an important element is also the correct interpretation of events, often requiring knowledge related not only to networks, systems or applications, but also expertise in the field of information security. Continuous security monitoring service is based on real-time processing and monitoring information about recorded events from selected devices, systems and applications. It leads to detection of events that may entail risks for the monitored components. With regard to different security requirements forced in organizations, there are also various options of the service.

In the first scenario, the security monitoring can be delivered through our experts' limited access to the system collecting events or to central system processing security events (SIEM, SEM, SIM, central log server). In another option the events can be transferred to our Security Monitoring Center and processed there. Regardless the scenario type, all data is sent between the organization and Monitoring Center through secure VPN tunnel using cryptographic protection of information. We can prepare an optimal offer of the service adjusting to applicable security requirements and specific organization conditions.

Quality Guarantee

In order to ensure the highest quality, we deliver the offered security monitoring services on the basis of best security and incident handling practices. Our experts have extensive knowledge in the field of networks, operating systems, applications and expertise in the area of security, supported by numerous certificates (CISSP, CISA, CISM, LA 27001).
© 2010 Prevenity Sp z o.o. All rights reserved.    Company | Legal information | Contact Us | Site map