 |
| By using FortConsult′s monitoring service, StayReady™, you are assured of receiving immediate notification if you are subjected to a hacker or worm attack. You will also be informed of what to do to repulse the hacker or the worm, e.g. by filtering out an IP address in your firewall configuration or by changing your network design so that it becomes more secure. |
| |
| Full information about suspicious traffic |
| A StayReady™ subscription means that we assume responsibility for monitoring your network and reporting to you in the event of suspicious patterns in traffic that may indicate that a hacker or worm attack is taking place. Such events could include network traffic towards your web server, the beginning of a Denial of Service (DoS) attack or repeated attempts to scan your systems from a particular IP address. We configure your IDS system so that we can receive alarms from the system and ensure that all alarms are quickly and correctly processed. |
|
| |
| FortConsult′s monitoring service, StayReady™, covers the monitoring of hacker and worm attacks in the DMZ zone, i.e. we keep an eye on all traffic to and from the DMZ zone and internally within the zone. |
| |
| We prioritise alarms |
Each time FortConsult receives an alarm from your IDS system, one of our security experts immediately evaluates whether the alarm is irrelevant, relevant but not important, or relevant and important. The latter case indicates an attack in progress with a high probability of your system being vulnerable. In such cases we contact you immediately - even if it is during the middle of the night or at the weekend. If the alarm is relevant but not important, we contact you at the first available opportunity during normal working hours.
| Priority of alarms |
| Level 1: |
URGENT |
The alarm is relevant and important |
We call you immediately 24/7/365 |
|
| Level 2: |
NORMAL |
The alarm is relevant, but not important |
We contact you during normal working hours |
|
| Level 3: |
LOW |
The alarm is irrelevant |
We inform you at the next monthly meeting
|
|
| |
| Direct access to security experts |
| FortConsult′s local electronic alarm centre is manned 24 hours a day with experienced security consultants who look at the alarms as soon as we receive them. This means that you can get immediate guidance concerning the consequences of an attack, including what you should do to stop it. Our monitoring has a double safeguard with a second and third team on duty to whom an alarm will be sent within 10 and 20 minutes respectively should the first duty be busy or not answer. All those on duty are qualified security consultants with numerous years of TCP/IP experience and can therefore react quickly and competently in cases in which it is necessary. |
|
| |
| It generally requires a good deal of experience of vulnerabilities and comprehensive knowledge of vulnerabilities to work with IDS systems and assess whether a hacker or worm attack is taking place when an alarm is triggered on the system. FortConsult′s security consultants work with vulnerabilities every single day and have a great deal of know-how about how vulnerabilities can be exploited by hackers and worms. The combination of our toolbox with detailed vulnerability databases and a large number of attack methods and our structured working procedures help to ensure that we do not overlook or misjudge an attack. |
| |
| Use us as a sparring partner |
| In line with us monitoring your network and assessing the alarms that the IDS system reports, we will naturally obtain a more detailed knowledge of your IT architecture, network and desired level of security. This enables us to make a more specific contribution with detailed knowledge of vulnerabilities and recommendations concerning your state of preparedness against hackers and worms, which you are always welcome to draw on. We generally attach great importance to clear communication and have considerable experience in making the security problems easy to understand - also for non-technicians. |
| |
| Get off to a good start |
| When you choose to outsource IDS monitoring to us, we begin by getting to know your organisation, network and business priorities thoroughly so that we are well equipped to be able to carry out an assessment of what is unwanted traffic. We look at your current IDS system in more detail and find out how it can be set up in the optimum manner so that we can receive alarms from your network. |
|
| |
| It is usually not necessary to replace the IDS system, but if you have special requirements concerning monitoring which your current IDS system cannot satisfy, we can recommend various IDS systems that will be able to live up to your requirements, without them being either expensive or complicated. If you have not yet acquired an IDS system, you are also of course welcome to draw on our knowledge in the area. |
|
| |
| FortConsult assumes the responsibility for setting up your IDS system so that we can receive the alarms and for ensuring that the system works in day-to-day operations in terms of security. However, you are responsible for ensuring that the hardware works as it is supposed to and that the operating system is updated. |
| |
| You receive regular information |
| From the point at which the subscription for StayReady™ comes into effect, you will regularly receive tailor-made e-mails and telephone calls from us with information about the alarms that we feel you should do something about. We will hold monthly status meetings with you, in which we will present a report of the alarms we have assessed during the previous month - i.e. the attacks to which you have been subjected - and give our assessment of how serious they have been. |
|
| |
| At the same time, we will give you an overview of the attack patterns during the period compared to previous periods and specify how many hackers you have been under attack from, from where, how often and how many of the alarms have been serious. We also ask you to tell us about the changes that have occurred in your organisation and IT architecture, and we will make recommendations as to what you should change in your network design and in the configuration of your security systems in order to protect you against future hacking and worm attacks. |
| |
| If your luck runs out |
| In the vast majority of cases FortConsult′s monitoring and alarm contingencies will mean that you are able to see off the worm and hacker threats if you are attacked. However, should a hacker or worm gain access to your DMZ zone and from there to your internal IT systems, we can also provide help. By opting for an additional service to our monitoring agreement, we guarantee that we will turn out at a moment′s notice and help you to handle the crisis situation. |
|
| |
| The first thing we do is to assess the extent of the damage and the risk of further damage. We then contain the damage and find out what you have been attacked by and get rid of the hacker or the worm concerned. We then set out a concrete plan of action in collaboration with you for the steps that have to be taken. This will include an assessment of whether we need to involve decision-makers from other areas of your organisation, call the police or remove the system from the network. In the event of credit card cases, we can also help to assess whether customers, credit card companies and banks should be informed. |
|
| |
| Last, but not least, we can help you to clear up the situation and put forward a plan to ensure that it does not happen again. |
