Cyber Security is an issue that has escalated in recent years with almost a third of businesses being victim of a cyber security event in the past 12 months however this figure is also expected to be under-reported.
Historically most cyber security issues were disruptive to the business for a short period such as through a denial of service attack or defacing a company website. In recent years this has shifted to primarily be ransomware where the disruption can be lengthy lasting weeks and in some cases even months.
There is no single solution which protects against all threats. As such, you need to analyse what the core threats are to your business and how you want to protect against them in the best way possible. It’s also inevitable that not all threats will be stopped 100% of the time so you also need to consider event monitoring and management and containment options.
Vinters off a variety of different options such a DDoS protection, web application firewalling, endpoint detection and response, security event management, vulnerability scanning, etc. This allows us to form a solid cyber security solution around your individual business needs.
Endpoint Detection & Response (EDR)
Traditional anti-virus primarily worked by matching a hash of a file against a database and marking it as a known threat. Many modern threats are now considered zero-day which means there is no known hash for the threat so it has become important to now look at the way that a file or executable is behaving instead.
By looking at the behaviour it’s possible to detect if it is acting in a suspicious way or accessing parts of the system that it shouldn’t be and mitigate a threat based on behaviour and artificial intelligence instead. This is where EDR comes in and takes things much further than traditional AV by looking at a variety of different things such as behaviour, the compilation of the file, how the code is written, and so on to create a holistic view of what that file or application is doing.
Vinters partner with select security vendors to offer an EDR product as part of our services for which alerts are reviewed and monitored pro-actively by our monitoring teams to search and respond to any emerging threats on your infrastructure.
Security Information & Event Management (SIEM)
Whilst a lot of threats can be prevented with a thorough level of protection it’s inevitable that a threat sooner or later if a threat is targeting enough that it will make it through and alerting to those events to allow for a cyber response plan to be triggered is crucial.
That’s where SIEM comes in. SIEM works by collating events from various parts of your infrastructure and then analysing those threats for suspicious behaviour such as privileged account creation. Some of these events will be part of routine infrastructure administration which is why they may not have been blocked as malicious however it’s important that they are investigated and marked as such in order to be able to pick out those that are malicious.
Our monitoring teams can configure an SIEM solution that collates your logs and creates automatic incidents which need investigation. The team will then investigate those incidents and trigger a cyber response plan for any which look suspicious.
New vulnerabilities are released every day and allocated a CVE number and categorisation for the risk level and the ability to execute. This database of vulnerabilities can be used to scan your infrastructure for any which are applicable to you allowing a mitigation plan to then be formulated and implemented to remove them.
Vinters offer vulnerability scanning for both the network edge which highlights threats which are exposed externally and pose the most risk in addition to scanning of individual devices for vulnerable applications which need patching. This provides you with a complete view of vulnerabilities and the possibility to proactively manage them to reduce your risk.
Speak to us today
To find out more about our cyber security services, please get in touch with our advisors who will be happy to help.