Security Operations
Security is a huge concern for every business, but very few organizations have the resources to effectively combat cyber threats and attacks. Our Security Operation Center (SOC) is a centralized function providing our customer with the people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents. Access to sophisticated, 24/7 cyber security protection is one of the top reasons that businesses hire a Managed Services Provider like SecureITSM.
Acceptable Use Warning Banners
At a minimum, each time a computer is started, an Acceptable Use Policy (AUP) banner is presented and must be accepted to proceed. This banner warns users that the computer is monitored and that security measures benefit the organization, and not the user. Banners are customizable and can be implemented for select PC events, including at start-up and when inserting removable storage.
Computer Hardening
Computer hardening is the act of configuring an operating system securely, updating it, creating rules and policies to help govern its usage, and removing unnecessary applications and services. This is applied to PCs and servers alike – although different controls are applied to each. It is done to minimize a computer’s exposure to threats and to mitigate possible risk. Security and usability is a tradeoff. The most secure computer is one that has no access to any network or the internet. However, that computer is mostly unusable.
Key hardening steps include: 1) removing unnecessary programs, 2) maintaining operating system and application patches, 3) applying group security policies, 4) establishing and maintaining configuration baselines, 5) installing virus detection software, 6) periodic PC scanning ensuring patches are up-to-date, and 7) integrating cloud-based security, including URL and email attachment inspection.
Mobile Device Security Management
In today’s modern world, most companies utilize a Bring Your Own Device (BYOB) approach allowing employees to use their own smartphone to access corporate email on the go.
However, NIST SP 800-171, CMMC, and industry best practices mandate that corporate and custom data be stored within encrypted containers on mobile devices.
Using Microsoft Microsoft Mobile Device Management (MDM) and its Intune feature, SecureITSM encrypts corporate data in Outlook, Teams, Skype for Business, and SharePoint residing on a user’s cellphone or tablet.
Every time a user needs to read an email or conduct other communications (e.g. a Teams session), the Microsoft Authenticator application unlocks the encrypted communication session.
While organizational data is encrypted and MFA is used to access it (it’s very simple), the smartphone’s owner has full functionality of all other aspects of the phone.
A screenshot of showing the unlocking of an encrypted container is shown to the left.
Real-Time Virus Monitoring
SecureITSM provides heuristic and signature-based virus detection and remediation software on all supported computers, laptops, servers, flash drives and external storage devices (if allowed by policy), and cloud infrastructure at no additional charge. Heuristic virus detection is a method of detecting viruses by examining code for suspicious properties. Signature-based detection compares potentially malicious code against a database of known virus types. Upon identification, the virus is sent to the anti-virus admin panel for automatic or user-approved deletion or removal.
Security Alert Monitoring
In order to effectively manage the tremendous amounts of information that a securely managed IT environment generates, alerts must be created to notify security operations of any anomalies that occur. To do this, SecureITSM creates anomaly alerts from the following systems: 1) O365, 2) Azure, 3) Azure Log Monitor, 4) Cloud App Security, 5) Virus prevention management system, 6) software patch scanning solution, 7) DNS filtering management portal, and 8) others as appropriate. All alerts are sent to our trouble ticket management system and monitored by our service desk. A security engineer reviews security alerts and takes the appropriate action as applicable. Alerts are continuously refined to eliminate “false positives” and enhance alert designs
Software Update Management
Outdated software patches are often a critical point of environment vulnerability. This includes both Windows operating systems as well as applications installed on a computer. To help combat out-of-date software vulnerabilities, SecureITSM scans PCs and servers ensuring software is maintained at the appropriate level.
Depending on requirements, SecureITSM facilitates ongoing software updates as well as planned updates at predetermined times. Most security standards, (e.g. NIST SP 800-171) mandate that software be no more than three versions from the current published version. Also, using software that is no longer supported by the vendor presents a significant security risk. As part of our virtual CIO (vCIO) services, SecureITSM works with our customers to budget software updates and maintenance ensuring software currency.
URL & Attachment Inspection
Email URL and attachment inspection is where Microsoft reviews every email and inspects all URLs and attached files for potential malicious intent. Microsoft inspects every URL by opening them in a “sandbox” environment. Attachment inspection is where Microsoft opens and inspects every attachment eliminates non-compliance to protocol, spam, viruses, intrusions, macros, and other defined criteria blocking the attachment from being delivered.
Website Blocking
Domain Name System (DNS) filtering allows organizations to selectively block access to certain websites, webpages, and IP addresses. The DNS is what allows easily recalled domain names to be used – such as Wikipedia.com – rather than typing in very difficult to remember IP addresses – such as 198.35.26.96.
SecureITSM supports the blocking of over 80 categories of websites. In addition to category blocking, we support selective blocking of and access to individual websites within a category as appropriate. Additionally, individual employees can selectively be given access to a site that most employees are not allowed to access.