IT Security Service Review: Dell SecureWorks

it security, it security intelligence, it security consulting

SecureWorks has a main core in its managed services called the Sherlock Security Platforms. This platform helps bring together events and logs from almost any type of security device on the network. IT security consulting is what lacks in most of its business or any business that directly or indirectly does network related jobs. Also provided by SecureWorks managed services is the iSensor IPS that is managed and well monitored 24/7 by the SecureWorks staffs.

Customers are able to directly access SecureWorks web-based portal to view or access all aspect of protected networks. This helps provide views of threats and also vulnerability trends and real-time alert views. Customers are now able to create and also view reports and scanning summaries.

The best thing is that the company provides real time, 24-hour management and firewalls monitoring, network IPS/IDS, web apps firewalls, integrated appliances among others. This service is perfectly done by intrusion analysts who constantly monitor emerging threats. There are professionals and certified experts at these centers who ensure customers satisfaction even from new threats. Documentation will include two PDF guides. The first PDF is an installation and portal guide. It explains various portal features and illustrates how to use the portal. The second PDF is an implementation guide. It provides an overview of service implementation process.

SecureWorks managed services provides 24 hours customer support via email and phone. In case of any threat, response times are guaranteed by the SLA to be within 15 minutes for any critical threat or incident and within an hour for a standard help desk request. 550 US Dollars is the minimum amount of money that SecureWorks managed services will charge customers who want their devices to be managed by Sherlock Security Platform.

it security, it security intelligence, it security consulting
Source: secureworks

IT Security Intelligence and Analysis

The scope of IT security analytics is broad. Threat intelligence if provided in advance will help to prevent any security incidents from occurring. Initially, it was believed that IT security analytics was a requisite before, during and after the incident. In the past, there were different products in each area, but the boundaries between them are blurring now.

Blacklists and Whitelists

Threat intelligence is the lifeblood of the IT security industry. Common spam emails, malware signatures and fake URLs are included in the blacklists whereas all the applications that the users use for their legitimate purpose are included in the whitelists. IT security suppliers have access to resources at some level. However it is known that intelligence gathered before is never going to stop the unwanted security breaches from occurrence.

What can be done when an event has occurred or data have been breached? In such cases, the need is to understand the extent of the damage, applying IT forensic methods like reports for internal investigation or communicating with crime investigators. Examples of such incidents include discovery of unknown malware or disgruntled employees in the company.

These analytics collects clues to what has happened on the servers, storage systems and end user devices. Encase analytics is a network based tool where huge volume of data is involved. Encase analytics needs kernel level access across multiple operating systems to inspect registries, system data, memory, hidden data, and so on. Network and security appliance log files are also of use.

it security, it security intelligence, it security consulting
Source: secureworks

Guidance makes use of SIEM (security information and event management) tools. The benefits include ready customised reports for certain regulatory regimes like PCIDSS. Access Data’s Cyber Intelligence and Response Technology (CIRT) provides host and network forensics as well as the trickier-to-address volatile memory, processing data collected from all these areas to provide a comprehensive insight into incidents.

New Capabilities

These new capabilities include improved malware analysis, more automated responses and real time alerts. This is all well beyond historical forensics, moving Access Data from after, to, during, and even some before capability. Access Data relies on SIEM suppliers for some of its intelligence. , In the past, SIEM has also typically been an after technology. Most SIEM suppliers come from a log management background, which is the collection and storage of data from network and security system log files for later analysis.

SecureWorks managed services is involved in IT support services and have come up with Information Security Consulting practices with a full range of services, helping clients to recognize, estimate and enhance the entire security status of an organization. These services are based on widely accepted identified standards and best industry practices cater to all organization requirements.

it security, it security intelligence, it security consulting
Source: secureworks

To use intelligence from a range of sources in real time in order to identify and mitigate threats as they occur is the crux of IT security intelligence. Plenty of measures like running suspicious files in sandboxes, allowing only known good files to run, blocking access to dangerous areas of the web or judicious checking of content in use can be taken. These are all products that help towards broader aspiration of real-time mitigation. Supplementing these with analytics across a wide range of sources during an attack provides more extensive protection.

The good news is that more and more are making use of their ability to process and analyze large volumes of data in real time to better protect IT systems. But the bad news is that there is no silver bullet and never will be. A range of security technologies will be required to provide state-of-the-art defenses and there will be no standing still. Those who would steal your data are moving the goalposts all the time and they will be doing that before, during and after their attacks.

Featured Image: secureworks