StratoZen’s Cybersecurity Monitoring and Compliance Solution
Erin provides an overview of StratoZen’s comprehensive cybersecurity monitoring and compliance solution.
Video Script: Hi. I’m Erin, the cybersecurity expert, and I’m going to give you an overview of our new comprehensive cybersecurity monitoring and compliance solution. Before we jump into our solution, let’s briefly talk about today’s cybersecurity challenges. In previous videos, I explained that your risk of a cybersecurity breach is increasing every year and when it happens, it costs A LOT! . But you may be relying on old school technologies to protect you. I also talked about how building out a fully staffed security operations center is way too expensive for most organizations. Yet other managed security service providers are super expensive, and only cover a few edge security devices, which isn’t enough. And beyond that, compliance requirements are getting tougher for nearly every industry! If you haven’t seen some of those other videos, you can find them here. https://stratozen.com/StratoSOC/
To help our customers address all those challenges, we decided to create a comprehensive cybersecurity solution. Our offering provides cybersecurity monitoring for all your critical devices, not just your firewall. We use advanced analytics and correlation to detect threats and generate automated notifications 24 hours a day, 365 days a year. We also have real life security analysts reviewing your security data every day for human oversight and compliance.
And our solution is completely integrated with the IT support you have today, right down to integrating directly into your trouble ticketing system. And best of all, because we’re leveraging modern machine learning technology and automation, our solution is extremely cost effective. In fact, we can monitor all your entire network for less cost than what you could pay one of those other MSSPs to manage a single firewall and IDS unit. In short, our solution bridges what we like to call the “cybersecurity gulf”… too many threats and compliance requirements, but not nearly enough time, people, or money.
So how does this service work so well at detecting cybersecurity threats and meeting compliance requirements, all while being extremely cost effective? I’m glad you asked! Here’s how it works. We start by putting a special virtual server on your network called a collector. The collector then connects to all your critical devices to gather information like manufacturer, model, and each device’s configuration. Then we start collecting all the security logs in real time from every device. All of this data is compressed and fully encrypted by the collector before sending to our cloud-based sim. Want to learn more about what a sim is and what it does? Check out my video on it.
Here’s an example of some of the device information we collect and store in our sim. We know all about the device, even what applications are installed and what Windows services are running on a server. Knowing about all your critical devices, what each does, and how it’s configured is really important for accurate correlation and analysis.
We also use this information to automatically track configuration changes. See how we’ve highlighted this configuration change between April 1st and April 3rd? This kind of intelligence allows us to monitor and report on every change in your network, which can detect sneaky cybersecurity activity. And if you’re in a regulated industry such as healthcare, retail, or financial services, this change management feature is critical for compliance!
As the raw security events come into our sim, we enhance them with additional information such as geolocation data (which is a fancy term for tracking the city, state, country, and even the office where your traffic is coming and going). Then we automatically compare all the events against our global threat database that we maintain using multiple threat feeds. Now the powerful analytics engine of our sim starts correlating and analyzing the events from all your devices to look for anything suspicious. We track user activity, count certain events over time, watch traffic patterns for things like unusual file downloads, and look for literally hundreds of other things. This advanced behavior analysis is extremely effective at detecting known, and unknown, cybersecurity threats as well as suspicious anomalies. When any high severity issue is found, a notification is immediately sent to the support team via email or direct API into the ticketing system. We even include special text called remediation guidance that tells the support team what they can do to fix the issue. The support team gets instant notification of a problem and the information they need to quickly respond and fix it.
What about all the issues and suspicious activity that don’t generate an automatic notification? Well that’s where our security operations center comes in! Every day, 7 days a week, 365 days a year, our SOC team reviews reports, dashboards, and trend data for all your events. These daily reviews look for hidden threats and other information that a fully automated system just can’t detect. And if you’re in a regulated industry, chances are these daily human reviews are required for regulatory compliance. Good thing we include them, huh? Our service also includes a ton of reports that can be delivered to you whenever you like. In fact, we have over 2,200 reports that we can customize and bundle together into a single PDF document! Plus, we provide a monthly summary report like this one… it’s written in plain english so you can quickly see what happened, and what we did, over the past month.
Want summary charts and dashboards? Yah, we got those too! We include a web portal with dashboards that summarize all your information in one place. You can use our default dashboards, or even create your own! As you can see, our service is very comprehensive and very effective at detecting cybersecurity threats. But you may be asking, “so what and who cares… what does all this mean for my business?” Well, let’s go through some examples of how our service addresses real-world issues you’re probably facing today.
For the first example, let’s say one of your employees logs in remotely from your office in China……. Wait, you don’t have an office in China! Because we know where all your devices are, where your traffic is going, and which locations are acceptable, we can quickly distinguish expected behavior from a potential threat and alert the support team immediately. For another user example, we automatically detect when a user logs in from 2 different devices or locations at the same time. This can indicate the use of shared accounts, which is never a good idea. Or worse, it could mean one of your employee’s password has been stolen! Another great example is if one of your PCs tries to contact a server that’s in our global threat database. This should never happen, ever… so a notification gets generated immediately. How about if someone on the support team changes the configuration of your firewall without authorization? Yep, our configuration management feature automatically detects this, and we even tell you what got changed!
Our behavior based analytics understand what is normal for your environment. So if an unusually large amount of data is transferred, or if a file download happens in the middle of the night, we know about it. More importantly, so will you! Our system also understands what each device on your network should be doing, and uses that for context. Let’s say a server is sending out a couple hundred emails per hour or per day. Well, if it’s your email server, it’s supposed to send out emails! But if it’s your database server, it’s probably been compromised! Our system automatically understands the difference between an email server and a database server, which helps determine what is normal behavior, and what’s not. This is important because you want to be notified of real cybersecurity threats, not overwhelmed with alerts when there’s nothing actually wrong. And all of this – even monitoring every critical device you have – is still less than what you would pay another Managed Security Service Provider to monitor a single firewall and IDS unit… and they don’t even protect your entire network!
To recap, our cybersecurity solution provides comprehensive monitoring for all your critical devices, not just your firewall. You get advanced analytics and correlation to detect threats and generate automated notifications 24 hours a day, 365 days a year. You have a full soc team with security analysts reviewing your security data daily to catch hidden threats and meet compliance requirements.
You also get a solution that’s completely integrated with your current IT support. All in a package that’s extremely cost effective, and probably less than what you’re paying for security monitoring today. To learn more about our solution, or cybersecurity topics in general, please visit our website or contact us today!