Security Monitoring

Security Monitoring with built-in essential security tools for complete security visibility that simplifies and accelerates threat detection, incident response, and compliance management. Our all-in-one platform includes all the essential security capabilities your business needs, managed from a single pane of glass, working together to provide the most complete view of your security posture.

SECURITY EVENT MANAGEMENT AND MONITORING

Monitoring all security events and staying on top of what’s important.

EVENT CORRELATION

Connect the dots. Linking every asset, vulnerability, intrusion, malicious action, and remediation info for every alarm.

SECURITY INTELLIGENCE

Context. A platform that ensures our security analysts have all of the puzzle pieces in one single view.
SIEM / Event correlation
Asset discovery and inventory
Vulnerability assessment
Intrusion detection
NetFlow monitoring
Actionable and relevant threat intelligence from one of the world’s leading threat research teams
Integrated global real-time view of emerging threats and bad actors
2,000+ Correlation Directives and growing every day
Always on guard with continuous real time updates including new correlation directives, threat signatures, and remediation management

Threat Management

Our platform coordinates threat detection, incident response and threat management with built-in security capabilities, integrated threat intelligence, and seamless workflow for rapid remediation. Consolidating threat detection capabilities like network IDS and host IDS with granular asset information, continuous vulnerability assessment, and behavioral monitoring provides a comprehensive view for timely and effective response.

Our incident response and threat management services ensure we can quickly:

Identify, isolate, and investigate indicators of compromise (IOCs) before damage can occur
Correlate security events with built-in vulnerability scan data and Threat Intelligence to prioritize response efforts
Gain essential insight into attackers’ intent as well as techniques
Respond to emerging threats through a detailed incident management approach
Validate that existing security controls are functioning as expected
Demonstrate to auditors and management that your incident response program is robust and reliable

Visualize and Map Threats

Intelligent Threat Management with Kill Chain TaxonomyOur rapid Incident Response capabilities mitigate the risks associated with unauthorized and unintended exposure of confidential data. Effective incident response requires successful threat management and prioritization.
Our platform uses a Kill Chain Taxonomy to make threat management and prioritization easy. The Kill Chain Taxonomy approach enables us to focus attention on the most important threats by breaking attacks out into five threat categories, from highest to lowest. This shows us attack intent and threat severity, and provides us with detailed contextual threat information to understand how an attacker is interacting with your network.
System Compromise – Behavior indicating a compromised system
Exploitation and Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system
Delivery and Attack – Behavior indicating an attempted delivery of an exploit
Reconnaissance and Probing – Behavior indicating a bad actor attempting to discover information about your network
Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications
Threat Detection
Global research team and crowd sourced threat intelligence identify new threats and vulnerabilities and updates our platform every 30 minutes so you don’t have to.
Intrusion Detection (IDS)
Identify threats targeting vulnerable systems with signature-based anomaly detection and protocol analysis technologies. Identify the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures.
Host Intrusion Detection (HIDS)
Analyze system behavior and configuration status to track user access and activity. Detect potential security exposures such as system compromise, modification of critical configuration files, common rootkits, and rogue processes.
Wireless Intrusion Detection (WIDS)
A cutting edge wireless network detector, sniffer, and intrusion detection system. Defend the airwaves by detecting, identifying and alerting nefarious wireless traffic. Use the WIDS to identify unauthorized Wireless Access Points (Rogue AP Detection).
Threat Analysis
Our integrated platform detects and analyzes threats and delivers essential security capabilities managed from a single console, providing a compressive view of your security posture.
Ransomware Detection
Ransomware presents a unique challenge in their ability to evade detection and execute their attack. Our platform delivers essential ransomware detection capabilities including enhanced network visibility, monitoring critical files and registry entries, and alerts on critical service status changes.
Advanced Persistent Threat Detection
We are armed with best-in-breed technologies to detect APTs at every stage of an attack. Our intuitive platform, provides the security capabilities needed to minimize damage to your environment.
Insider Threat Detection
Insider threat detection can be challenging because it often spans across a multitude of systems. We use behavioral monitoring, privilege escalation detection, and event correlation to detect and minimize threats from within.

Network Security

An all-in-one platform and managed security service for complete network security monitoring and intrusion detection.
Know exactly what’s connected to your network
Identify vulnerable systems
Detect threats and activity with known malicious hosts
Baseline network behavior and spot suspicious activity
Investigate incidents with automatically correlated data
Step-by-step incident management and expert advice on what to do next

ASSET DISCOVERY AND INVENTORY

In order to secure your network, first we need to know what to protect. We’ll discover, inventory, and start monitoring your network in minutes.Built-in asset discovery tools:
Determine what’s on your network at any given time
Know when new servers and endpoints are attached
Understand how your devices are configured
Correlate asset info with threat and vulnerability data
Accelerate investigations of impacted assets

BEHAVIORAL MONITORING

Preventative security measures are often unsuccessful, with new polymorphic malware, and zero day exploits. Context is critical so our tools do a deep dive and continuously gather data to help us understand “normal” system and network activity.Behavioral monitoring capabilities provide the following core functionality:
Service and Infrastructure Monitoring
NetFlow Analysis
Network Protocol Analysis / Packet Capture

CONTINUOUS SECURITY MONITORING

As threats continue to evolve and increase in volume and frequency, static information security monitoring is no longer effective. Continuous security monitoring that provides a comprehensive view of your IT environment and security posture.

ASSET MANAGEMENT AND INVENTORY

Within minutes of installation we’ll discover all the IP-enabled devices on your network, what software is installed on them, how they’re configured, any potential vulnerabilities and active threats being executed against them.

Compliance

Our platform is designed to facilitate compliance with many common regulatory compliance requirements including PCI, HIPAA, ISO 27002, NERC CIP, and GLBA.

Our platform capabilities and services include asset discovery, vulnerability assessment, intrusion detection, service availability monitoring, log management, and file integrity monitoring (FIM), that enable us to:

Quickly identify and resolve compliance issues
Provide flexible reporting and detailed executive dashboards
Quickly and automatically discover and scan assets
Stay on top of threats with host and network IDS for continuous threat detection
Demonstrate compliance with real-time security control evaluation
PCI DSS Compliance Management
Managing and demonstrating compliance can be daunting. Our platform and services facilitate compliance with some of the most challenging technical requirements including:
  • SIEM
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Intrusion Detection
  • Track System Access by User
  • Logging
  • Secure Log Retention
  • File Integrity Monitoring (FIM)
  • Network Scanning and Segmentation
HIPAA Compliance
Accelerate and simplify HIPAA compliance management with our unified tools and services, delivers a more comprehensive solution that costs less and delivers results in significantly less time.We provide the functionality you need to measure HIPAA compliance, in a single platform:
  • Discover all IP-enabled assets, including OS details
  • Identify vulnerabilities like unpatched software or insecure configurations
  • Correlate security events automatically with over 2,500 predefined correlation directives
  • Detect threats already in your network, like botnets, trojans and rootkits
  • Understand the objectives of threats targeting your network
  • Speed incident response with remediation guidance and incident management
  • Monitor and report on security controls required for HIPAA compliance
ISO 27002 Compliance
Our platform simplifies and automates information security compliance to meet your ISO/IEC 27002 compliance requirements. The integrated essential security controls and SIEM ensure disparate events from multiple data sources are empowered to identify threats.
NERC CIP Compliance
Providing comprehensive cybersecurity visibility for NERC CIP v5.Our managed security services address NERC CIP security requirements, including:
  • Risk-based assessment
  • Security management
  • Perimeter and physical security
  • Remote access
  • Incident response and investigation
  • Configuration change management
  • Vulnerability assessment
  • Information protection
GLBA Compliance
Unify your defenses and simplify GLBA compliance.Meet your GLBA information security program requirements:
  • Ensure the security and confidentiality of customer information
  • Protect against any anticipated threats or hazards to the security or integrity of such information
  • Protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer

Vulnerability Management

Our platform provides complete security visibility with built-in vulnerability management software.
Includes network intrusion detection (NIDS) and host-based intrusion detection (HIDS)
Combines asset discovery, vulnerability assessment, intrusion detection, NetFlow analysis, SIEM, and integrated threat intelligence in one console
Stays current with continuous threat intelligence updates including new correlation directives, attack signatures, report templates, and more
Offers full threat context and incident management in the event of an attack
Rapid installation both on-premise and in the cloud
Actionable, community-powered threat data from OTX, the world’s first truly open threat intelligence community

VULNERABILITY ASSESSMENT AND REMEDIATION

TrustNet’s managed security services platform includes built-in functionality to continuously identify insecure configurations, unpatched and unsupported software.
Understand your network before scanning
On-demand and scheduled scanning and reporting
Vulnerability scanning with actionable information
Context for security incident response
U

VULNERABILITY SCANNING

A simplified, more manageable network vulnerability scannerStay ahead of attackers with these advanced features:
Simple configuration and scheduling of network vulnerability scans
Intuitive dashboard and reporting interface
Regular updates to vulnerability related threat intelligence

Log Management

Consistent log analysis and log management helps detect evidence of an attack in the logs of network devices, servers, and applications. Our platform aggregates and manages log data from built-in detection capabilities and from logs produced by other devices in your environment. We automatically execute advanced analysis, producing normalized events and correlating them to produce actionable intelligence, alerting us to any threats facing your environment.

We provide all of the features and functionality you expect from security log analysis and management including:

h

Event Correlation with Regularly Updated Threat Intelligence

Integrated SIEM functionality automatically correlates log data from different data sources
Regular updates to threat intelligence automatically spots the latest threats

Log Analysis Simplified with Intuitive UI and Open Plugin Architecture

Advanced filter and search features enable fast, accurate forensic threat analysis
Over 200 plugins included to parse logs from the most common data sources, with the ability to customize and/or create unique plugins if needed

Multifunctional Security Log Management and Reporting

Granular visibility into raw logs with query-based search functionality; simplifies forensic analysis compliance audits
Digitally signed and hashed logs protect file integrity; identifies attempted tampering
Robust reporting engine with ability to customize and easily schedule reports

Cloud

TrustNet’s AWS managed security services offers a scalable, centrally managed collection of essential security capabilities purpose-built to identify suspicious or malicious behavior in your AWS environment.
API-powered Asset Discovery
Vulnerability Assessment
  • AWS infrastructure assessment
  • Authenticated vulnerability assessment
Intrusion Detection
Behavioral Monitoring
  • Log management (elastically scalable and searchable) including S3 and ELB access log monitoring and alerting
SIEM
  • CloudTrail monitoring and alerting
  • Event correlation