Your risk of a cyber security breach is increasing every year and when it happens, it can cost A LOT!
Did you know that:
32% of UK businesses were targeted by cyber criminals in 2023, up from 25% in 2019.*
The average cost of a data breach in the UK to a small business can be around £25,700.**
*According to Cost of a Data Breach Report 2023 by IBM.
**According to The cost of business cybercrime in 2023 Beaming.co.uk.
But you may be relying on old school technologies to protect you. Building out a fully staffed security operations centre is way too expensive for most organisations. Yet other managed security service providers are super expensive, and only cover a few edge security devices, which isn’t enough.
And beyond that, compliance requirements are getting tougher for nearly every industry!
What We Are Providing
To help our customers address all those challenges, we decided to create a comprehensive cyber security solution. Our offering provides cyber security monitoring for all your critical devices, not just your firewall.
We use advanced analytics and correlation to detect threats and generate automated notifications 24 hours a day, 365 days a year. We also have real life security analysts reviewing your security data every day for human oversight and compliance.
And our solution is completely integrated with the IT support you have today. And best of all, because we’re leveraging modern machine learning technology and automation, our solution is extremely cost effective.
In fact, we can monitor all your entire network for less cost than what you could pay one of those other MSPs to manage a single firewall and IDS unit.
In short, our solution bridges what we like to call the “cyber security gulf” … too many threats and compliance requirements, but not nearly enough time, people, or money.
How It Works
So how does this service work so well at detecting cyber security threats and meeting compliance requirements, all while being extremely cost effective?
We start by putting a special virtual server on your network called a collector. The collector then connects to all your critical devices to gather information like manufacturer, model, and each device’s configuration.
Then, we start collecting all the security logs in real time from every device. All of this data is compressed and fully encrypted by the collector before sending to our cloud based SIEM (Security Information and Event Management).
Here’s an example of some of the device information we collect and store in our SIEM.
We know all about the device, even what applications are installed and what Windows services are running on a server. Knowing about all your critical devices, what each does, and how it’s configured is incredibly important for accurate correlation and analysis.
We also use this information to automatically track configuration changes. The intelligence we collect allows us to monitor and report on every change in your network, which can detect sneaky cybersecurity activity. And if you’re in a regulated industry such as legal, insurance, estate agents or education, this change management feature is critical for compliance!
Let’s Get Nerdy About SIEM
As the raw security events come into our SIEM, we enhance them with additional information such as geolocation data (which is a fancy term for tracking the city/town, country, and even the office where your traffic is coming and going).
Then, we automatically compare all the events against our global threat database that we maintain using multiple threat feeds. Now the powerful analytics engine of our SIEM starts correlating and analysing the events from all your devices to look for anything suspicious.
We track user activity, count certain events over time, watch traffic patterns for things like unusual file downloads, and look for literally hundreds of other things. This advanced behaviour analysis is extremely effective at detecting known, and unknown, cyber security threats as well as suspicious anomalies.
When any high severity issue is found, a notification is immediately sent to our support team via email.
The Security Operations Centre (SOC)
What about all the issues and suspicious activity that don’t generate a notification?
Well, that’s where our security operations centre (SOC) comes in! Every day, 7 days a week, 365 days a year, our SOC team reviews reports, dashboards, and trend data for all your events.
These daily reviews look for hidden threats and other information that a fully automated system just can’t detect. And if you’re in a regulated industry, chances are these daily human reviews are required for regulatory compliance.
Our service also includes a wealth of reports that can be delivered to you whenever you like. In fact, we have over 2,000+ reports that we can customise and bundle together into a single PDF document.
Plus, we provide a monthly summary report written in plain English so you can quickly see what happened, and what we did, over the past month.
As you can see, our service is very comprehensive and very effective at detecting cyber security threats.
Why Should I, An SME, Care?
But you may be asking, “so what and who cares… what does all this mean for my business?”
Well, let’s go through some examples of how our service addresses real-world issues you’re probably facing today.
For the first example, let’s say one of your employees logs in remotely from your office in China.
Wait, you don’t have an office in China!
Because we know where all your devices are, where your traffic is going, and which locations are acceptable, we can quickly distinguish expected behaviour from a potential threat and alert the support team immediately.
For another user example, we automatically detect when a user logs in from 2 different devices or locations at the same time.
This can indicate the use of shared accounts, which is never a good idea. Or worse, it could mean one of your employee’s passwords has been stolen.
Another great example is if one of your PCs tries to contact a server that’s in our global threat database. This should of course never happen, so a notification to our support team gets generated immediately.
How about if someone on the support team changes the configuration of your firewall without authorisation?
Our configuration management feature automatically detects this as well, and we even tell you what got changed.
Our behaviour based analytics understands what is normal for your environment. So, if an unusually large amount of data is transferred, or if a file download happens in the middle of the night, we know about it. More importantly, so will you.
Wrapping Up
- Our cyber security solution provides comprehensive monitoring for all your critical devices, not just your firewall.
- You get advanced analytics and correlation to detect threats and generate automated notifications 24 hours a day, 365 days a year.
- You have a full SOC team with security analysts reviewing your security data daily to catch hidden threats and meet compliance requirements.
- You also get a solution that’s completely integrated with your current IT support.
- All in a package that’s extremely cost effective, and probably less than what you’re paying for security monitoring today.
To learn more about our solution, or cyber security topics in general, please visit our website or contact us today.
