MENU

Cyber Defense (Intrusion Detection and Prevention)

Our range of tools assist you with monitoring your networks and systems for suspicious and malicious activities, as well as policy violations.

We also promote and support tools for continuous vulnerability monitoring. Continuous monitoring overlaps with your other security tools and provides insights across your operational security controls. It also improves threat awareness, and provides the foundation to correlate controls in a way that moves beyond defense of a single system.

The practice of continuous monitoring involves:

  • Identifying your infrastructure,
  • Keeping watch over it and the sensitive data it holds,
  • Knowing its vulnerabilities, and
  • Understanding the causal relationships between events and activities as they happen.

section icon security products Solutions + Partners

  • SSS Security Threat Automation and Response Service

    Security incident management is complex.

    Security incident management is complex. 

    It requires skills and capabilities that most organisations simply don't have. This, combined with the rate of change in organisations, and the demand for more effective and efficient security, is placing a significant strain on IT service providers.

    This complexity makes it easy to overlook the people and process sides of security.

    The key to fast and effective security operations is the need for consistent, evidenced-based decision making in cyber security incident management.

    If you want to know how STARS can help you, contact us on 04 917 6670 or email sales@sss.co.nz for a no-obligation chat or demo.

    STARS demo

    SSS STARS Managed Service 

    The SSS STARS Managed Service combines the skills and experience that comes from the SSS teams' 30+ years experience with the power of a leader in security orchestration, automation, and response.

    The outcome for your business is the power of automation against predefined good practice playbooks and leading integrations with major software vendors.

    We can help your staff become more efficient focusing on the important tasks they should be focusing on.

    SSS STARS

    Base Incident Management

    Our Base Incident Management is a fully managed service using a per month software and support.

    It includes access to:

    • the security incident management portal,
    • out of the box (or paid for) orchestrations, and
    • full service support.

    Additional support hours can be purchased to further augment your internal team, or to investigate additional incidents if required.

    Hours can be used to drive continuous improvement activities that result in lower cost or more effective security outcomes. 

    Service at a glance:

    • Underlying service leverages best of breed orchestration, automation, and response platform.
    • Competitive pricing with monthly payments and no minimum term commitment.
    • Modular and scalable - designed to augment existing teams, not replace them.
    • Client centric threat intelligence to support cyber context in decision making.
    • Extensive set of capabilities across cyber security operations.
    • Incident response services to support stretched resources.
    • Advanced event triage with automation and advanced orchestration.
    • Real-time metrics from across the platform, including return on investment across the automations and remediations.
    • Configurable dashboards to provide insights into what is happening.
    • Advanced case management to support consistent incident processes and data enrichment.
    • Single point of incident management across multiple platforms and teams.
    • Predefined toolsets and playbooks to help with rapid onboading of new staff.
    • Configurable levers for automation thresholds. 

    Samples of screenshots:

    STARS Screenshots2

    Playbook Management

    This includes the design, implementation, and ongoing management of client playbooks additional to those included in the Base Incident Management Service.

    The service will support client-only implementations and are sized based on complexity:

    • Low Complexity: Services that typically require out of the box integrations or processes that have < 3 process levels.
    • Medium Complexity: Services that typically require out of the box integrations or processes that have < 5 process levels.
    • High Complexity: Services that typically require custom integrations or processes that have > 5 process levels.

    Security Analyst Assistance

    The STARS service provides the mechanism for client security teams to provide efficient and effective remediation of security incidents. 

    Many clients don't have a dedicated security team, or are busy with new projects or business as usual activities. 

    From time to time companies may need additional help with their incident management or automations. We have options for 5, 10 and 15 hour bundles per month to be used for any STARS service.

    Specific Service Components

    Security Discovery

    The SSS STARS Managed Service can help you discover vulnerabilities and surface indicators of compromise for analysis. 

    Key Features:

    Security Discovery Key Features

    Threat Analysis

    We can help you validate impacts through the analysis of known threats

    Key Features:

    STARS Threat Analysis key features

    Automation and Orchestration

    Automated outcomes help you improve consistency and increase the efficiency of your teams.

    Key Features:

    Automation and Orchestration key features

    Incident Response

    The SSS STARS Managed Service provides and effective and efficient response to events and actions.

    Key Features:

    STARS Incident Response key features

    Security Remediation

    The SSS STARS Managed Service helps you remediate known threats using new or existing toolsets to improve mean time to remediate.

    Key Features:

    STARS Security Remediation key features

     

     

  • Swimlane

    Swimlane is a leader in security orchestration, automation, and response (SOAR).

    Swimlane is a leader in security orchestration, automation, and response (SOAR). They deliver scalable, innovative, and flexible solutions to organisations struggling with alert fatigue, vendor proliferation, and chronic staffing shortages. Swimlane can help automate and organise your security processes in repeatable ways to get the most out of your available resources.

    Swimlane demo button

    SSS is an approved reseller for the Swimlane solution. Our team are certified INSIDER SOAR engineers and we can help you design, implement, and manage your Swimlane services.

    Enhance security automation for security operations

    Swimlane executes security-related tasks at machine speeds during the incident response process - from detection and investigation to resolution - freeing your staff to focus on advanced threat defence.

    Swimlane automation

    • Leverage security automation throughout your entire incident response process
    • Proactive security monitoring and detection
    • Customise playbooks and workflows
    • Standardise incident response workflows and playbooks
    • Integrate via an API-first architecture
    • Scale security processes

    Consolidate and contextualise incident data

    Speed up investigations with enriched data and facilitate process compliance and rapid response, making it easier to close more security alerts in less time.

    Swimlane incident data image

    • Analyse and enrich incident data in real time with case management
    • Enforce process standardisation and compliance
    • Remediate security alerts at machine speeds
    • Robust reporting and analytics
    • Centralised and interactive case management
    • Adaptation to any use case
    • Defined, repeatable IR processes

    Initiate actions on third-party systems

    Integrate your entire arsenal of security tools with your existing people and processes for faster, more effective incident response.

    Swimlane third party integration image

    • Centralise all relevant security event data
    • Present consolidated incident response context
    • Initiate actions on third-party systems
    • Comprehensive alert context
    • Optimised security processes
    • Consistent playbooks and workflows
    • Integrated security tools
    • Adaptive security operations
    • Automated incident response

    Learn more about Swimlane

  • AlienVault ®

    AlienVault® offers you a new approach to today's evolving security challenge.

    Unified Security for Threat Detection, Incident Response, and Compliance

    AlienVault® offers you a new approach to today's evolving security challenge. 

    AlienVault® Unified Security Management® (USM) delivers built-in intrusion detection systems as part of an all-in-one unified security management console.

    It includes:

    • built-in host intrusion detection (HIDS),
    • network intrusion detection (NIDS), and
    • cloud intrusion detection for public cloud environments including AWS and Microsoft Azure. This enables you to detect threats as they emerge in your critical cloud and on-premises infrastructure.

    AlienVault USM Screenshot

    Click here for the AlienVault USM overview

    Detect threats as they emerge

    To ensure that you are always equipped to detect the latest emerging threats, the AlienVault® Labs Security Research Team delivers continuous threat intelligence updates directly to the USM platform.  Over 19 million threat indicators are contributed daily.

    AlienVault - over 19 million threat indicators contributed daily

    Expert threat intelligence updated every 30 minutes and analysed

    Expert threat intelligence is updated every 30 minutes and analysed.  This threat data is backed by the AlienVault Open Threat Exchange® (OTX™) - the world’s first open threat intelligence community made up of more than 80,000 participants from more than 140 countries.

    AlienVault world map

    AlienVault® enables you to be more effective in your vulnerability management processes

    • Leverage intrusion detection for any environment with built-in cloud IDS, network IDS, and host-based IDS (including File Integrity Monitoring (FIM)).
    • Use the Kill Chain Taxonomy to quickly assess threat intent and strategy.
    • Make informed decisions with contextual data about attacks, including a description of the threat, its method and strategy, and recommendations on response.
    • Use automatic notifications so you can be informed of key threats as they happen.
    • Work more efficiently with powerful analytics that uncover threat and vulnerability details in an all-in-one console.

    What do you get?

    • Asset discovery and inventory
    • Vulnerability assessment
    • Intrusion detection
    • Endpoint detection and response
    • SIEM and Log Management
    • Behavioural Monitoring
    AlienVault online demo button

     

  • Darktrace Self-Learning Cyber Defense

    Darktrace deals with breach identification, breach remediation and insider threats by automatically alerting you to anomalies within your environment and allowing you to play events back through a threat visualiser.

    Darktrace deals with breach identification, breach remediation and insider threats by automatically alerting you to anomalies within your environment and allowing you to play events back through a threat visualiser.

    Identifying a breach can take a very long time - one study measured this as an average of 146 days! Once identified you then have the additional time needed to discover what the attacker/insider has compromised and what damage has been done. Often attackers will move through an environment to give themselves multiple areas for re-entry in case of a detection and to get access to more data/accounts.

    It’s often very difficult to cut through the noise that event management and SIEM technologies create to get the information you need.

    Darktrace automates breach identification and remediation through network and machine learning. The tool discovers what normal user and machine behaviour looks like and then alerts your team (or the SSS team) to any anomalies within your environment. In addition it will allow your team (or ours) to play the event back through a visualiser that shows the threat through a 3D interface of your network topology.

     

    Below is a summary of the six core elements of the Darktrace solution set:

     

    1.DarkTrace Core:

    Physical Appliance similar to a SIEM or TRIM solution but it is cutting a lot of the ‘noise’ down that Customers have to pay attention to.

    Darktrace (Core) is the Enterprise Immune System’s flagship threat detection and defense capability, based on unsupervised machine learning and probabilistic mathematics.

    Powered by advanced machine learning, together with a new branch of Bayesian probability theory, developed by mathematicians from the University of Cambridge, Darktrace is the only genuinely self-learning cyber defense technology proved to work at scale. It is capable of detecting cyber-threats and anomalous behaviors that bypass traditional security tools, without prior knowledge of specific threats, or using rules or signatures.

    Darktrace works by analyzing raw network data, creating unique behavioral models for every user and device, and for the relationships between them.

    Benefits

        Adaptive – evolves with your organization

        Self-learning – constantly refines its understanding of normal

        Probabilistic – works out likelihood of serious threat

        Real-time – spots threats as they emerge

        Works from day one – delivers instant value

        Low false positives – correlation of weak indicators

        Data agnostic – ingests all data sources

        Highly accurate – models human, device and enterprise behaviour

        Installs in 1 hour – no configuration

     

    2. Darktrace Threat Visualizer

    The Threat Visualizer is Darktrace’s real-time, 3D threat notification interface. As well as displaying threat alerts, the Threat Visualizer provides a graphical overview of the day-to-day activity of your network(s), which is easy to use, and accessible for both security specialists and business executives.

    Using cutting-edge visualisation techniques, the Threat Visualizer user interface automatically alerts analysts to significant incidents and threats within their environments, enabling analysts to proactively investigate specific areas of the infrastructure.

    Benefits

        3D visualisation of entire network topology

        Real-time global overview of enterprise threat level

        Intelligently clusters anomalies

        Pan-spectrum viewing – higher-order network topology; specific clusters, subnets, and host events

        Searchable logs and events

        Replay of historical data

        Concise summary of overall behaviour for device and external IPs

        Designed for business executives and security analysts

     

    3.DarkTrace ICS

    Industrial Control Systems & SCADA

    Darktrace ICS, also known as the Industrial Immune System, is a fundamental innovation that implements a real-time ‘immune system’ for operational technologies, such as SCADA, and enables a fundamental shift in the approach to cyber defense.

    Darktrace ICS retains all of the capabilities of Darktrace in the corporate environment, creating unique, behavioural understanding of the ‘self’ for each user and device within the network, and detecting threats that cannot be defined in advance by identifying even subtle shifts in expected behaviour. 

    Benefits

        Unprecedented visibility into ICS activity

        Protects against insider threat, including operators and privileged users

        Detects threats in real time

        Coverage of both IT and OT environments

        Correlates actions over time, for refined understanding of ‘normal’

     

    4. Darktrace Antigena -  This is their remediation and protection module.

    The machine fights back

    When the human immune system is faced with a new threat, not only can it detect it, but it produces antibodies that bind to it, and ultimately neutralise it. Darktrace Antigena replicates this function of the human immune system, by creating ‘digital antibodies’ in response to in-progress threats.

    Antigena acts automatically to restrain or contain threats quickly enough to allow humans to catch up. It could only take 20 minutes for a major threat, such as a ransomware attack, to evolve into a crisis – Antigena’s automated action slows, or stops threats in a targeted fashion, to provide security teams with a vital time window in which to take mitigating action.

    Antigena’s response capability allows organisations to directly fight back, and networks to self-defend against specific threats, without disrupting your organisation.

    Darktrace Antigena modules are deployed as physical appliances, complementing the core Darktrace appliance. They can also interface with Software Defined Networks (SDNs) and Active Directory, and are fully configurable.

        Antigena Internet – Regulates user and machine access to the internet and beyond

        Antigena Network – Regulates machine and network connectivity and user access permissions

        Antigena Email – Regulates email, chat and other messaging protocols

     

    Benefits 

        Directly inoculates against a full range of threats

        Prevents, slows, or disrupts activity in real time

        Self-defends and self-improves

        Stops threats before they spread

     

    5. Darktrace Virtulization (vSensor  & OS-Sensor)

    Darktrace vSensors 

    Darktrace vSensors are lightweight software components that extend Darktrace’s visibility in virtualized environments. It provides the Enterprise Immune System with comprehensive visibility of today’s distributed infrastructures.

    vSensor software is installed as a ‘virtual appliance’ configured to receive a SPAN from the virtual network switch. This allows it to capture all inter-VM traffic, without a single packet being lost or dropped by the system. It stores the packet captures on a rolling basis, optimising the disk space and I/O performance and ensuring that there is minimal impact on the performance of the server. Only one vSensor needs to be installed on each hardware server, allowing for scalability.

     

    Darktrace OS-Sensors

    Darktrace OS-Sensors are lightweight, host-based server agents that extend Darktrace’s visibility into third-party cloud environments, including Amazon AWS, Rackspace, and Microsoft Azure.

    OS-Sensors intelligently extract single copies of network traffic for analysis by the master Darktrace appliance. They are easily installed onto virtual machines in the cloud and capable of dynamically configuring themselves to avoid data duplication and streamline bandwidth use. Working in conjunction with vSensors, data is aggregated and fed back to the master appliance, via a secure connection.

     

    Benefits

        Ingests virtual traffic from a limited set of IPs

        Sends data efficiently and securely to the Darktrace master appliance

        Sends approximately 1% of the original raw network data ingested to the master appliance

        Works with third-party clouds

     

    6. DarkTrace SaaS Connectors

    Extending self-learning detection to rich user data in SaaS platforms

    As organisations embrace cloud applications, significant blind spots have developed beyond the traditional enterprise network. Valuable enterprise data and rich user interactions within SaaS applications contain critical security insights, but are not always accessible to IT security teams.

    Darktrace SaaS Connectors provide coverage of these rich datasets, extending the power of Enterprise Immune System technology into previously-unseen areas of your infrastructure, including:

        User logins

        Data transfers

        Download data

        Software updates

     

    Benefits 

        Complete visibility of user interactions within SaaS applications

        Easy install — less than an hour

        Early-stage threat detection

  • Tripwire

    Breaches, exploits and cyber-attacks that prey on ambiguity, gaps and oversights put your sensitive data at risk.

    Breaches, exploits and cyber-attacks that prey on ambiguity, gaps and oversights put your sensitive data at risk. To protect it, you need control over security configurations and changes, and visibility into events of interest across physical, virtual and cloud-based IT infrastructures. Tripwire VIA gives you control of your IT infrastructures to protect your organization's critical data.

    Tripwire provides: