• Information Technologies

    SECURITY & MONITORING

Discover Cyber Diligence’s Services

Give us a call to discuss your needs.

IT Security Monitoring Services

We utilize every major computer forensic tool in our unique high-tech lab.

SERVICE DESCRIPTION

We provide outsourced IT Security Services to organizations of all sizes. Our approach is unique and innovative in the field. We utilize a combination of detection, monitoring, training and incident response services, which provides effective countermeasures against all levels of cyber threats, be they internal or external. This service is typically offered after a security assessment to ensure the network is secured and that security is maintained. The average detection period for an intrusion is approximately one year, according to the latest statistics. Oftentimes, the intrusion is not detected at all. Evidently, this service cannot be a one-size-fits-all approach. Depending upon the needs of the organization and the threat levels it faces, we design an appropriate level of services to mitigate internal and external threats.

Serviced By
Cyber Diligence
Services
  • Detection
  • Monitoring
  • Incident Response
CYBER DILIGENCE

IT Security Monitoring Services

A typical engagement will involve the placement of two servers at the client data center along with an Ethernet tap at the organization's Internet gateway.

This fully-equipped server is capable of responding to suspicious incidents and detecting network anomalies. With this server, we can forensically image computers, conduct scans, and find vulnerabilities on all computers that are located on the network. This capability also eases the process of conducting incident response assessments.

This server is typically equipped with:

  • Vulnerability Scanning Software: this software is used to scan all client servers and workstations to ensure they are all patched up and are not subject to known exploits.
  • Intrusion Detection Software: this software alerts us to all changes to the system state of the servers or workstations on the network.
  • Enterprise-Class Forensic Software: this software is capable of forensically examining and imaging any workstation or server on the client network.
  • Enterprise-Class Incident Response Software: this software is capable of responding to suspected incidents and is able to examine servers and computers remotely over the network wire. Through the use of this software the investigator can quickly enumerate all open ports, running services, and established connections of the target computer. This software also captures and analyzes the contents of the RAM to determine whether the server/computer was the subject of a successful cyber-attack.
  • Enterprise-Class Workstation Monitoring Software: in the case of suspected employee misconduct, this software is capable of covertly inserting a monitoring agent into the suspect computer over the network wire. The software can be configured to capture and record any and all activities taking place on the suspect workstation.
  • Full set of computer forensics and incident response tools.

This server is a custom Cyber Diligence propriety appliance. It collects all Internet traffic, converts collected packets to native format documents, and stores them in a database with full content. It functions as a video recorder for network traffic. All Internet traffic is saved for review by analysts in order to detect anomalies or investigate past suspected events.

This server is typically equipped with:

  • 1 Gigabit Ethernet tap
  • Cyber Diligence proprietary Internet traffic intercept and analysis software
  • Internet monitoring software
  • Raw PCAP collector

Once the two servers are installed at the client's data center, Cyber Diligence investigators log in daily to perform checks on the network for unusual events and system changes, and to scan computers for newly discovered vulnerabilities, etc.