Security Operations Center
Security-as-a-service involves organizations leveraging third-party consultants and managed security service providers (MSSPs) to monitor the security of their infrastructure. Whether it is the need for log management, threat detection, SIEM-as-a-service, or compliance, many are choosing to outsource this service versus building the capability internally. Cost savings and overcoming staffing and skills gaps are motivating factors for outsourcing day-to-day security functions.
MANAGED SIEM – LOG MANAGEMENT
AND OPERATION INTELLIGENCE
X10 Networks is a security-as-a-service provider leveraging the power of award-winning AlienVault Unified Security Management™ (USM™) platform for security monitoring (asset discovery, vulnerability assessment, intrusion detection, behavioural monitoring, and SIEM log management and correlation.). The all-in-one AlienVault USM platform delivers essential security controls and seamlessly integrates real-time threat intelligence from AlienVault Open Threat Exchange™ and the AlienVault Labs team to quickly identify threats affecting your network and prioritize actionable response, within minutes of deployment.
TOP 5 REASONS TO CHOOSE A CERTIFIED ALIENVAULT MSSP FOR SECURITY-AS-A-SERVICE
- Are you considering deploying a SIEM?
- Do you already have a SIEM in place, but you are finding it difficult to get useful, actionable data out of it?
- Are you resource or time-constrained?
- Need to fill a skills gap on your security team?
- Are you struggling to find (or afford) IT professionals with security incident response expertise?
Security-as-a-service from X10 Networks, a certified AlienVault MSSP service offering includes:
- Vulnerability Assessment and Remediation
- Threat and Malware Detection Log Management
- Monitoring and Archiving
- Managed SIEM
- Compliance Monitoring
- Log Correlation
- Threat Hunting
For additional information, download our X10 AlienVault.4P brochure here.
Firewall Management – Firewall policy administration, management and troubleshooting
Whether it be hardware devices, a virtual platform, or a cloud firewall. Our 24/7 operations monitor device states and alerts in real-time and will record the event by creating an incident. Our monitoring tools provide a real-time view and reporting of the device state. Our technical team not only keeps track of your up-time and down-time but also validates and determines the causes of the issue for each event. We are continuously monitoring system resources and the performance of systems and networking devices.
X10 Networks specializes in providing Managed Firewall Services leveraging over a decade of experience in managing security policies and operations across various technology platforms.
Today, we help companies of all sizes successfully leverage their technology investments.
Our Network and Security Operations Center support team provide turn-key operations and 7×24 monitoring and notification services. X10 Networks understands the importance of specific and critical devices to be monitored in order to reduce the risk of non-compliance and increase corporate security posture.
X10 Networks will ensure that the proper elements and commitments are in place to provide consistent IT service support and delivery to hour organization. X10 Networks will act as a primary support contact and will troubleshoot and provide resolution to production and non-production systems. X10 Networks’ designated resources will also be tasked with preventative work in order to reduce incidents as much as possible.
Our managed firewall services include:
X10 Networks will work to define a set of operational procedures and will execute the tasks as per defined schedule. We will proactively monitor systems and applications to prevent any identified issues that will have an impact on your company’s day to day operations.
- 24/7 monitoring of all devices in scope
- 24/7 health monitoring (CPU/Memory/Utilization)
- Health checks and capacity trending advisory
- Scheduled traffic stats/trend reporting
Analysis and Response
X10 Networks will work with internal resources and external vendors to address any specific system/network/application issues that pertain to production and non-production environments.
- 24/7 monitoring of all devices in scope
- Examples of troubleshooting
- Analysis and response to firewall security and health events
- Response to tickets and incidents
- Device troubleshooting
- 24/7 alerting and notification of all performance and availability related issues
X10 Networks will assist with system/device updates and patching of production and non-production firewall devices.
Regular schedule will be determined based on existing requirements and policies in place. If not in place, X10 Networks will prepare a schedule that may include after business hour tasks (automated and/or manual, scheduled and/or on demand).
Note: Updates and patching may require outages. Details of the outage will be communicated with business and get prior approval.
- 24/7 monitoring of all devices in scope
- Upgrades and patch management
- Signature updated
- Device patching/fixes
- Major upgrades
- Maintenance, backup and recovery
- Tuning and configuration management/co-management
- Rule/Security policy changes
- Configuration backup and restore
- Log exports
- Firewall services (WildFire, URL Filtering, App-ID, etc.)
IT Asset Lifecycle Management
X10 Networks will work to define a set of operational procedures and will execute the tasks as per defined schedule to perform the following tasks:
- 24/7 monitoring of all devices in scope
- Track hardware and software licensing and support
- Assist in annual budget OPEX planning
- Management of all supported hardware ensuring optimum performance
- Tracking of warranty status, patches and remediate potential issue before it happens
- Providing proactive and reactive repair and upgrade on a supported device
X10 Networks provides a 7/24 help-desk operation and monitoring service. The service is fully managed and hosted by X10 Networks. Our agents cover a full 7/24 shift with an additional fail-over option to a call-center. This ensures highly available customer support operations.
X10 Networks will provide scheduled reports as requested and agreed during the on-boarding process.
The overall objective of the engagement is to test, investigate, analyze, and report on the level of risk associated with any security vulnerabilities discovered during the assessment. The goal is to provide your organization with appropriate mitigation strategies to address those discovered vulnerabilities. The Risk-Based Security Vulnerability Assessment methodology has been designed to comprehensively identify, classify and analyze known vulnerabilities in order to recommend the right mitigation actions to resolve the security vulnerabilities discovered.
As a part of this engagement, X10 Networks will deliver on the following services:
This step aims to identify and classify all assets that form the environment under review, including network devices, applications, servers, networks, external entities, etc. The objective is to enumerate each asset to ensure all assets are properly accounted for and, where possible, risk-rank assets to enable evaluation of risks based on asset rankings in subsequent phases.
Threat and Vulnerability Assessment
This step utilizes common approaches, including internal and external penetration testing, as well as policy, governance and operational reviews to evaluate potential weaknesses at the technical and operational layers, and maps these weaknesses to known threats utilizing a threat model suitable to the organization’s industry and size.
During this step, the weaknesses and threats identified in the prior step are evaluated in the context of the organization-specific considerations, resulting in a prioritized list of issues and recommendations to address, as well as an overall cybersecurity scorecard for organizational management to measure progress on a year to year basis.
As a final step, the prioritized list of risks identified in the prior step is utilized to generate a cybersecurity improvement roadmap. This roadmap will consist of prioritized, practical recommendations to address technical weaknesses and/or improve operational practices.
Internal and External Penetration Testing
The following section provides a detailed description of X10’s network penetration testing methodology:
Discovery / Footprint Analysis
A profile or “footprint” of external holdings is developed based on computer addresses and other public information associated with the firm. X10 will identify active and inactive blocks by checking them against public Autonomous System mappings. This initial “footprint” details the ranges used in routing tables and helps us to outline an inventory of Internet-connected hosts. This enables a sound methodology when performing deeper reconnaissance efforts later.
Enumeration: Identification of Live Hosts
The next step is to conduct host enumeration against in-scope network blocks or systems to identify specific live hosts and services. This would begin with a ping sweep (send ICMP probe requests) across the network followed by a scan of 5-7 common web service ports, such as 25, 80, 443 and others. A small subset of UDP ports will also be included in the live host scanning. These efforts will be accomplished using a port scanning and ping sweep with Nmap.
For those network blocks identified during the Discovery phase as not containing any live hosts, a ping sweep and a “light” port scan will be performed. If any live hosts are identified, they will be added to the list of live hosts for further testing.
“Light” scanning consists of a port scan of common services leveraging less-commonly filtered requests, such as SYN, ACK and RST, which will be used to detect additional responsive systems.
Full Port Scanning and Service Enumeration
At the end of this stage a list of live hosts and their IP addresses has been produced. Port scans of all 65,535 TCP ports and UDP ports 1-1024 will be performed on these hosts using the Nmap port scanner. All active services and ports on the live hosts will be documented during this process.
Enumeration involves active connections to the systems and direct queries. Some additional operations and techniques used include:
- DNS Zone Transfer – identifies additional target machines;
- Traceroute – identifies the “hops” between the target and destination.
- X10 will limit full host ports scanning to only those systems identified as listening and/or available in the IP address spaces provided. The following assumptions about this testing are made:
- X10 will leverage the service identification capabilities of the scanning tools in use.
- Techniques that may be leveraged in Firewall / IDS evasion will be applied in this effort to avoid detection and system level restrictions, examples include;
- Time-based scanning;
- Packet fragmentation;
- Decoy scanning (leveraged with permission and full knowledge).
For identified systems, X10 will provide a port to service level mappings for TCP and UDP as a component of reporting. As port-scanning results will be integral to identifying hosted applications, services indicative of applications will be catalogued and used to create an inventory of applications included in later assessment phases.
Using the information gathered during the testing (e.g., operating system versions, applications, and open services), the X10 team will perform research on the vulnerabilities that may affect the specific target systems. The team will then attempt to confirm if these vulnerabilities actually exist on the system.
Infrastructure Vulnerability Scanning
In addition to identifying vulnerabilities based on the previous phases’ information, the X10 team will programmatically scan the target systems using appropriate proprietary tools and techniques.
For those systems that appear to be inactive, or otherwise un-responsive to gratuitous requests, X10 will limit the scanning of those systems to just common service scanning. (i.e. ports 1 – 1096, 1433 MS SQL, 3389 Terminal Services).
Manual Vulnerability Identification
During the course of this engagement, all identified vulnerabilities will be verified and assessed as to the likelihood of exploitation. Due to the limitations of scanning tools, the team will use both automated and manual methods to confirm these vulnerabilities to the extent possible without exploitation.
False Positive Elimination
While commercial scanning tools provide a solid foundation for vulnerability detection, they have several limitations. Many of the tools generate inconclusive reports due to false positives, false negatives, and inherent ambiguity in automated scanning techniques. X10 carefully evaluates each tool’s results and, where possible, manually verifying the existence of difficult to detect vulnerabilities to ensure accurate reporting.
X10 will use such techniques, as it deems necessary to prove vulnerabilities exist; however, proof does not require the full execution of the vulnerability when X10 believes that a course of action progressing further may cause damage.
Discussions and Finding Verification
X10 will maintain daily contact with designated customer’s management and technical personnel. Should any critical vulnerability be discovered during our assessment, or system failure incurred as a result of assessment, pre-arranged emergency contacts will immediately be notified.
Following assessment completion, X10 will meet with the customer’s project management and designated SMEs to review findings and identify any immediate false positives, and/or identify indicators of a corrupted or otherwise flawed assessment.
GOVERNANCE AND COMPLIANCE
Security Governance / Operations Review
This phase will leverage information gathered initially to perform a detailed assessment against industry best practices, taking into account your considerations.
At a high-level, the security operations review consists of:
a. Review of documented policies and procedures:
- Security policies
- Security standards
- Operational security procedures
- Organizational charts
- Network architectural diagrams
- Asset inventories
- Risk registers
- Other relevant documentation
b. Analyze information gathered via interviews, including practices related to:
- Vulnerability Management
- Technology Supply Chain
- HR/Personnel Security
- Privileged access management
- Change Management
- Security Monitoring
- Incident response
c. Assess the current implementation of controls across all control categories of listed here:
- Asset Management
- Security Governance
- Awareness and Training
- Protective Technology
- Access Control
- Security Monitoring
- Response Planning
d. Using standard capability maturity model, assign existing security practices a maturity level ranging from 0 (Non-existing) to 5 (Optimized).
X10 Networks makes strategic investments with technology partners and continuously invests in internal training and adoption of new technology and practices. Our teams successfully service customers across various regions and industry verticals.