Digital Shield is a cloud-based Security and Compliance Monitoring Service that combines Technology, People and Process to deliver Enterprise-Class security and compliance services to customers for one low monthly subscription fee.
Think of Digital Shield as your very own full service Cyber defence system. We monitor your computer and network devices so you can focus on delivering your products and services to your customers.
7×24 network monitoring
Remediation for any malicious activity
Integrated incident management workflow
Reports required for compliance purposes
Low monthly cost
Security analysts based in the Digital Shield Security Operation Centres analyse security incident and event information to identify threats and potential compromises. They investigate incident cases which are trigged by the SIEM technology and enrich incident information with 3rd Party Threat Intelligence data to further improve the identification accuracy of potential cyber-security risks and compromise within the end-customer environment.
The Digital Shield Service utilises patented technology to collect and analyse log data that is generated from devices within customer’s IT infrastructure.
In most cases, log collection requires no installation of hardware, virtual servers, or agents on an end customer’s premises. The collector software is downloaded and installed on a Windows server or workstation and then configured to collect and/or receive log data from devices within the end-customers network. The log data is encrypted and compressed before being send via the Internet to the Security Operations Centre (SOC). Other log collection methods can be deployed as specifically required by the end-customer.
Upon receipt of the end-customers log data at the Digital Shield SOC, the raw log files are encrypted using aMD5 hash and stored for 12 months, as standard. Longer periods of storageare available. These log files can beused as ‘Chain of custody’ if required.
A copy of each log file is then forwarded to the SIEM analytics engine where it goes through a process ofaggregation and de-duplication before being normalised using a categorisation process that automates andaccelerates the analysis of the data. Log data is processed at 100 million checks per second per analyticsengine.
Having aggregated and normalised the log files, they are then forwarded to Digital Shield’s correlation engines where the data is run against a number of pre-defined rules, or sometimes bespoke rules, to begin to automatically identify patterns of malicious activity and known indicators of compromise. The data is processed using a range of correlation techniques that, can include; Rules Based Correlation, Vulnerability Correlation, Historical Correlation, Statistical Correlation and Threat Intelligence Correlation. In addition to data being processed in real-time in the correlation engines, data is written to the database.
When the processed data meets the conditions identified in the rule sets, an incident is triggered and posted inthe Incident Response Module of the SIEM platform. Incidents are tagged by severity that can betied into customer SLAs. Incidents can be viewed in the Digital Shield Portal as well as being forwarded to 3rd Party trouble ticket systems.
Incident cases are created by robust rulesets which trigger on correlations of well-defined Indicators of Compromise (IOC). The cases generated include a description of the security threat along with all the supporting evidence pulled from raw message logs and supporting correlated events.
Using a combination of industry recognised Incident Management work-flow processes based on NIST, MITRE, and SANS best practice, analysts investigate the Incident Cases which are automatically generated by the SIEM product. Specific information is identified by analysts and documented within the case notes as well as detailed, step-by-step, procedures that need to be followed to remediate the security incident. Each incident is then prioritized/scored based on information from our Threat Intelligence feeds and any Incident that is not marked as a false positive is sent on to the partner for follow-up/remediation.
The Digital Shield SOC is available 24×7 via web portal, email and phone for any required follow-up or questions on Incident Cases.
Digital Shield is designed to specifically address the growing number of cybersecurity breaches plaguing small to midsize businesses. This cloud-based solution is both affordable and delivers the same level of protection that large customers receive, making it perfect for managed security services for enterprise protection as well.
Digital Shield enables customers to deploy a sustainable, comprehensive security monitoring solution without the need to invest in expensive infrastructure, buy expensive hardware appliances and recruit expensive security analysts. By simply sending their event log data to the advanced Digital Shield cloud, customers will receive a portal view of their compliance reports and security posture, complete with step-by-step remediation workflows designed to help resolve security incidents and halt malicious activity.
Advanced architecture designed to cover complex regulatory compliance, business continuity and risk management needs
Real-time attack visualization identifies zero-day attacks based on rules-based, vulnerability, statistical, and historical correlations
Vulnerability correlation integrates data from detection systems, eliminating false positives and freeing up your team to focus on actual threats
Unparalleled visibility in distributed networks to correlate activity in individual customer environments, identifying hidden threats, suspicious trends and other potentially dangerous behavior
Sophisticated reporting tools for ISO, PCI, HIPAA, SOX and other compliance standards