BLUESOC NETWORKSENTRY

24/7 network monitoring,
analysis and incident reporting
Overview

The threat from sophisticated actors highlights the importance of identifying harmful activities before they cause harm to your business. BlueSOC NetworkSentry is a 24/7 managed network monitoring service that enables visibility to your network environment and detects intrusions and policy violations, limiting the risk of a major data breach caused by an external or internal threat.

Efficient security monitoring is now a requirement for securing business operations as well as meeting compliance requirements, something many potential customers also have as a requirement to engage in a business relationship.

All organisations should adopt the “assume breach” approach, that is, think and act as if a breach is already active but not yet detected. For many organizations, this is not just a theoretical possibility, but a reality. It could be the work of external entities with the goal of stealing information or disrupting normal operations, as well as threats from the inside.

The ability to quickly detect and manage incidents are one of the most important areas in security as there is no possibility to proactively defend the organisation against all possible threats. This is the classical dilemma where you as a defender has to be right every time, but the opposition just needs to be right once.

The solution – 24/7 monitoring managed by security experts

A lot of the malicious activity taking place is possible to identify by inspecting and analyzing traffic and traffic patterns inside the IT environment, as well as incoming and outgoing traffic. Managed network monitoring can detect several kinds of threats, from an endpoint infected by malware to web servers under attack from external sources. By analysing patterns as well as actual content, recognisance and lateral movement can be detected and incidents can be managed before they cause damage to the organisation.

Sentor has developed NetworkSentry to provide a fully managed network monitoring service, managed by our BlueTeam in Sentor’s BlueSOC – the defensive part of our SOC services. BlueTeam security analysts monitor your network traffic 24/7 in order to detect malware, unauthorised scans, policy violations and intrusion attempts. All alerts are manually validated and enriched by experts, and incidents are reported and escalated to fit the individual organisation. Consequently, Sentor’s BlueTeam becomes an extension of your internal security team with the objective of protecting your business and reducing the response time in the event of an incident.

How it works

How it works

Networks sensors are deployed as passive listening devices on aggregation points in the customer’s network environment (using TAP:s or SPAN-ports), focusing on ingress or egress points in the networks like Internet access, partner connections, as well as client and server traffic for good analysis coverage.

The sensors are purpose built appliances from Sentor, built on the leading open source software Snort with additional analysis functions built by Sentor. The sensors are updated multiple times per week with new detection capability from Emerging Threats and Sourcefire to ensure identification of new threats.

Continuous monitoring and tuning ensures that the alerts are relevant for the individual customer environment and after analysis they are escalated to the customer as security incidents with additional data for investigation or remediation.

Step by step

  • Initial design activity together with the customer to identify placement and number of sensors, specific requirements and configuration changes needed
  • Sensors are pre-built and shipped to sites by Sentor, including instructions on how to connect them and configuration needed
  • Sensors are connected by the customer, Sentor verifies communication and monitoring
  • 24/7 monitoring from Sentor BlueSOC is activated, service delivery starts
  • Continuous updates are applied, tuning and whitelisting is ongoing during the service period
  • Monthly reporting and service meetings are conducted

Key advantages

Key advantages

  • Custom-made network monitoring appliance fully supported by Sentor, no additional products needed
  • Broad detection capability covering different scenarios and updated multiple times per week using commercial signature feeds
  • Custom-made detection capability based on statistical analysis to identify reconnaissance activity and lateral movement in the environment
  • Continuous tuning and whitelisting gives a low false-positive rate compared to other solutions
  • Low price point making it possible to deploy for best coverage instead of having to compromise with detection
  • Sensors able to manage high volume networks as well as smaller branch offices
  • Sentor BlueSOC monitors alerts and performs analysis 24/7

Want more information? Write your e-mail address and we will get back to you!

Security Operations Center

Sentor’s managed SOC services are divided into two types; BlueSOC services and RedSOC services. BlueSOC services are defensive by nature and aim to maintain internal defense, by detecting and responding to cyber threats. Sentor’s RedSOC services are offensive and aim to continuously identify and address deficiencies in the customer’s security posture, both technical vulnerabilities and more structural weaknesses.

Read more!

Want to get in touch?