Continuous monitoring and fast detection are the keys to successful containment and mitigation of threats that could jeopardize your organization’s operation and assets. However, many organizations most often lack capacities, means or resources that enable them to keep up with the ever-changing threat landscape, and let alone the cyber security skills and experience.
MBSD offers a wide range of granular managed security solutions which fortify customers network and assets with industry leading technologies and up-to-date global threat intelligence.
MBSD has a leading Security Operations Center (SOC) that provides managed security services catered to our customers’ needs 24 hours a day, 365 days a year. The SOC analysts and operators, having long experience of cyber security and working closely with expert analysts and threat researchers, not only effectively detects intrusions and perform pre-determined remediation actions but also, in a serious case, smoothly move to incident response phase with additional incident response experts of MBSD
There has been a misunderstanding in Japan and many people working at the IT departments think that alerts issued from the devices such as IDS/IPS are always true and the SOC operation means just transfer of all the alerts to customers. That is WRONG. The alerts include many false positives and each SOC operator’s main task is to identify the true threat (black) from the sea of false positives (greys). Some SOCs which are not operated by cyber security professionals are just transferring all alerts to customers and careful evaluation is required when choosing a SOC. At MBSD-SOC, analysts further investigate packet payloads of the suspicious traffic if they feel necessity and such operations exceed detection capabilities of the devices managed by them.
Signature tuning is another important task for SOC. IDS/IPS can detect threats with signatures, which are pre-programmed rules that examine a packet or series of packets for certain content, such as matches on packet header or data payload information to identify known threats. The signatures are the heart of the network-based IDS/IPS solution. The signatures are usually updated to make the rules fit the most resent threat trends and at the same time to control the size of the signatures since the devices cannot accommodate all the signatures available by the device manufacturers. In addition, from a customer’s infrastructure point of view, there are necessary signatures and unnecessary ones. Someone has to choose right signatures by understanding a customer’s infrastructure and also considering the threat vectors they are facing with. This is called the signature tuning which MBSD-SOC provides to customers at the beginning of the services but not all SOC services are doing.
There are anomaly-based intrusion detection systems which issue alert when detecting suspicious behaviors of the traffic under monitoring. Instead of searching the signatures of known threats, an anomaly-based detection system utilizes machine learning technology teaching the algorithm to recognize a normalized baseline. The baseline represents how the traffic normally behaves, and then the behaviors are compared to the baseline. The anomaly-based IDS simply identifies any unordinary behavior to trigger alert and MBSD-SOC analysts further investigate packets, origins/destinations of the traffic, traffic patterns, and hashes of… to finally identify black things only.