What is SecureCare v2021?
SecureCare is a comprehensive best practices-based managed security solution that includes the following service offerings:
- Breach detection
- 2 Factor-Authentication (2FA)
- Endpoint Detection and Response (EDR)
- Security Awareness Training
- Email Phishing
- DNS Security and Web Filtering
- Security Information Event Management (SIEM)
- Internal Vulnerability Assessment (IVA) and External Vulnerability Assessment (EVA)
- Domain Breach Monitoring
- $25,000 of Ransomware Protection
What problem does SecureCare v2021 solve?
SecureCare v2021 is a comprehensive managed security service geared towards organizations of all sizes that don’t have an in-house security team. It enables small and midsize organizations to cost-effectively access best-in-class security solutions previously only available to large enterprises with in-house IT and security teams. SecureCare provides strong 24/7 protection against modern and rapidly changing security threats. Unlike traditional antivirus solutions, SecureCare helps protect against zero-day threats and can remediate and rollback changes to systems and files if a problem occurs. Additionally, SecureCare provides some threat forensics and attack storylines, making incident response much faster.
What are the components of SecureCare v2021?
SecureCare is a comprehensive managed security service available exclusively from Logically that leverages best-in-class industry solutions. SecureCare can be purchased as a stand-alone managed security service, or as part of a complete IT managed services package. SecureCare consists of the primary components as outlined above.
What other security solutions does Logically offer?
Whereas Logically’s SecureCare is a comprehensive security solution, Logically also offers has three discreate additional offerings with a range of features to fit the needs of our clients.
- Security Awareness Training – 2 rounds per year
- Phishing Campaigns – 2 per year
- Domain Monitoring and Alerting
SecureEndpoint (previous SecureCore package)
- Breach Detection
- 24/7 SOC
- Ransomware Protection
- Proactive internal and external vulnerability assessments
- Up to 2 hours of analysis/remediation planning
Why does SecureEndpoint have strong but not stronger security for vulnerability assessments?
In the SecureEndpoint package, we leverage the endpoint tools to report vulnerabilities. It does not specifically scan for vulnerabilities and prioritize them. We recommend a vulnerability scan as it focuses on vulnerabilities and prioritizes them.
In the SecureTest package, why are ransomware, malware, security breach, and data breach part of the strong but not stronger protection?
SecureTest does not actively protect clients from these types of attacks. However, it highlights vulnerabilities attackers would utilize to introduce malware into the environment so that a client’s IT team can take action.
Services included with SecureCare
What is Breach Detection and why is it important?
No safeguard is impenetrable, but breach detection systems limit the impact and time to resolution of breaches. Breach detection is a combination of security measures and applications designed to detect infected devices or endpoints and determine other threats occurring inside a network. We use Huntress for breach detection services. Huntress specializes in catching and remediating Advanced Persistent Threats (APTs) such as malware or botnets. Huntress primarily relies on files, registry keys, and current processes running on a system, which differs from Artificial Intelligence (AI)-driven EDR. Implementing a managed breach detection system helps to keep the persistent onslaught of attackers/bad actors at bay.
What is Two-Factor Authentication (2FA) and why is it important?
2FA is a fundamental security protection, and companies in regulated industries without 2FA have received significant fines. 2FA is a security measure that requires a user to verify their identity after entering a password. The authentication requires the use of an application (such as DUO or Microsoft Authenticator) or text messaging. Our approach to implementing 2FA follows the guidance of NIST, which discourages the use of text messaging. 2FA is an additional layer of security to prevent someone other than the intended user from logging in, even if they have a user’s password.
What is Security Awareness Training and why is it important?
Up to 90% of breaches are caused by staff, and the best way to limit this is through training. Security Awareness Training is designed to increase security awareness among staff and to meet compliance regulations. Such training typically how to avoid being a victim via phishing or social engineering. With the changing threat landscape, it is important for organizations to provide periodic training for their employees to become familiar with their security policies and procedures. It is recommended organizations conduct training on a periodic basis, such as 2-4 times per year. Such training helps employees implement security best practices and minimizes an organization’s risk for a breach or attack.
What is a Phishing Campaign and why is it important?
Phishing attacks are the most common social engineering attack on an organization. Threat actors attempt to gain access to users’ accounts or personal information by impersonating a trusted entity or individual via a fake email or website designed to replicate the real site. In doing so, the attackers attempt to “phish” personal information such as banking information (including requesting a payment), passwords, social security numbers, or confidential information. Phishing tests can help organizations train their users on how to spot these types of emails and prevent potential attacks.
What is DNS Security and Web Filtering and why is it important?
Domain Name System (DNS) security and web filtering provides protection from online threats such as viruses, malware, ransomware, phishing attacks, and botnets. DNS filtering can prevent command to control malware from entering an organization’s environment without blocking legitimate files by accident. This allows users to work productively and access the sites they need while avoiding potentially harmful sites. DNS Filtering allows an organization to create policies that give specific users access to certain sites (i.e. think Marketing needs access to social media sites but no one else does) to prevent users from accessing sites they shouldn’t (i.e. online gambling).
What is Anti-Spam and why is it important?
Anti-spam software blocks spam or potentially malicious email from entering an environment. Most software uses a set of protocols to determine unsolicited and unwanted emails and prevent them from hitting a user’s inbox. Anti-spam should not be used as a stand-alone security solution and should be coupled with other offerings such as 2FA, EDR, and others. Anti-spam filtering allows users to remove messages that were flagged as potentially harmful but were in fact legitimate to route to their inbox.
What is EDR and why is it important?
EDR stands for “Endpoint Detection and Response.” EDR is an evolutionary leap from and a replacement for traditional antivirus. It strays from the normal signature-based recognition algorithms of traditional antivirus and adds an AI driven behavioral detection engine, coupled with expansive threat detection databases to discover and respond to threats pre and post execution. In addition, an EDR can remediate complex system attacks by monitoring and recording all process, file, and registry actions and taking mitigating action. An EDR protects against a wide range of threats including malware (executables and fileless based), exploits (document and browser rooted), and live/insider attacks (script and credential driven).
What are the enhanced feature offerings of EDR?
MDR Level 1
- Active Endpoint Detection and Response
- EDR File Rollback
- Monthly Executive Report
MDR Level 2
- Includes all of MDR level 1
- Automatic Network Isolation
- Removable Device Control
- Monthly Endpoint Vulnerability Report
MDR level 3
- Includes all of MDR Level 2
- Firewall with Best-Practice Deployment
- Endpoint Advanced Insight
What is SIEM and why is it important?
SIEM stands for “Security Information Event Monitoring.” SIEM tools are an important part of the data security ecosystem: they aggregate data from multiple systems and analyze that data to catch abnormal behavior or potential cyberattacks. SIEM tools provide a central place to collect events and alerts and are a natural progression from Syslog collection, which gathers and centralizes logging from systems and network devices. SIEM takes this a step further and runs intelligence/correlation against this collection of data to provide insights not immediately visible to humans in this volume of data. SIEM provides two primary capabilities to an Incident Response team:
- Reporting and forensics about security incidents
- Alerts based on analytics that match a certain rule set, indicating a security issue
What is a 24/7 Security Operations Center (SOC) and why is it important?
The security operations center monitors and analyzes activity on networks, servers, endpoints, databases, applications, websites, and other systems, looking for anomalous activity that could be indicative of a security incident or compromise. The SOC is responsible for ensuring that potential security incidents are correctly identified, analyzed, defended, investigated, and reported.
The key benefit of having a security operations center is the improvement of security incident detection through continuous monitoring and analysis of data activity. By analyzing this activity across an organization’s networks, endpoints, servers, and databases around the clock, SOC teams are critical to ensure timely detection and response of security incidents. The 24/7 monitoring provided by a SOC gives organizations an advantage to defend against incidents and intrusions, regardless of source, time of day, or attack type. Security Operations requires 24/7 staffing - incidents don’t just happen between 8am and 5pm after all. It takes a minimum of 5 Security experts to support 24/7 security operations. An outsourced 24/7 SOC provides all the benefits without the challenge and expense of hiring, training and retaining scarce and expensive security experts.
What is an Internal Vulnerability Assessment (IVA) and why is it important?
An internal vulnerability assessment identifies vulnerabilities currently within the client’s IT infrastructure and provides a remediation plan for those vulnerabilities, ranked based on threat. This comprehensive assessment includes a review of existing vulnerabilities to help organizations build a security roadmap.
What is an External Vulnerability Assessment (EVA) and why is it important?
An EVA follows the same process that an IVA does. It looks at the vulnerabilities currently present within a client’s publicly facing network and provides a remediation plan based upon risk. The key difference is that an EVA focuses on the threats that could be used to penetrate an environment as opposed to those threats that require access into an environment to begin with.
What is Dark Web Domain Account Monitoring and why is it important?
Dark Web Domain Account Monitoring is a cloud-based service that searches databases of leaked information and cross references it with protected domains and accounts. Dark Web Monitoring can detect if a company is at risk due to exposed credentials on those websites. Compromised credentials are used to conduct further criminal activity.
What is Ransomware Protection and why is it important?
While no security solution offers 100% protection, Ransomware Protect offers SecureCare customers assurance that they are receiving ransomware protection services from Logically in the unlikely event an attack happens. Should a ransomware security incident occur, SecureCare customers can receive Incident Response services up to $25,000 with no extra charges.
Value Add Service Offerings (not part of SecureCare)
What is Mobile Device Management (MDM) and why is it important?
Mobile Device Management is a security software that IT departments use to manage, monitor, and secure mobile devices inside and outside of the office. An IT team can remotely push or remove software, change security settings, remove data, or completely remove all data and configurations from a device. MDM ensures confidential data isn’t compromised because of an errant device and enforces security policies and standards.
What is Disk Encryption and why is it important?
Disk encryption is the process of transferring normal data into an unreadable format in a secure and reversible way. In the case of unauthorized data exfiltration, the exfiltrated data will retain its confidentiality.
What is Email Encryption and why is it important?
Email Encryption is the process of disguising email messages to protect potentially sensitive or confidential information within a user’s email. Email encryption can prevent interception by unintended users and minimize the risk of a breach or attack via email.
What is Single Sign On (SSO) and why is it important?
Single Sign On (SSO) is an authentication process that allows a user to sign on with a single user login and password to several applications and websites at one time. The SSO process requires a user to login one time with their credentials and not have to authenticate when using each application. With one set of credentials, internal IT can enable and disable user access to multiple systems, platforms, apps and other resources. It also reduces the risk of lost, forgotten, or weak passwords.
What is a Managed Firewall and why is it important?
A Managed Firewall is a service offering from Managed Services Providers (MSPs) to address security threats and to monitor network traffic to understand what it typically looks like, so that suspicious use cases can be easily identified and corrected. A Managed Firewall offering includes application control and web content filtering to block potentially malicious traffic from entering a network.
What is Patch/Firmware Management and why is it important?
Patch/Firmware management is the process of regularly updating software or hardware on a user’s system. A “patch” fixes an issue in software or firmware that if otherwise unfixed could be utilized to compromise an organization’s IT environment . Regular patching and monitoring can ensure that vulnerabilities are not entering a user’s environment.
What is Data Loss Prevention (DLP) and why is it important?
Data Loss Prevention (DLP) is an attempt to improve information security and protect business information. It prevents end-users from moving key information outside the network. DLP helps to prevent the accidental exposure of confidential information across all devices. Wherever data lives, in transit on the network, at rest in storage, or in use, DLP can monitor it and significantly reduce the risk of data loss.
What is the Service Level Agreement?
Covered incidents detected 24/7/365 will be responded to within 4 hours, with an initial resolution plan developed within 4 business hours.
If a client had to choose between SecureID, SecureTest, and SecureEndpoint, which solution would you recommend and why?
This really depends on the needs of a client’s organization. Each package is tailored to address certain security controls. Each client has differing control needs. It’s important to assess what services the client is already utilizing and determine which package is a best fit for their needs.