Cyber Security Solutions serves as your IT Professional team for a fraction of the cost. It leverages a two-pronged approach with defensive and offensive components.

Our defensive component provides customers with access to a Cyber Security Operations Center (CSOC) with security experts available 24/7 and our offensive component provides you with a mobile security application that continuously monitors the security health of your devices. Our solution provides mobile security, identity protection, theft prevention and 24/7 access to security experts in a single solution.

The CSOC is the combination of cybersecurity personnel, threat-identification, incident response processes and supporting security technologies. This highly qualified team of experts is specialized in cyber security and is available around the clock. They have the necessary tools to help defend your company against potential cyber-attacks such as phishing, malicious websites, malware, stolen usernames and passwords, debit or credit card fraud and identity theft.

As part of initial event triage, Cyber Security Experts draw on their in-depth knowledge of vulnerabilities and infiltration tactics to quickly eliminate false alarms from the constituent’s dataset. Events that cannot be immediately dismissed trigger a comprehensive review of vulnerability data, past security incidents, constituent network diagrams, and real-time cross-correlation of global attack trends. CSOC Experts employ a five-phase methodology to thoroughly investigate anomalous or suspicious activity:

Phase 1: Intelligence and Attack Analysis

Phase 2: Source and Target Investigation

Phase 3: Incident Classification and Prioritization

Phase 4: Incident Escalation

Phase 5: Countermeasure Recommendations

The threat categories listed below help guide subsequent actions:

• Environmental Awareness: Used to classify a situation where unauthorized logical access to a network, system, application, data, or other resource occurs. This incident category includes root compromises, unauthorized data alterations, and violations of acceptable use policies. The use of peer-to-peer file sharing applications, chat clients, suspicious behavior, anomalous activity within a standard event stream for a given device and other misuse or abuse of resources fall into this category. Vulnerable software, confidential data such as passwords in clear text, and protocols on unexpected ports are included here.
  
  
• System Compromise: Used to classify a virus, worm, Trojan or other code-based entity that has successfully infected or compromised an internal system and has begun propagating within internal networks or systems. Suspicious or malicious behavior, covert channels (such as OpenSSL tunnels), and spyware are categorized here.
  
  
• Exploitation and Installation: Used to classify a situation in which known exploitations are compromised and installation of malicious code is actually taking place on a client’s system. Cross site scripting attacks (XSS) and web server attacks that show successful installation are two examples of this category.
  
  
• Delivery and Attack: Used to classify an attack that impairs the use of networks, systems, or applications by exhausting connection and bandwidth resources or accessing secured systems. Denial of Service attacks (DoS), SQL injection, brute-force authentication, and web server attacks are defined in this manner.
  
  
• Reconnaissance and Probing: Used to classify activity on a network that is indicative of reconnaissance activities intended to discover systems and facilitate network mapping. Port scanning, service exploits, and suspicious DNS requests fall into this category.
  
  
• Non-actionable Activity: Used to classify the majority of the events, which turn out to be false alarms. These events are triggered by malicious traffic in the constituent’s environment, but the targeted networks and servers are not vulnerable to the exploits. A common false alarm involves the presence of mass worm traffic on a network. Worms such as Code Red, Nimda, Slammer, and Blaster continue to propagate on the Internet and connected constituent networks. However, unless a customer server is infected and actively propagating a worm, there is no need for action, and the event is not escalated.

• CSOC Manager: Leads the CSOC and sets priorities on emerging security threats.
  
  
• Incident Responders: Incident Responders are the people who are paid to react to alerts as soon as possible. They use a wide range of monitoring services to rank the severity of alerts, and once one has been deemed a full-scale issue, they engage with the affected business to begin recovery efforts.
  
  
• CSOC Analyst: The CSOC analysts have many years of experience in the cybersecurity profession and are responsible for reviewing past incidents and determining the root cause behind them.
  

After discussing the incident with the customer, the CSOC analyst will recommend appropriate actions to thwart or contain the attack. For larger or higher priority incidents, the CSOC may provide an email explanation and next steps for remediation for customer follow up.

NOTICE: Based on available data and its knowledge of the customer environment, the Cyber Security Operations Center will provide as much information as possible to support the customer in responding to incidents. However, it is the customer's responsibility to manage and respond to incidents, and to approve any Cyber Security Operations Center countermeasure recommendations.

Mobile device usage, such as smartphones and tablets, is increasing as businesses adopt more productive and flexible approaches in the way they allow their employees to work. Mobile devices are a prime target for threats since our phones can store personal and enterprise data including email, user credentials, work-based apps or documents, photos, sensors and GPS location. As more sensitive data goes mobile, security policies must now extend to mobile devices for all organizations to remain compliant in keeping data secure. Failure to meet regulations can result in severe damage to brand reputation and significant fines.

Our user-friendly Lookout® Mobile Application enables your employees to react directly to mobile security issues, in real-time, without the need of a security expert or admin. The app works continuously to keep you and your business secure, providing you and your employees peace of mind.

• Protection from Phishing attacks, a source of data theft and ransomware attacks
  
  
• Protection from malicious apps, that can steal information and allow access to business and personal information
  
  
• Detection of network attacks from fake WiFi networks
  
  
• Monitor device OS to ensure that the latest updates are completed
  
  
• Secure business productivity apps from compromise including Microsoft® Office 365 and Google® Docs
  

Our Network Solutions Customer Support team is here to guide you through any questions you may have about your account with us, how to access the 24/7 Cyber Security Operations Center, how to install your Lookout® Mobile Application, answer billing questions and more. Call our customer support team for help with these types of issues at 1-866-908-3442.

Call the Cyber Security Operations Center directly if you believe your business has or may be the victim of a cybercrime. The phone number to call is located in the Network Solutions account manager.

Small-to-Medium businesses who benefit the most are ones that don’t have the time or expertise to manage a potential attack themselves. Those who otherwise would not be able to afford an in-house full time IT support employee. That store or pass critical data and personal identification records (payment info., health records, PII). Those who handle any business on mobile devices.