Managed Security Services
NetUtils Security Operations Centre
The NetUtils SOC-as-a-Service is backed by a team of certified security analysts and uses the latest cutting-edge technology to protect organisations of all sizes.
With one comprehensive cloud-native platform, we defend organisations by using artificial intelligence and computer vision to monitor systems for suspicious activity. The NetUtils SOC-as-a-Service offers your business 24/7/365 monitoring and increased visibility into your network, and our next-generation tech, including our fully managed SIEM and AI analytics platform, can even help you prepare for zero-day attacks.
In the event of a potential security breach, our team will immediately alert you and take steps to protect your data at any time.
Log Security Monitoring
Office 365 Monitoring
Log Security Monitoring
The NetUtils SOC provides you with access to a fully managed 24/7/365 security operations centre. The service uses leading edge technology paired with human talent, with just a single objective, to monitor your network, protect your assets and keep your business safe.
The SOC collects, aggregates, and normalises log data from hundreds of sources for AI enabled analysis using an analytics platform, SIEM, threat intelligence, and of course the individuals manning the 24/7/365 operations centre. Our service identifies threat-like behaviour in your systems such as impossible logins, multi-factor bypass, coordinated attacks, and rogue agents.
Log Security Monitoring Key Features:
- Hundreds of Support Integrations
- SIEM Analysis
- AI Analytics Engine
- Self-service Reporting
- Deployment of physical or virtual appliance for on- prem logs (like syslog)
- Supports key industry and regulatory compliance standards such as continuous monitoring
- and log retention
- ROI on existing investments – Merge data from your existing security tools with multiple sources to provide greater visibility and re-use existing investment
Typically Log Security Monitoring will protect you against activities like:
3rd Party Violation
Monitors activity by external vendors and partners who have access to organisational systems, to identify anomalous behaviour or escalation of privileges.
Anomalous Privilege Escalation
Detects users changing or escalating privileges for critical systems.
Monitoring who is accessing devices and where they connect to, and alert when source or target is unknown or suspicious.
Multi Vector Attack
Correlates data from multiple sources to get consolidated visibility of multiple attacks.
Compromised User Credentials
Uses behavioural analysis to detect anomalous behaviour by users, indicating a compromise. For example, logins at unusual hours or at unusual frequency.
Cloud Infrastructure Attack
Alerts on threat-like behaviour in AWS services.
O365 Security Monitoring
The NetUtils SOC monitors Office 365 activity using an analytics platform, SIEM, threat intelligence and 24/7/365 Security Operations Centre to identify threat-like behaviour such as unauthorised access to cloud mailboxes, admin changes in the environment, impossible logins, and brute force attacks.
O365 Security Monitoring Key Features:
- SIEM Correlation & SOC Analysis
- Support for custom alerting and reports
- Visibility to login activity in the dashboard
- Detects potential threats of suspicious activity in Office 365
- Supports industry & regulatory compliance requirements
Typically O365 Security Monitoring will protect you against activities like:
Malicious Admin Changes
Tracks admin activity and changes to the O365 tenant.
Failed or Unauthorised Access
Detects failed or suspicious login attempt.
Monitors geolocation access with IP location sourcing and login from suspicious or unusual countries.
Suspicious Email Forward
Alerts when email forwarding rules have been created outside of the domain.
Detects logins from different geolocations within a short period of time.
Unauthorised Delegate Access
Tracks when emails delegates are added.
The Human Element – The SOC Team
Fully managed Security Monitoring means our automated advanced search & detection technology is backed by a team of certified security analysts. These experts in the Security Operations Centre (SOC) manage, tune and monitor our systems and your business’s data 24/7/365 to ensure you are protected.
The SOC Team protects your business with the combination of machine and human analysis. We use some terms and processes in our service delivery that hopefully give you some context into the workings behind the scenes.
- Alert – An observable occurrence in a protected server, application, or, more broadly, the internet that may imply a potential threat to an information system or a potential compliance issue.
- Alarm – A pattern of potentially malicious activity that implies an identified threat to an information system, violates acceptable use policies, or circumvents standard security practices. We classify incidents into three threat severity ratings: High, Medium, and Low.
Expert SOC Research, Escalation, and Response
– Identified incidents are reviewed and researched by security certified professionals who:
- Proactively research threats
- Our SOC experts are skilled in threat research and the art of the identification of suspicious activity known in the industry as “Threat Hunting.”
- Escalate priority incidents
Ready 24/7/365, our team of experts are trained in straightforward explanations of security findings. Priority Incidents / Alarms are escalated to you according to your designated escalation path.
- Respond for Remediation
When an escalated incident requires remediation, our SOC experts are available to provide remote remediation assistance and advice.