Swarm-SecOps

Scalable Network Security

Swarm-SecOps is a managed security service provided by IP Performance which combines our expertise and a suite of integrated tools to augment your internal security team. We use a pre-defined technology stack to collect and analyse data, we then use this data to detect and respond to threats in your environment. We have in-house expertise covering networking, infrastructure, defensive and offensive security. We use a mixture of Open-Source Software and Proprietary tools integrated together to deliver a modern security platform.

Why use Swarm-SecOps?

Swarm-SecOps was developed in conjunction with partners in the Transport and Education sectors. It has been designed to deal with the lack of visibility and scalability of traditional logging solutions. We also want to build up a relationship of trust between our SecOps team and our customer’s team. The reason we do this, is that running a security operation requires more than just equipment on site. Context of the customer’s environment is critical to the operation of a quality security program.

We recommend and support the following Swarm-SecOps products

  • Swarm-SecOps – Endpoint Detection and Response

    We use Elastic Endpoint Security for EDR capabilities. Block unknown and polymorphic malware and ransomware before execution with machine learning. Prevent advanced threats with behavior analytics. Perform ad-hoc correlation. Gather deeper context with osquery. Invoke remote response actions. Secure your Windows, macOS, and Linux endpoints. Prevent malware execution and stop ransomware before data encryption. Disrupt advanced threats with behavior-based run-time prevention.

  • Swarm-SecOps – Network Security Monitoring

    We use Zeek as a network security monitor to support investigations of suspicious or malicious activity. Zeek is a passive, open-source network traffic analyzer. Zeek creates an extensive set of logs describing network activity. These logs include not only a comprehensive record of every connection seen on the wire, but also application-layer transcripts. These include all HTTP sessions with their requested URIs, key headers, MIME types, and server responses; DNS requests with replies; SSL certificates; key content of SMTP sessions; and much more.

  • Swarm-SecOps – SIEM

    SIEM for the modern SOC based on Elastic

    We use the Elastic Security SIEM to Detect, investigate, and respond to evolving threats. It allows us to harness any data source at cloud scale. Achieve greater control at the host layer. Implement modern security use cases, and scale quickly. Continuously safeguard your environment with behavior-based rules to detect behaviors and tools indicative of potential threats. Analyze adversary behavior and prioritize potential threats accordingly. Cut to what matters with risk and severity scores. Detections are aligned with MITRE ATT&CK®