Swarm-SecOps is a managed security service provided by IP Performance which combines our expertise and a suite of integrated tools to augment your internal security structure.
Swarm-SecOps was designed around a set of principles we understand are critical to running a quality security program.
- Visibility – Collecting and curating quality data from the right systems that will provide greater insight for investigations and incidents.
- Scalability – The ability to scale the infrastructure to cover the entire environment, not choosing which is the most important to record due to limited resources.
- Technology – Understanding and integrating different tools together to ensure that attacks can be identified and remediated.
- Know-how – Deep understanding of infrastructure, protective technologies and offensive techniques
We use a pre-defined technology stack to collect and analyse data, we then use this data to detect and respond to threats in your environment. We have in-house expertise covering networking, infrastructure, defensive security and offensive security. We use a mixture of Open-Source Software and Proprietary tools integrated together to deliver a modern security platform.
In our experience maintaining security infrastructure and monitoring for threats typically falls to an all ready stretched IT Team. Keeping up to date with the latest attacks, hunting for threats, and tuning the systems is difficult alongside the day to day running of operations. The Swarm-SecOps service is designed to address these issues by creating a partnership between our SecOps team and your internal team.
The Swarm Sec-Ops service has 3 tiers which provide different features and functionality. Each tier builds on the lower tiers’ capabilities.
- Build – We install and maintain the infrastructure required to collect data required during a security incident.
- Collect – We curate the collected data required during a security incident.
- Detect – We use the information gathered to detect threats within your environment and alert a customer once alerts have been correlated.
Sensors are deployed to collect data from the network. Beeats Agents are installed on hosts to capture Operating System and Application logs. Logs are also collected from 3rd Party appliances directly.
Data is ingested into the Analysis nodes. Once received, the data is normalized, enriched, and stored. We ensure the data received is of high quality and is stored using a common schema to make using the data much simpler. If data sources are missing that would be required during an investigation, we seek these out and add them.
Our SecOps team tunes the system, gains context and provides advice to the customers internal team. The sensor nodes, analysis nodes and agents are controlled by the Queen who manages the swarm.
IP-Performance recently ran 2 virtual cyber breach response workshops for Elmbridge Borough Council and we cannot recommend them highly enough. As well as lots of practical resources & templates to take away, the second day culminates with an simulation which brings a cyberattack to life. It’s highly interactive, slightly stressful, but most importantly really makes you think! There’s a definite buzz around cyber at Elmbridge now thanks to Phil and team.Nikki Benge, ICT Business Manager,
Elmbridge Borough Council