Entech’s SIEM (Security Information and Event Management) solution will provide real-time detection and analysis of security alerts that are identified on the network. This will require the installation of one or more (depending on traffic volume) small security appliances. The security appliance must always have an Internet connection. The security appliance and the alerts will be monitored and validated by Entech’s SOC.
Security Operations Center (SOC)
Using the SIEM system, the SOC is responsible for monitoring and analyzing all incoming security alerts. The SOC is staffed 24/7/365 days per year.
Security Log File Retention
As part of Entech’s Managed IT Security Service all events identified by the SIEM will be logged and stored for up to ninety (90) days to ensure your organization is compliant with regulations and best practices. However, in the event of an incident or breech, the logs related to said event, will be stored for up to 7 years. Should the Managed IT Security Service SOW be terminated, logs will no longer be retained by Entech and becomes the responsibility of client.
Security Awareness Training
If applicable, phishing security tests are services that could be performed as part of Security Awareness Training. “Phishing” is a fraudulent attempt to obtain sensitive information such as usernames, passwords, credit card numbers, etc. This is often for malicious reasons by disguising as a trustworthy entity in an electronic communication. Entech will perform periodic fake phishing tests and campaigns to identify which user(s) need focused security awareness training.
USB Drive Testing
USB drive testing tests an employee’s reaction to unknown USB devices. If an employee finds a USB drive, plugs it in their workstation, and opens a ‘beaconized” file, it will “call home” and report the failure. Should an employee’s also enable the macros in the file, then additional data is also tracked and made available to client. This security test is done to identify which user(s) need focused security awareness training.
Vishing Security Tests
“Vishing” is the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers. This is often for malicious reasons by disguising as a trustworthy entity. Entech will perform periodic fake vishing tests and campaigns to identify which user(s) need focused security awareness training.
Online Security Awareness Training Program
Entech will provide internet based training for client’s employees regarding the the protection of various information assets of the organization. This will be done via a learning management system and target training’s per employee per the results of the various security campaigns. The goal of this service is to have employees understand that there are people actively trying to steal data that is stored within your organization’s computers. (This often focuses on user names and passwords, so that criminal elements can ultimately get access to bank accounts and other high-value IT assets.)
Dark Web Monitoring
The Dark Web is contained within the “Deep Web”- a sub-layer of the internet that is hidden from conventional search engines. Search engines like Google, BING and Yahoo only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. Dark Web monitoring offers detection if a user’s digital credentials (email addresses, username and password) have been compromised and are being trafficked on criminal sites that sell credentials; open document repositories that post credentials publicly; internet relay chat (IRC); and social media sites found only on the Dark Web. Client can establish specific domains or other unique identifiers to search. Service Provider will run real-time and daily digest notification when matching data is found.
Non-Regulatory Questionnaire Consulting
Entech will assist client in any “non-regulatory” security questionnaires. The questionnaires will be aligned with guidelines and best practices (i.e GDPR, NIST Frameworks, Liability Insurance, etc.). Questionnaires related to auditors, industry compliance, investors/investments or partnerships will not be covered.
External Vulnerability Assessment
The Entech External Vulnerability Assessment provides your organization with a clear understanding of the risks present on your external network. External threats are those posed by external sources such as hackers, viruses, and trojans to your systems that are accessible via the internet. Typical systems include firewalls, routers, VPN concentrators, web sites, email, and domain name servers. Entech will run a series of tests to clearly define any vulnerabilities, identify possible threats that the vulnerabilities pose and provide detailed recommendations on how to fix any deficiencies.
Entech will respond to alerts and begin triaging them once they have been received by the SOC from the Security Appliance. The nature of security alerts normally means there is an evaluation process as to the validity and threat level of the alert. If the threat level of the alert is determined to be high, then someone from our security team will call the client within one hour from the time the threat was classified as high. Low and medium level threats will be communicated to the client within four hours of the alert being categorized.
Managed Firewall (if applicable)
If applicable, Entech will provide a next-generation firewall appliance during the term of the SOW. This appliance is and will remain the property of Entech during and after the expiration of this SOW. In addition to the physical appliance, Entech will ensure the appliance is licensed with SonicWall’s Comprehensive Gateway Security Suite (or a comparable service) that can include gateway anti-virus, anti-spyware, intrusion prevention, application intelligence and control, content filtering and firmware updates.
Any security solution may be circumvented and/or rendered ineffective if a user, either intentionally or unintentionally, downloads or installs malware (such as a rootkit) onto the user’s system. Client is strongly advised to educate their staff to refrain from downloading files that are sent by unknown users, and/or users or files whose origination cannot be verified. Due to the ever changing threat-landscape, and zero-day malware releases, Entech can not warrant or guarantee that all viruses and malware will be capable of being removed, or that all forms of viruses and malware will be detected, filter, or removed within any certain time frame.
In order to improve security awareness, you agree that Entech or its designated third-party affiliate may transfer information about the results of processed files, information used for URL reputation determination, security risk tracking, and statistics for protection against spam and malware. Any information obtained in this manner does not and will not contain any personal or confidential information.