Managed Security Services Provider (MSSP)
CyberPulse 365 helps companies proactively detect and defend against cyber threats with best of breed technology administered by TCDI’s team of security experts. The managed service combines security information and event management (SIEM), vulnerability scanning, endpoint protection, and data loss prevention technologies to provide a holistic threat management and monitoring solution.
Cyberpulse 365® is powered by SecureOwl®, a cutting-edge security appliance that is installed onsite and administered remotely by the engineers in TCDI’s Security Operations Center (SOC). SecureOwl delivers multiple security functions including monitoring, detection, control, and protection.
An integrated security information and event management (SIEM) platform provides robust cybersecurity monitoring and alerting. The SecureOwl appliance collects log files from devices on your network including servers, workstations, switches, routers, firewalls, and storage devices. It then encrypts and sends the information to TCDI for analysis.
Log files, system generated data that record important events that take place on a device or application, are critical for identifying and analyzing cyber threats. TCDI applies best practices to computer logging settings to ensure that valuable data is tracked and then retrieves logging information in real time from devices for searching, analysis, archival, and alerting.
Events are analyzed in real-time, and TCDI correlates information from various devices to gain a holistic understanding of activity. Suspicious activity generates alerts that TCDI’s CyberOps team reviews to determine if action is necessary and, if so, clients are contacted with remediation advice. In addition to manual notifications, some events trigger automatic workflows to mitigate the threat such as disabling an account or quarantining a device.
Malware is one of the primary ways attackers breach corporate networks and is often distributed through phishing messages or installed through malicious online ads or links. The consequences of a malware infection can include corruption of data or systems, ransom demands, or data exfiltration and data breaches. CyberPulse 365’s advanced malware protection combines endpoint protection, centralized monitoring, rapid virus definition deployment, and access to incident response and malware sandboxing services to provide a powerful defense against an attack.
Vulnerability management identifies issues with incorrect configurations, system changes, or software bugs so they can be corrected before they are exploited by hackers or malicious insiders. TCDI will scan client networks monthly and deliver a list of vulnerabilities and prioritized remediation actions. Vulnerability scanning can be performed externally to test internet facing servers or internally to test workstations and servers within the organization.
Data Loss Prevention (DLP)
Data loss prevention (DLP) policies are enforced across devices to control how data is used, stored, and transmitted. Some actions may trigger an alert while others are prevented, thus stopping data from traversing to unauthorized cloud services, external devices, or unknown email recipients.