See the Threat
Domain Name System (DNS) Filtering
In cybersecurity, many threats utilize DNS as a method to bypass IP block lists. Maintaining only a blacklist of known bad DNS entries does not completely resolve the risks, as it is common behavior for a malicious actor to use dynamically generated DNS entries to bypass these lists. We manage a toolset that will evaluate all DNS queries seen from your organization, as well as from any endpoints external to the network utilizing a roaming client. This service stops known bad DNS calls, as well as access to any newly seen domains (less than 6 days old or never seen by the vendors global network), preventing the majority of malicious code propagation.
- Assistance in deploying the solution
- The ability to add in content monitoring
- Off-network protection and malicious device identification available with roaming client
- User identification
Threat Detection & Monitoring
We will meet with you to understand your environment. We will detect and hunt for known and unknown threats and provide analysis of real-time security event data feeds to detect indicators of threats. Incidents are escalated to our analysts for in-depth analysis. Analysts will send Threat Indicator Notifications with information about detected threats. Analysts strive to add enhanced contextual information and How-To’s to the notifications for faster validation and delegation. Every notification will have analyst insight that is specific to the detection and present situation stakeholder’s environment.
- Threat detection and monitoring
- Triage of events
- Alerts are prioritized according to the alert severity and the criticality of the impacted host(s)
- In-depth analysis of security events and threat indicators
- Threat Indicator Notifications
- Monthly reports: Situational Awareness, Threat Landscape, Attacks, Key Performance Indicators
- Security Advisories Subscription
- Invitation to our regular Threat Brief conference call
We create threat intelligence information based on findings gathered through monitoring our customers. This threat intelligence is anonymized and used as part of the Texas Information Sharing and Analysis Organization (ISAO). The ISAO, managed by us, links sources from across the state to better protect everyone participating.
- Automated threat feeds inserted into the tools used to protect you
- Correlation of threats from multiple sources to help you determine the risk
Vulnerability Scanning and Penetration Tests
External and internal vulnerability scanning is available to provide you with a better picture of assumed risks. These scans are designed to meet the requirements of state law and to help your organization resolve any unknown vulnerabilities. Penetration testing is provided through third-party contracts.
Block the Threat
Remote Incident Response
Remotely, the SOC provides expertise in analyzing damage and removing changes left by an adversary. Support is usually done over the phone, email, web conference, or if necessary, remote terminal or administrative interfaces such as a collaborative meeting platform or Secure Shell (SSH).
- Service availability and engagement is based on the type of incident and availability
- On-site Incident Response is available based on the impact of the threat and availability
We are happy to provide security advice for:
- Supporting new system design
- Business continuity
- Disaster recovery planning
- Securing, monitoring and auditing Microsoft Active Directory
Let’s discuss what your needs are and how we can help!
Save the Day
Software Contracting and Evaluation
As the industry shifts to combat the latest threats, it is necessary for tools used to combat those threats shift as well. We actively work with vendors to determine products that meet the needs of our customers and negotiate group purchases when applicable.
Training & Awareness
Proactive outreach to employees supporting general user training, bulletins and other educational materials that help them understand various cybersecurity issues. The main goals are to help you protect your team from common threats, better secure end systems and help employees correctly report cybersecurity incidents.