Managed Security (MSSP)
CompuVision - Managed Services Security Provider
CompuVision's managed security service provider (MSSP) provides monitoring and management of security devices and systems. These services include managed firewall, intrusion detection, vulnerability scanning and endpoint detection and response. CompuVision's high-availability security operation centers(SOC) provides 24/7 services designed to reduce the number of security personnel needed in todays highly vulnerable IT landscape, allowing your organization to maintain an acceptable security posture.
Endpoint Protection (EDR)
Endpoint Protection is an endpoint-based malware detection and response (MDR) solution that detects and stops malicious files and processes (known as malware or ransomware) on Windows, Mac or Linux devices. Unlike traditional signature-based Anti-Virus, this product uses machine learning models to detect zero-day malware as well as known variants, fileless, script-based memory, and external device-based attacks.
- MALWARE & RANSOMWARE - Identifies and blocks malicious executables
- REMOTE WORKER ATTACKS - Protect users not connected to the company network with protection that doesn›t rely on signature updates.
- APT & ZERO-DAY PREVENTION - Threat intelligence and constant machine learning modeling keep new variants of threats from being successful
- MALICIOUS SCRIPTS - Controls the way scripts execute to prevent attacks, including PowerShell
- FILELESS ATTACKS - Eliminates the ability for attackers to use fileless malware attack techniques on protected endpoints
- EMAIL PAYLOADS - Prevents malicious email attachments from detonating their payloads
Log Security Monitoring
Log Security Monitoring is a managed security product that collects, aggregates, and normalizes log data from hundreds of sources for AI enabled analysis using our analytics platform, SIEM, threat intelligence, and 24/7 365 Security Operations Center. Identify threat-like behavior in your systems such as impossible logins, multi-factor bypass, coordinated attacks, and rogue agents.
- CLOUD INFRASTRUCTURE ATTACKS - Alerts on threat-like behavior in AWS services
- UNAUTHORIZED ACCESS - Monitoring who is accessing devices and where they connect to, and alert when source or target is unknown or suspicious
- COMPROMISED USER CREDENTIALS - Uses behavioral analysis to detect anomalous behavior by users, indicating a compromise. For example, logins at unusual hours or at unusual frequency
- ANOMALOUS PRIVILEGE ESCALATION - Detects users changing or escalating privileges for critical systems
- THIRD-PARTY VIOLATIONS - Monitors activity by external vendors and partners who have access to organizational systems, to identify anomalous behavior or escalation of privileges
- MULTI-VECTOR ATTACKS - Correlates data from multiple sources to get consolidated visibility of multiple attacks
Network Security Monitoring
Network Security Monitoring is a managed security product that provides network intrusion detection with a physical or virtual appliance. Suspected threats are correlated using our AI-enabled analytics platform, SIEM, threat intelligence, and 24/7 365 Security Operations Center. Detect potential threat activity on your network like command and control connections, denial of service attacks, data exfiltration and reconnaissance.
- DENIAL OF SERVICE (DOS) ATTACKS - Identifying unusual traffic from organization-owned devices, being leveraged to perform a denial of service attack
- CROSS-SITE SCRIPTING - Identifying web server– client network traffic patterns indicating cross-site scripting attacks (XSS)
- SQL INJECTION - Identifying layer-7 network signatures indicating a SQL injection attack designed to exfiltrate data from vulnerable web applications
- FTP & CLOUD STORAGE EXFLITRATION - Monitoring network traffic over protocols that facilitate large data transfer and alerting when unusual quantities or file types are being transferred, or when the target is unknown or malicious
- COMMAND & CONTROL COMMUNICATION - Correlates network traffic to discover malware communicating with external attackers, which is a sign of a compromised account
Office 365 Security Monitoring
Office 365 Security Monitoring is a managed security product that monitors Office 365 activity using AI analytics platform, SIEM, threat intelligence, and 24/7 365 Security Operations Center to identify threat-like behavior such as unauthorized access to cloud mailboxes, admin changes in the environment, impossible logins, and brute force attacks.
- MALICIOUS ADMIN CHANGES - Tracks admin activity and changes to the O365 tenant
- UNAUTHORIZED DELEGATE ACCESS - Tracks when emails delegates are added
- FAILED OR UNAUTHORIZED ACCESS - Detects failed or suspicious login attempt
- MFA REMOVAL - Actively detects changes to MFA
- FOREIGN LOGIN - Monitors geolocation access with IP location sourcing and login from suspicious or unusual countries
- IMPOSSIBLE LOGIN - Detects logins from different geolocations within a short period of time
- SUSPICIOUS EMAIL FORWARD - Alerts when email forwarding rules have been created outside of the domain