Managed Security Services
WHY WE DO IT
Over the last ten years, we've been involved with and analyzed over 100 IT security incidents and in every single case it wasn't a lack of good detective technology in place, rather, a lack of people looking at it, analyzing it, and taking the appropriate action. Today, there are more network and endpoint security controls generating petabytes of collective log data with not enough people to analyze it than ever before. We didn't believe the solution was to throw more technology at the problem, we believed the solution was to throw critical thinking at it -- human analytic rigor.
We believe what companies need is people who do nothing but look at and analyze different indicators of compromise and attack patterns day-in and day-out -- a "think tank" of security analysts that analyze patterns and can quickly ascertain real threats buried within mountains of false positives and quickly take action --- researching the latest threats and understanding what they look like in application logs and network IDS events. We believe this is what our clients need, not more technology. So instead of creating another "me too" MSSP that recommends more technology, we built a different kind of company.
WHAT WE DO
Brier & Thorn's Managed Services Practice (MSP) provides monitoring and management of existing network and endpoint security controls already deployed in your environment. If the technology doesn't exist, leverage our expertise in understanding your specific needs for a Security Information and Event Management (SIEM) solution, network or host IDS/IPS, firewall, network access control, web application firewall, or file integrity monitoring solution that aligns with your specific business needs and technology footprint -- not what our Security Operations Center (SOC) uses.
NETWORK SECURITY MONITORING
Ensure round-the-clock monitoring and response coverage of your entire enterprise environment. Our Security Operations Centers (SOCs) will monitor and manage your existing SIEM or recommend, operationalize, and continuously tune a SIEM that aligns to your exact business and operational objectives, including adoption of new network and endpoint security controls to increase visibility. Our MSSP services include annual penetration testing and quarterly vulnerability scanning (PCI ASV scanning as well).
An Information Security Management System (ISMS) requires ongoing care and feeding to ensure it remains relevant and effective to the business operations it supports. Whether your ISMS is ISO 27001 certified, carries SOC2 Type 1 or 2 attestation, or no certification at all, proper hygiene must be performed annually to ensure that it remains effective. Brier & Thorn will perform annual IT risk assessments for your organization according to the ISO 27005 standard, Octave, HEAVEN, or any other standard your company has adopted; internal audits according to NIST, ISO, GDPR, PCI, and others; quarterly vulnerability scanning; as well as complete your annual Statement of Applicability (SOA).
Security orchestration involves interweaving people, processes, and technology in the most effective manner to strengthen the security posture of an organization. By streamlining security processes, connecting disparate security tools and technologies, and maintaining the right balance of machine-powered security automation and human intervention, security orchestration empowers security professionals to effectively and efficiently carry out security operations and incident response. Brier & Thorn will implement, maintain, and monitor your on-prem or cloud SOAR solution and ensure it is getting the round-the-clock "care and feeding" it requires, including creating and maintaining the automated playbooks to work with the rest of the enterprise.
Endpoint Detection and Response (EDR) is an emerging technology. The term defines a category of tools and solutions that focus on detecting, investigating, and mitigating suspicious activities and issues on hosts and endpoints. Originally dubbed Endpoint Threat Detection and Response (ETDR), the term is now more commonly referred to as Endpoint Detection and Response (EDR). Brier & Thorn will implement, monitor, manage, and continuously tune your on-prem and cloud EDR solution ensuring 24x7365 response to threats and verifying the autonomous response actions taken by the EDR agent.
Breach and attack simulation (BAS) technology pretends to be an attacker in order to test a network's cyber defenses. These automated tools run simulated attacks to measure the effectiveness of a company's prevention, detection and mitigation capabilities. For example, the software might simulate a phishing attack on your email systems, a cyberattack on your web application firewall (WAF), attempted data exfiltration, lateral movement within networks or a malware attack on an endpoint. Most of the tools can run 24x7 in order to provide alerts whenever a change to the network results in potential vulnerabilities or risk. Some provide the ability to run scheduled mock attacks, and some can run surprise mock attacks in order to gauge a security operations center's capabilities. Some also incorporate artificial intelligence and machine learning capabilities to launch more sophisticated attacks over time or to analyze data on a company's cybersecurity posture. Brier & Thorn will implement, monitor, and continuously tune your enterprise BAS solution ensuring that new attack scenarios are created and updated as the environment changes.
Antimalware (anti-malware) is a type of software program designed to prevent, detect and remove malicious software (malware) on IT systems, as well as individual computing devices. Antimalware software protects against infections caused by many types of malware, including all types of viruses, as well as rootkits, ransomware and spyware. Antimalware software can be installed on an individual computing device, gateway server or dedicated network appliance. Brier & Thorn will maintain, monitoring, and respond to malware detected on endpoints as well as ensure the antimalware implementation is kept up-to-date.
Network Security Monitoring: 24x7x365
Managed Security Information and Event Management (SIEM)
Managed Security Orchestration and Response (SOAR)
Managed Information Security Management System (ISMS)
Managed Breach and Attack Simulation (BAS)
Managed Endpoint Detection and Response (EDR)