Security Incident Management Services (SIMS)
Overview
Keeping data safe from malicious cyber-attacks has become a major challenge for CIOs, CISOs and IT Managers everywhere. With attacks being reported almost daily, monitoring IT systems around the clock is nowadays an indispensable activity.
SIMS from SMS continuously monitors client endpoints (Servers, laptops, desktops, notebooks, mobiles) for suspicious behaviour and issues alerts when such behaviour has been detected. The alerts on a dashboard become “incidents” that are notified to SMS Cyber-security specialists. Any known malicious behaviour will be immediately blocked, suspended or killed (depending on policy) while any unknown suspicious behaviour will be investigated and analysed to confirm if the threats are malicious or benign. Threats may be suspended while this investigation takes place and usually takes only minutes. If benign, the A.I. engines in the monitoring software will be updated to white-list the behaviour and any reoccurrences will be ignored in future under the same circumstances. If found to be malicious, the policies will be updated to immediately block, suspend, or kill (delete) the offending software, depending on the outcome of the analysis.
A comprehensive report will be prepared for the client at the end of each month, detailing the security threats that have been detected and the actions that were taken. An auto-generated report is available on a weekly basis showing the threats of the past week.
In addition, pro-active threat hunting on specific endpoints can be performed at the discretion of the senior management.
Security Incident Management Services Features
The features of Security Incident Management System include the following:
- Incident Monitoring and Detection (can be either continuous or working hours, thus 2 options are offered to the client)
- Automatic Alerts (triggered by any suspicious behaviours found on an endpoint)
- Incident Creation: alert will create an incident with a unique identification number
- Incident Analysis: undertaken by SMS security specialists to determine the probability of it being malicious or not; if deemed malicious, it will be blocked, suspended or killed (depending on policy); it will be blacklisted and automatically deleted if detected again under similar circumstances; if deemed benign, behaviour will be white-listed so if detected again under similar circumstances, it will no longer issue and alert
- Reporting: weekly report will be auto-generated with a summary of all alerts and incidents and shared with the client; in addition, a monthly report will be generated by SMS for client management describing the remedial actions taken and indicating preventive actions that may be taken as a result
Security Incident Management Services Benefits
Having Security Incident Management Services installed will provide the following benefits to the client:
- Protecting your company’s digital assets from malicious attacks and Ransomware before they can do substantial damage
- Increasing productivity of your company’s personnel by not having to focus on security but rather on the business at hand
- Increasing performance of your digital assets, as malicious software often slows down computers and workload throughputs; it may even prevent your company website from going down or becoming inaccessible
- Protecting your company’s reputation and maintaining your users’ and clients’ trust and confidence by ensuring that private and confidential data is not leaked out, stolen or otherwise misappropriated
- Protecting against future and unknown threats by using artificial intelligence (AI) engines to detect suspicious behaviours rather than suspicious software as cyber-criminals continuously update their attack methods