SlideShare a Scribd company logo

NetWatcher Customer Overview

Download as PPTX, PDF
Scott Suhy
Scott Suhy

This document provides an overview of NetWatcher's managed detection and response security services. It describes NetWatcher's cloud-based security stack that provides enterprise-level security capabilities typically reserved for large organizations to SMBs through an affordable software-as-a-service model. The summary highlights NetWatcher's security tools and features like sensors, endpoint agents, threat intelligence, compliance reporting, vulnerability scanning, and a customer portal for viewing alerts and scores.

Business
1 of 24
NetWatcher Customer Overview info@netwatcher.com
www.netwatcher.com Most SMBs have this stack It’s relatively inexpensive NGFW Secure DNS Secure Email AV – Anti Malware VPN WAF RMM The Problem…
www.netwatcher.com Threat Intel SIEM Intrusion Detection End Point Behavior Vulnerability Scanner All Enterprises have this stack …but it’s expensive and requires scarce security talent NGFW Secure DNS Secure Email AV – Anti Malware VPN WAF RMM
www.netwatcher.com Threat Intel SIEM Intrusion Detection End Point Behavior Vulnerability Scanner SBM’s can’t have this stack It’s expensive and requires scarce security talent NGFW Secure DNS Secure Email AV – Anti Malware VPN WAF RMM
www.netwatcher.com Threat Intel SIEM Intrusion Detection End Point Behavior Vulnerability Scanner Unfortunatly for Regulated SMBs 39% have to have this stack HIPAA, PCI-DSS, NIST 800-171, 23 NYCRR 500, GLBA etc… So what are they supposed to do? NGFW Secure DNS Secure Email AV – Anti Malware VPN WAF RMM
www.netwatcher.com Threat Intel SIEM Intrusion Detection End Point Behavior Vulnerability Scanner What if this entire stack was Easy to install Easy to use Inexpensive and provided as a service? NGFW Secure DNS Secure Email AV – Anti Malware VPN WAF RMM Welcome to NetWatcher®
What is… NetWatcher® “Managed Detection & Response” . www.netwatcher.com You deploy Sensors &/or Endpoints Sensor(s) (hardware or VM) sit on the inside of customers network and listens for anomalies… (IDS, Netflow, SIEM, Scanner). Sensors are not inline. Endpoint agent (HIDS, Logs, Sensor-in-Cloud VPN/IDS) Sensors/Endpoints send indicators of compromise (events) over a secure VPN to the cloud Automated (cloud) “hunting” for creating Actionable Threat Intelligence Alarms about poor security hygiene, vulnerabilities, active exploits and malware Delivered as a multi-tenant service Backstopped by a team of SOC analysts that become YOUR SOC!
What is… The Value of NetWatcher . www.netwatcher.com Enterprise security provided at a fraction of the price of legacy providers Support for security compliance line items that are costly and difficult to deploy and manage Access to enterprise security analysts working your issues Easy to understand portal with alerting/reporting for exploits and hygiene issues that will cause you to be exploited. Remediation guidance Access to additional support
Customer Portal Dashboard On the customer portal dashboard you will find 2 scores that change as the security situational awareness picture of the customer changes. Both scores are out of 100 (the best you can get). The Cyber Health Score - This score helps you understand how bad your organization is compromised today. Cyber Promiscuity Score(TM) - This score helps you understand how much the activity going on in your organization today expose you to future compromise. If you click on an item in the Executive Dashboard Widget you will be taken directly to that alarm.
Dashboard - Widgets There are many widgets that you can install onto the dashboard. Some of those include: 1. Score over time 2. Risky Software running on the network 3. Vulnerable Software running on the network 4. Clear text info being sent over the internet 5. Events by country
Alarm “Security” = Malware / Exploit Each Alarm has an easy to understand description and recommendation written for the IT helpdesk. If the users account is setup as an ‘intermediate’ profile (ie. More technical) then you can also see what events the correlation engine used to determine an alarm was necessary. The User can also create a ticket on the event to work with their partner (MSP) or the NetWatcher SOC team (direct customer). There is also a comment field that is date and timestamped that HIPAA security rule users can leverage to document how the alarm was remediated. MSP Partners can get this same detail sent to ConnectWise. Users can also receive Alarms via SMS and email.
Alarm “Policy” “Scans” “Hygiene” Policy alarms are related to users visiting sites that are not appropriate such as pornography and online gambling… Scan alarms are when a bad actor is doing reconnaissance on the organization (example: someone running Metasploit on internal assets. Hygiene alarms are when a user is doing something that opens the organization up for exploit. An alarm is only created 1 time per asset per alarm type to ensure alarm fatigue is not an issue. The alarm is then aged over a 2 week period and closed if it is not seen again. Alarm ‘triggers’ can be created to forward alarms based on search query via SMS and email.
Reports – Compliance as a Service Reports can be created across any of the data in the system (events, alarms, assets, tickets etc..) Reoccurring Reports can be created and sent via email and also stored for future download by users and auditors. Download as PDF or CSV.
NetWatcher Endpoint The NetAgent for Linux/Windows (and soon MAC) provides the organization with a “health” and “promiscuity” score per asset so it is easy to see the trouble spots in the organization that may need additional cyber training. The HIDS module enable File Integrity Monitoring, Rootkit checks and Process monitoring via OSSEC and the Wazuh ruleset. The LOGS module pushes the operating system logs to the sensor for additional correlation. The Sensor-in-the-Cloud module allows administrators to track corporate assets event when they are not on the network. This opens a secure VPN and leverage a sensor hosted in the NetWatcher Cloud.
NetWatcher Endpoint Detail The NetAgent also provides detail on the operating system and hardware detail as well asl all the software corresponding components as well as versions, install / uninstall location. All software detail can also be used for correlation purposes.
NetWatcher SYSLOG Ingestion NetWatcher can also ingest SYSLOGs from hardware devices such as a firewall for correlation purposes.
NetWatcher Vulnerability Scanner NetWatcher can easily create reoccurring vulnerability scans that can be used for PCI- DSS internal scans. Users can schedule reoccurring scans or run one – time scans of specific assets.
NetWatcher Vulnerability Scanner Once scans are run events are produced that line up with CSV priorities (low, med, high). Users can report on all vulnerabilities or that can work the issues from top to bottom. The NetWatcher cloud correlation service uses the vulnerability events as just another data source.
NetWatcher Accounts and Alerts Customer Portal “Contacts” can be setup with different profiles (basic/intermediate) and can be configured to have alarms pushed to them as emails or SMS messages. Contacts can also have the score sent to them via email. A great way to setup a customer is for the management to get the score and reports sent to them weekly and to have alarms sent directly to the IT helpdesk or MSP for remediation.
NetWatcher Advanced The advanced tab is for customers that have technical people that understand security and want access to the event detail that gets correlated to produce actionable threat intelligence “alarms”. Users can create any query on the (NIDS, HIDS, LOGS, Products and Vulnerability Scanning data) and turn it into either a report or a tripwire that can send an email or SMS if tripped. Charts can also be created easily based on the query.
NetWatcher Advanced – Event Detail 1 of 2 Digging into an event allows the user to get at the details of what external IP the internal asset is communicating with… What country it’s in… What Port, Hostname etc.. When did the session start and end… What does the header look like… Download the packet (pcap) into Wireshark.
NetWatcher Advanced – Event Detail 2 of 2 What rule tripped the event… What Netflow analytics for the session are associated with the event… What other events have occurred on this asset within an hour, day, week and month…
Support NetWatcher has a ticketing engine that end users can use to communicate with their MSP or NetWatcher support (direct account). Ticketing is recorded for monetization purposes. Currently NetWatcher charges 37 dollars a ticket.
https://netwatcher.com

Recommended

A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
Symantec
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
Symantec
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
persons20ar
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security Intelligence
Anna Landolfi
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-Advisor
Luigi Perrone
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
Mountain States Engineering and Controls
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
Chandrashekhar B
 

Recommended

A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
Symantec
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
Symantec
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
persons20ar
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security Intelligence
Anna Landolfi
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-Advisor
Luigi Perrone
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
Mountain States Engineering and Controls
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
Chandrashekhar B
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
Anton Chuvakin
 
IKare Vulnerability Scanner - Datasheet EN
IKare Vulnerability Scanner - Datasheet ENIKare Vulnerability Scanner - Datasheet EN
IKare Vulnerability Scanner - Datasheet EN
ITrust - Cybersecurity as a Service
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Andris Soroka
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
Camilo Fandiño Gómez
 
Lowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to ZLowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to Z
Tim De Keukelaere
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlation
frantzyv
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
IBM Security
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG Report
Priyanka Aash
 
network-host-reconciliation
network-host-reconciliationnetwork-host-reconciliation
network-host-reconciliationGordon Mackay - CISSP
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
NetStandard
 
Axxera ci siem
Axxera ci siemAxxera ci siem
Axxera ci siemReddy Marri
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforce
sreenivas1591
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
Muhammad FAHAD
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...
Erin Moore
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring Primer
Rocco Magnotta
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
Venkat Projects
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptx
Couronne1
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
Laura Arrigo
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vmazfayel
 

More Related Content

What's hot

Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
MHumaamAl
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
Anton Chuvakin
 
IKare Vulnerability Scanner - Datasheet EN
IKare Vulnerability Scanner - Datasheet ENIKare Vulnerability Scanner - Datasheet EN
IKare Vulnerability Scanner - Datasheet EN
ITrust - Cybersecurity as a Service
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Andris Soroka
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
Camilo Fandiño Gómez
 
Lowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to ZLowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to Z
Tim De Keukelaere
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlation
frantzyv
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
IBM Security
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG Report
Priyanka Aash
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
NetStandard
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforce
sreenivas1591
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
Muhammad FAHAD
 

What's hot (16)

Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
 
IKare Vulnerability Scanner - Datasheet EN
IKare Vulnerability Scanner - Datasheet ENIKare Vulnerability Scanner - Datasheet EN
IKare Vulnerability Scanner - Datasheet EN
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 
Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
 
Lowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to ZLowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to Z
 
Open service risk correlation
Open service risk correlationOpen service risk correlation
Open service risk correlation
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG Report
 
network-host-reconciliation
network-host-reconciliationnetwork-host-reconciliation
network-host-reconciliation
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
Axxera ci siem
Axxera ci siemAxxera ci siem
Axxera ci siem
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforce
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
 

Similar to NetWatcher Customer Overview

A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...
Erin Moore
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring Primer
Rocco Magnotta
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
Venkat Projects
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptx
Couronne1
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
Laura Arrigo
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vmazfayel
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
amaranthbeg55
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.com
amaranthbeg95
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
GermanERuizCorrales
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
Teri Radichel
 
cybersecurity-careers.pdf
cybersecurity-careers.pdfcybersecurity-careers.pdf
cybersecurity-careers.pdf
RakeshKumar442494
 
Getting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperGetting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperTawnia Beckwith
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
IRJET Journal
 
Infosec cert service
Infosec cert serviceInfosec cert service
Infosec cert service
Minh Le
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
PrescottLunt384
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
TechBiz Forense Digital
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environmentsamiable_indian
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest ResumeDhishant Abrol
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 

Similar to NetWatcher Customer Overview (20)

A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...
 
Business Logic Monitoring Primer
Business Logic Monitoring PrimerBusiness Logic Monitoring Primer
Business Logic Monitoring Primer
 
user centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations centeruser centric machine learning framework for cyber security operations center
user centric machine learning framework for cyber security operations center
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptx
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm2 20613 qualys_top_10_reports_vm
2 20613 qualys_top_10_reports_vm
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.com
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.com
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat Defense
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
 
cybersecurity-careers.pdf
cybersecurity-careers.pdfcybersecurity-careers.pdf
cybersecurity-careers.pdf
 
Getting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paperGetting the Most Value from VM and Compliance Programs white paper
Getting the Most Value from VM and Compliance Programs white paper
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
 
Infosec cert service
Infosec cert serviceInfosec cert service
Infosec cert service
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
Dhishant -Latest Resume
Dhishant -Latest ResumeDhishant -Latest Resume
Dhishant -Latest Resume
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
 

Recently uploaded

Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Boris Ziegler
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
fisherameliaisabella
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Lviv Startup Club
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
Norma Mushkat Gaffin
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
daothibichhang1
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 

Recently uploaded (20)

Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
Agency Managed Advisory Board As a Solution To Career Path Defining Business ...
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 

NetWatcher Customer Overview

  • 2. www.netwatcher.com Most SMBs have this stack It’s relatively inexpensive NGFW Secure DNS Secure Email AV – Anti Malware VPN WAF RMM The Problem…
  • 3. www.netwatcher.com Threat Intel SIEM Intrusion Detection End Point Behavior Vulnerability Scanner All Enterprises have this stack …but it’s expensive and requires scarce security talent NGFW Secure DNS Secure Email AV – Anti Malware VPN WAF RMM
  • 4. www.netwatcher.com Threat Intel SIEM Intrusion Detection End Point Behavior Vulnerability Scanner SBM’s can’t have this stack It’s expensive and requires scarce security talent NGFW Secure DNS Secure Email AV – Anti Malware VPN WAF RMM
  • 5. www.netwatcher.com Threat Intel SIEM Intrusion Detection End Point Behavior Vulnerability Scanner Unfortunatly for Regulated SMBs 39% have to have this stack HIPAA, PCI-DSS, NIST 800-171, 23 NYCRR 500, GLBA etc… So what are they supposed to do? NGFW Secure DNS Secure Email AV – Anti Malware VPN WAF RMM
  • 6. www.netwatcher.com Threat Intel SIEM Intrusion Detection End Point Behavior Vulnerability Scanner What if this entire stack was Easy to install Easy to use Inexpensive and provided as a service? NGFW Secure DNS Secure Email AV – Anti Malware VPN WAF RMM Welcome to NetWatcher®
  • 7. What is… NetWatcher® “Managed Detection & Response” . www.netwatcher.com You deploy Sensors &/or Endpoints Sensor(s) (hardware or VM) sit on the inside of customers network and listens for anomalies… (IDS, Netflow, SIEM, Scanner). Sensors are not inline. Endpoint agent (HIDS, Logs, Sensor-in-Cloud VPN/IDS) Sensors/Endpoints send indicators of compromise (events) over a secure VPN to the cloud Automated (cloud) “hunting” for creating Actionable Threat Intelligence Alarms about poor security hygiene, vulnerabilities, active exploits and malware Delivered as a multi-tenant service Backstopped by a team of SOC analysts that become YOUR SOC!
  • 8. What is… The Value of NetWatcher . www.netwatcher.com Enterprise security provided at a fraction of the price of legacy providers Support for security compliance line items that are costly and difficult to deploy and manage Access to enterprise security analysts working your issues Easy to understand portal with alerting/reporting for exploits and hygiene issues that will cause you to be exploited. Remediation guidance Access to additional support
  • 9. Customer Portal Dashboard On the customer portal dashboard you will find 2 scores that change as the security situational awareness picture of the customer changes. Both scores are out of 100 (the best you can get). The Cyber Health Score - This score helps you understand how bad your organization is compromised today. Cyber Promiscuity Score(TM) - This score helps you understand how much the activity going on in your organization today expose you to future compromise. If you click on an item in the Executive Dashboard Widget you will be taken directly to that alarm.
  • 10. Dashboard - Widgets There are many widgets that you can install onto the dashboard. Some of those include: 1. Score over time 2. Risky Software running on the network 3. Vulnerable Software running on the network 4. Clear text info being sent over the internet 5. Events by country
  • 11. Alarm “Security” = Malware / Exploit Each Alarm has an easy to understand description and recommendation written for the IT helpdesk. If the users account is setup as an ‘intermediate’ profile (ie. More technical) then you can also see what events the correlation engine used to determine an alarm was necessary. The User can also create a ticket on the event to work with their partner (MSP) or the NetWatcher SOC team (direct customer). There is also a comment field that is date and timestamped that HIPAA security rule users can leverage to document how the alarm was remediated. MSP Partners can get this same detail sent to ConnectWise. Users can also receive Alarms via SMS and email.
  • 12. Alarm “Policy” “Scans” “Hygiene” Policy alarms are related to users visiting sites that are not appropriate such as pornography and online gambling… Scan alarms are when a bad actor is doing reconnaissance on the organization (example: someone running Metasploit on internal assets. Hygiene alarms are when a user is doing something that opens the organization up for exploit. An alarm is only created 1 time per asset per alarm type to ensure alarm fatigue is not an issue. The alarm is then aged over a 2 week period and closed if it is not seen again. Alarm ‘triggers’ can be created to forward alarms based on search query via SMS and email.
  • 13. Reports – Compliance as a Service Reports can be created across any of the data in the system (events, alarms, assets, tickets etc..) Reoccurring Reports can be created and sent via email and also stored for future download by users and auditors. Download as PDF or CSV.
  • 14. NetWatcher Endpoint The NetAgent for Linux/Windows (and soon MAC) provides the organization with a “health” and “promiscuity” score per asset so it is easy to see the trouble spots in the organization that may need additional cyber training. The HIDS module enable File Integrity Monitoring, Rootkit checks and Process monitoring via OSSEC and the Wazuh ruleset. The LOGS module pushes the operating system logs to the sensor for additional correlation. The Sensor-in-the-Cloud module allows administrators to track corporate assets event when they are not on the network. This opens a secure VPN and leverage a sensor hosted in the NetWatcher Cloud.
  • 15. NetWatcher Endpoint Detail The NetAgent also provides detail on the operating system and hardware detail as well asl all the software corresponding components as well as versions, install / uninstall location. All software detail can also be used for correlation purposes.
  • 16. NetWatcher SYSLOG Ingestion NetWatcher can also ingest SYSLOGs from hardware devices such as a firewall for correlation purposes.
  • 17. NetWatcher Vulnerability Scanner NetWatcher can easily create reoccurring vulnerability scans that can be used for PCI- DSS internal scans. Users can schedule reoccurring scans or run one – time scans of specific assets.
  • 18. NetWatcher Vulnerability Scanner Once scans are run events are produced that line up with CSV priorities (low, med, high). Users can report on all vulnerabilities or that can work the issues from top to bottom. The NetWatcher cloud correlation service uses the vulnerability events as just another data source.
  • 19. NetWatcher Accounts and Alerts Customer Portal “Contacts” can be setup with different profiles (basic/intermediate) and can be configured to have alarms pushed to them as emails or SMS messages. Contacts can also have the score sent to them via email. A great way to setup a customer is for the management to get the score and reports sent to them weekly and to have alarms sent directly to the IT helpdesk or MSP for remediation.
  • 20. NetWatcher Advanced The advanced tab is for customers that have technical people that understand security and want access to the event detail that gets correlated to produce actionable threat intelligence “alarms”. Users can create any query on the (NIDS, HIDS, LOGS, Products and Vulnerability Scanning data) and turn it into either a report or a tripwire that can send an email or SMS if tripped. Charts can also be created easily based on the query.
  • 21. NetWatcher Advanced – Event Detail 1 of 2 Digging into an event allows the user to get at the details of what external IP the internal asset is communicating with… What country it’s in… What Port, Hostname etc.. When did the session start and end… What does the header look like… Download the packet (pcap) into Wireshark.
  • 22. NetWatcher Advanced – Event Detail 2 of 2 What rule tripped the event… What Netflow analytics for the session are associated with the event… What other events have occurred on this asset within an hour, day, week and month…
  • 23. Support NetWatcher has a ticketing engine that end users can use to communicate with their MSP or NetWatcher support (direct account). Ticketing is recorded for monetization purposes. Currently NetWatcher charges 37 dollars a ticket.

Editor's Notes

  1. There are 5M businesses in the US and 125M WW that are doing no more than anti-virus And a firewall to secure their enterprises and they are getting compromised daily. Their customers and compliance mandates are demanding that these 5M businesses do more to secure their infrastructure however these enterprises don’t have the resources… We solve this problem!