Cloud Managed Security Services
RedBear has been a Cloud managed security service provider (MSSP) since 2015. We provide a specialised and ongoing management function for clients that prefer to focus on their own business operations. The RedBear managed services caters for operational and security management of both the Cloud infrastructure environment and the applications that run on it. It is a Cloud native platform built on and for the Cloud.
Since those early days, the platform and service has evolved considerably, where RedBear has evaluated hundreds of complementary security and management technologies before settling on the current curated mix. We have increased the overall security platform capability over time with the current offering making considerable use of automation for rapid and continuous response.
RedBear’s managed security service was recognised by AWS. Our services has achieved the AWS Level 1 MSSP Competency status and we were one of the global launch partners announced at re:Inforce 2021.
RedBear’s platform and service capabilities represent a market leading Managed Security Service solution.
Why Cloud Managed Security Services?
According to Gartner, by 2025, 99% of Cloud security related failures will be as a result of configuration or other human error by the customer of the Cloud platform.
Let us take some of your Cloud security weight off your shoulders. As a Managed Security Service Provider (MSSP), we have worked closely with security experts to develop managed security service (MSS) capabilities. Our MSS is uniquely designed to protect and monitor your essential resources, delivered to you as a fully managed service.
Whether your company is new to security in the Cloud or an experienced team, RedBear can be your Cloud security team or integrate into your internal security teams’ operations. Either way, you will benefit from our close collaboration with industry security experts in the integration of native Cloud security services and third-party tools that our team leverage to provide our MSS.
About the AWS Level 1 MSSP Competency
This new baseline standard of quality for managed security services was introduced by AWS to benefit cloud environments of any size and it spans six security domains: vulnerability management, cloud security best practices and compliance, threat detection and response, network security, host and endpoint security, and application security.The six domains contain multiple MSSP services, each with technical skillset and operational process requirements specific to AWS.
AWS launched the AWS Level 1 MSSP Competency to enable customers to easily acquire ongoing security monitoring and management, validated by AWS. AWS security experts annually validate the tools used and operational processes of each MSSP address specific cloud security challenges such as continuous event monitoring, triaging, AWS service configuration best practices, and 24/7 incident response. The AWS Level 1 MSSP Competency provides a faster and easier experience for customers to select the right MSSP to help them achieve their goals for business risk and cloud strategy confidence.
Key capabilities of our MSS
Our service provides the following capabilities in line with the AWS Level 1 MSSP Competency.
Routine scanning of infrastructure and endpoint (VM) resources for known software vulnerabilities. Newly added resources are automatically discovered and available for scanning. Metadata for scanned infrastructure is available as part of scan results to better enable reporting and decision making. This allow us to identify infrastructure in your environments that is subject to known vulnerabilities. Findings around known vulnerabilities enable customers to remediate these findings, helping to ensure that their infrastructure is in line with security best practices. Customers seeking to maintain compliance can utilise vulnerability scanning to help demonstrate compliance with external standards.
Continuous scanning and reporting of all resources, and their configuration details, updated automatically with newly added or removed resources. Maintaining full visibility into what resources are being added, changed, or removed across your organisation helps to reduce business risk from unsanctioned activity.
Detect when accounts and the configuration of deployed resources does not align to security best practices. Detection of misconfigurations of resources is critical to improving cloud security posture and reducing business risk.
Scanning your environment for compliance standards against CIS Foundations, PCI DSS, HIPAA, ISO 27001, MITRE ATT@CK, AND SOC2. We provide improved cloud security governance and compliance posture resulting in reduced business risk.
A combination of automated tooling and security experts continuously monitor aggregated resource logs across network, host, and API layers to analyze and triage security events. Identified alerts are made available for customers to view, allowing them to incorporate remediation into their operational workflows. Remediation guidance is provided with the findings to better enable customers to resolve issues in their environments. Gain full visibility into security alerts related to your Cloud environment, with a consolidated list of security events and recommended remediation guidance.
Receive notification of high priority security events and expert guidance on recommended remediation steps 24/7. Our around the clock automated response combined with our security team results in quicker time to resolve for high priority security events, reducing event impact and business risk.
A system backed by technology and security experts monitoring 24/7 for Distributed Denial of Service (DDoS) attacks against your Cloud applications. Increased visibility and resilience to DDoS attacks can reduce the risk of availability, financial, and security impacts to your applications.
Protect your environment from known and emerging threats that seek to exploit known vulnerabilities. Adding a layer of security for your endpoints helps with defence against known threat patterns, increasing your overall security posture.
A combination of technology and cloud security experts working to continuously detect, investigate, and remove threats from within your Cloud hosted endpoints (VMs). Free up internal resources and lower your business risk with RedBear's continuous detection, investigation and remediation of Cloud endpoint security events.
A firewall managed service designed to protect web-facing applications and APIs against common exploits. WAFs help to maintain web-application and API availability and reduce risk of compromised security, or consumption of excessive resources.
We also provide the following additional capabilities for our customers.
In combination with vulnerability scanning of endpoints, automated patching ensures that critical security patches are applied in a timely manner. For zero day vulnerabilities, virtual patching is also provided. Keeping your software up to date is critical to reducing risk for your workloads.
With a tsunami of data available from your Cloud environment, how do you identify the key incidents and associated information to focus on? By using modern techniques such as UBA and outlier based approaches, our MSS aims to deliver meaningful and actionable alerts based on observed events and behaviour.
A Cloud based SIEM built for and in the Cloud. Our SIEM correlates events to provide incident management and investigations for our teams. SIEMs have traditionally been based around old on-premises view of security. By using a Cloud native approach, we are able to reduce the mean time to detect and resolution for our customers.
Threat intelligence and enrichment of events is critical to identify potential threats and reduce false positives.
Log consolidation and analysis across Cloud services, security services, operating system and application logs. This allows our MSS to follow a potential breach across your environments, identifying lateral movement and low level activity.
Continuously monitoring network traffic is an essential tool to detect potential intrusions across the network. With the right system in place, analysts can ensure they maintain continuous visibility across the network while gaining the ability to recognise compromises quickly. This enables tracing of potential attackers’ steps across systems and applications.
Endpoint and resource monitoring for availability, capacity and performance.
Management of backups for recovery and for protection against ransomware.
Log and security data retained for 180 days in a hot status and archived indefinitely. All data is stored in Australia using encrypted storage and unique keys.
ChatOps enabled notifications via Slack (with an option for Microsoft Teams) for reduced time to remediation & escalation.
Our MSS is aligned to Australian Cyber Security Centre (ACSC) Australian Government Information Security Manual (ISM).
Integration into client’s change control and incident/problem management systems, such as Jira and ServiceNow.
Microsoft 365 security monitoring service
The COVID-19 pandemic has resulted in significant changes to working patterns for most organisations, with a more geographically dispersed workforce than ever before. Many organisations are making more and more use of Microsoft 365 (previously Office365) for collaboration. Security of a Microsoft 365 tenant starts with visibility of operations, yet many organisations remain unaware of the day to day activities and usage of the platform.
Microsoft 365 provides a Cloud based platform for business productivity, including Email (Exchange), SharePoint, Active Directory, Teams and OneDrive (as core offerings). The rich functionality also means that there are several opportunities for unseen security issues to arise.
RedBear has built and run Microsoft 365 security monitoring for our existing financial services and Public Sector clients for several years and is a mature and comprehensive offering significantly beyond that of the standard Microsoft out of the box security monitoring offering.
Our Microsoft 365 monitoring solution is an extension to our Cloud Managed Security Service.
Some of the key areas that RedBear’s Security Monitoring of Microsoft 365 includes are:
- Detection and alerting of failed logins from inside and outside Australia for Azure Active Directory;
- Detection of brute force attempts;
- Anomalous user behaviour access patterns (failed and successful) across the core products, including location and behaviour changes;
- Identification of impossible travel scenarios (login attempts from geographically disperse locations) across the core products;
- Access to SharePoint and OneDrive objects from external domains, including public sharing of objects;
- Identification of privileged operations within Microsoft 365;
- Security Compliance centre alerting such as suspected phishing emails;
- Usage statistics across Exchanges, OneDrive and Exchange statistics (information such as top sites/URLs, upload/downloads);
- Behaviour that may indicate a compromised Exchange mailbox;
- Administrator changes to their own account or group membership in Azure Active Directory.