Cloud Managed Security Services
RedBear has been a Cloud managed security service provider (MSSP) since 2015. We provide a specialised and ongoing management function for clients that prefer to focus on their own business operations. The RedBear managed services caters for operational and security management of both the Cloud infrastructure environment and the applications that run on it. It is a Cloud native platform built on and for the Cloud.
Since those early days, the platform and service has evolved considerably, where RedBear has evaluated hundreds of complementary security and management technologies before settling on the current curated mix. We have increased the overall security platform capability over time with the current offering making considerable use of automation for rapid and continuous response.
RedBear’s platform and service capabilities represent a market leading Managed Security Service solution.
Why Cloud Managed Security Services?
According to Gartner, by 2025, 99% of Cloud security related failures will be as a result of configuration or other human error by the customer of the Cloud platform.
Let us take some of your Cloud security weight off your shoulders. As a Managed Security Service Provider (MSSP), we have worked closely with security experts to develop managed security service (MSS) capabilities. Our MSS is uniquely designed to protect and monitor your essential resources, delivered to you as a fully managed service.
Whether your company is new to security in the Cloud or an experienced team, RedBear can be your Cloud security team or integrate into your internal security teams’ operations. Either way, you will benefit from our close collaboration with industry security experts in the integration of native Cloud security services and third-party tools that our team leverage to provide our MSS.
Key capabilities of our MSS
Routine scanning of infrastructure and endpoint (VM) resources for known software vulnerabilities. Newly added resources are automatically discovered and available for scanning. Metadata for scanned infrastructure is available as part of scan results to better enable reporting and decision making. This allow us to identify infrastructure in your environments that is subject to known vulnerabilities. Findings around known vulnerabilities enable customers to remediate these findings, helping to ensure that their infrastructure is in line with security best practices. Customers seeking to maintain compliance can utilise vulnerability scanning to help demonstrate compliance with external standards.
Continuous scanning and reporting of all resources, and their configuration details, updated automatically with newly added or removed resources. Maintaining full visibility into what resources are being added, changed, or removed across your organisation helps to reduce business risk from unsanctioned activity.
Detect when accounts and the configuration of deployed resources does not align to security best practices. Detection of misconfigurations of resources is critical to improving cloud security posture and reducing business risk.
Scanning your environment for compliance standards against CIS Foundations, PCI DSS, HIPAA, ISO 27001, MITRE ATT@CK, AND SOC2. We provide improved cloud security governance and compliance posture resulting in reduced business risk.
A combination of automated tooling and security experts continuously monitor aggregated resource logs across network, host, and API layers to analyze and triage security events. Identified alerts are made available for customers to view, allowing them to incorporate remediation into their operational workflows. Remediation guidance is provided with the findings to better enable customers to resolve issues in their environments. Gain full visibility into security alerts related to your Cloud environment, with a consolidated list of security events and recommended remediation guidance.
Receive notification of high priority security events and expert guidance on recommended remediation steps 24/7. Our around the clock automated response combined with our security team results in quicker time to resolve for high priority security events, reducing event impact and business risk.
A system backed by technology and security experts monitoring 24/7 for Distributed Denial of Service (DDoS) attacks against your Cloud applications. Increased visibility and resilience to DDoS attacks can reduce the risk of availability, financial, and security impacts to your applications.
Protect your environment from known and emerging threats that seek to exploit known vulnerabilities. Adding a layer of security for your endpoints helps with defence against known threat patterns, increasing your overall security posture.
A combination of technology and cloud security experts working to continuously detect, investigate, and remove threats from within your Cloud hosted endpoints (VMs). Free up internal resources and lower your business risk with RedBear's continuous detection, investigation and remediation of Cloud endpoint security events.
A firewall managed service designed to protect web-facing applications and APIs against common exploits. WAFs help to maintain web-application and API availability and reduce risk of compromised security, or consumption of excessive resources.
In combination with vulnerability scanning of endpoints, automated patching ensures that critical security patches are applied in a timely manner. For zero day vulnerabilities, virtual patching is also provided. Keeping your software up to date is critical to reducing risk for your workloads.
With a tsunami of data available from your Cloud environment, how do you identify the key incidents and associated information to focus on? By using modern techniques such as UBA and outlier based approaches, our MSS aims to deliver meaningful and actionable alerts based on observed events and behaviour.
A Cloud based SIEM built for and in the Cloud. Our SIEM correlates events to provide incident management and investigations for our teams. SIEMs have traditionally been based around old on-premises view of security. By using a Cloud native approach, we are able to reduce the mean time to detect and resolution for our customers.
Threat intelligence and enrichment of events is critical to identify potential threats and reduce false positives.
Log consolidation and analysis across Cloud services, security services, operating system and application logs. This allows our MSS to follow a potential breach across your environments, identifying lateral movement and low level activity.
Continuously monitoring network traffic is an essential tool to detect potential intrusions across the network. With the right system in place, analysts can ensure they maintain continuous visibility across the network while gaining the ability to recognise compromises quickly. This enables tracing of potential attackers’ steps across systems and applications.
Endpoint and resource monitoring for availability, capacity and performance.
Management of backups for recovery and for protection against ransomware.
Log and security data retained for 180 days in a hot status and archived indefinitely. All data is stored in Australia using encrypted storage and unique keys.
ChatOps enabled notifications via Slack (with an option for Microsoft Teams) for reduced time to remediation & escalation.
Our MSS is aligned to Australian Cyber Security Centre (ACSC) Australian Government Information Security Manual (ISM).
Integration into client’s change control and incident/problem management systems, such as Jira and ServiceNow.
Microsoft 365 security monitoring service
The COVID-19 pandemic has resulted in significant changes to working patterns for most organisations, with a more geographically dispersed workforce than ever before. Many organisations are making more and more user of Microsoft 365 (previously Office365) for collaboration. Security of a Microsoft 365 tenant starts with visibility of operations, yet many organisations remain unaware of the day to day activities and usage of the platform.
Microsoft 365 provides a Cloud based platform for business productivity, including Email (Exchange), SharePoint, Active Directory, Teams and OneDrive (as core offerings). The rich functionality also means that there are several opportunities for unseen security issues to arise.
RedBear has built and run Microsoft 365 security monitoring for our existing financial services and Public Sector clients for several years and is a mature and comprehensive offering significantly beyond that of the standard Microsoft out of the box security monitoring offering.
Our Microsoft 365 monitoring solution is an extension to our Cloud Managed Security Service.
Some of the key areas that RedBear’s Security Monitoring of Microsoft 365 includes are:
- Detection and alerting of failed logins from inside and outside Australia for Azure Active Directory;
- Detection of brute force attempts;
- Anomalous user behaviour access patterns (failed and successful) across the core products, including location and behaviour changes;
- Identification of impossible travel scenarios (login attempts from geographically disperse locations) across the core products;
- Access to SharePoint and OneDrive objects from external domains, including public sharing of objects;
- Identification of privileged operations within Microsoft 365;
- Security Compliance centre alerting such as suspected phishing emails;
- Usage statistics across Exchanges, OneDrive and Exchange statistics (information such as top sites/URLs, upload/downloads);
- Behaviour that may indicate a compromised Exchange mailbox;
- Administrator changes to their own account or group membership in Azure Active Directory.
HRG Australia is the Australian division of an international corporate travel services company. The international roll out of a new key business application was a miss match with existing regional IT infrastructure and systems.
RedBear IT saved approximately $1 million in planned capital expenses to satisfy new application requirements.
– Steve Ash from HRG Australia