Cloud Managed Security Services
RedBear has been a Cloud managed security service provider (MSSP) since 2015. We provide a specialised and ongoing management function for clients that prefer to focus on their own business operations. The RedBear managed services caters for operational and security management of both the Cloud infrastructure environment and the applications that run on it. It is a Cloud native platform built on and for the Cloud.
Since those early days, the platform and service has evolved considerably, where RedBear has evaluated hundreds of complementary security and management technologies before settling on the current curated mix. We have increased the overall security platform capability over time with the current offering making considerable use of automation for rapid and continuous response.
RedBear’s managed security service was recognised by AWS. Our services has achieved the AWS Level 1 MSSP Competency status and we were one of the global launch partners announced at re:Inforce 2021. In addition, we were awarded the Specialization for Modern Compute Security in 2022.
RedBear’s platform and service capabilities represent a market leading Managed Security Service solution.
Why Cloud Managed Security Services?
According to Gartner, by 2025, 99% of Cloud security related failures will be as a result of configuration or other human error by the customer of the Cloud platform.
Let us take some of your Cloud security weight off your shoulders. As a Managed Security Service Provider (MSSP), we have worked closely with security experts to develop managed security service (MSS) capabilities. Our MSS is uniquely designed to protect and monitor your essential resources, delivered to you as a fully managed service.
Whether your company is new to security in the Cloud or an experienced team, RedBear can be your Cloud security team or integrate into your internal security teams’ operations. Either way, you will benefit from our close collaboration with industry security experts in the integration of native Cloud security services and third-party tools that our team leverage to provide our MSS.
About the AWS Level 1 MSSP Competency
This new baseline standard of quality for managed security services was introduced by AWS to benefit cloud environments of any size and it spans six security domains: vulnerability management, cloud security best practices and compliance, threat detection and response, network security, host and endpoint security, and application security.The six domains contain multiple MSSP services, each with technical skillset and operational process requirements specific to AWS.
AWS launched the AWS Level 1 MSSP Competency to enable customers to easily acquire ongoing security monitoring and management, validated by AWS. AWS security experts annually validate the tools used and operational processes of each MSSP address specific cloud security challenges such as continuous event monitoring, triaging, AWS service configuration best practices, and 24/7 incident response. The AWS Level 1 MSSP Competency provides a faster and easier experience for customers to select the right MSSP to help them achieve their goals for business risk and cloud strategy confidence.
In 2022, AWS added several specializations that add on top of the Level 1 MSSP Competency.
Key capabilities of our MSS
Our service provides the following capabilities in line with the AWS Level 1 MSSP Competency. In addition, we are recognised by AWS as having a Specialization for Modern Compute Security on top of the Level 1 MSSP offering.
Routine scanning of infrastructure and endpoint (VM) resources for known software vulnerabilities. Newly added resources are automatically discovered and available for scanning. Metadata for scanned infrastructure is available as part of scan results to better enable reporting and decision making. This allow us to identify infrastructure in your environments that is subject to known vulnerabilities. Findings around known vulnerabilities enable customers to remediate these findings, helping to ensure that their infrastructure is in line with security best practices. Customers seeking to maintain compliance can utilise vulnerability scanning to help demonstrate compliance with external standards.
Continuous scanning and reporting of all resources, and their configuration details, updated automatically with newly added or removed resources. Maintaining full visibility into what resources are being added, changed, or removed across your organisation helps to reduce business risk from unsanctioned activity.
Detect when accounts and the configuration of deployed resources does not align to security best practices. Detection of misconfigurations of resources is critical to improving cloud security posture and reducing business risk.
Scanning your environment for compliance standards against CIS Foundations, PCI DSS, HIPAA, ISO 27001, MITRE ATT@CK, AND SOC2. We provide improved cloud security governance and compliance posture resulting in reduced business risk.
A combination of automated tooling and security experts continuously monitor aggregated resource logs across network, host, and API layers to analyze and triage security events. Identified alerts are made available for customers to view, allowing them to incorporate remediation into their operational workflows. Remediation guidance is provided with the findings to better enable customers to resolve issues in their environments. Gain full visibility into security alerts related to your Cloud environment, with a consolidated list of security events and recommended remediation guidance.
Receive notification of high priority security events and expert guidance on recommended remediation steps 24/7. Our around the clock automated response combined with our security team results in quicker time to resolve for high priority security events, reducing event impact and business risk.
A system backed by technology and security experts monitoring 24/7 for Distributed Denial of Service (DDoS) attacks against your Cloud applications. Increased visibility and resilience to DDoS attacks can reduce the risk of availability, financial, and security impacts to your applications.
Protect your environment from known and emerging threats that seek to exploit known vulnerabilities. Adding a layer of security for your endpoints helps with defence against known threat patterns, increasing your overall security posture.
A combination of technology and cloud security experts working to continuously detect, investigate, and remove threats from within your Cloud hosted endpoints (VMs). Free up internal resources and lower your business risk with RedBear's continuous detection, investigation and remediation of Cloud endpoint security events.
A firewall managed service designed to protect web-facing applications and APIs against common exploits. WAFs help to maintain web-application and API availability and reduce risk of compromised security, or consumption of excessive resources.
As more customers move to containers and serverless, we enable security managed services for modern compute environment based on containers and serverless. Our service includes container image scanning, container threat detection and patch management of container nodes. We also provide security solutions for serverless environments focussing on code scanning and threat detection.
We also provide the following additional capabilities for our customers.
In combination with vulnerability scanning of endpoints, automated patching ensures that critical security patches are applied in a timely manner. For zero day vulnerabilities, virtual patching is also provided. Keeping your software up to date is critical to reducing risk for your workloads.
With a tsunami of data available from your Cloud environment, how do you identify the key incidents and associated information to focus on? By using modern techniques such as UBA and outlier based approaches, our MSS aims to deliver meaningful and actionable alerts based on observed events and behaviour.
A Cloud based SIEM built for and in the Cloud. Our SIEM correlates events to provide incident management and investigations for our teams. SIEMs have traditionally been based around old on-premises view of security. By using a Cloud native approach, we are able to reduce the mean time to detect and resolution for our customers.
Threat intelligence and enrichment of events is critical to identify potential threats and reduce false positives.
Log consolidation and analysis across Cloud services, security services, operating system and application logs. This allows our MSS to follow a potential breach across your environments, identifying lateral movement and low level activity.
Continuously monitoring network traffic is an essential tool to detect potential intrusions across the network. With the right system in place, analysts can ensure they maintain continuous visibility across the network while gaining the ability to recognise compromises quickly. This enables tracing of potential attackers’ steps across systems and applications.
Endpoint and resource monitoring for availability, capacity and performance.
Management of backups for recovery and for protection against ransomware.
Log and security data retained for 180 days in a hot status and archived indefinitely. All data is stored in Australia using encrypted storage and unique keys.
We can help you create a secure development and deployment pipeline. Working with your teams, we can bring the skills and tooling to protecting your supply chain. This includes baking security testing into your pipeline. It includes code and dependency scanning using AWS and third party tools.
ChatOps enabled notifications via Slack (with an option for Microsoft Teams) for reduced time to remediation & escalation.
Our MSS is aligned to Australian Cyber Security Centre (ACSC) Australian Government Information Security Manual (ISM).
Integration into client’s change control and incident/problem management systems, such as Jira and ServiceNow.