Cloud Managed Security Services
RedBear has been running a Cloud managed service since 2015, to provide a specialised and ongoing management function for clients that preferred to focus on their own business operations. The RedBear managed services caters for operational and security management of both the Cloud infrastructure environment and the applications that run on it. It is a Cloud native platform built on and for the Cloud.
Since those early days, the platform and service has evolved considerably, where RedBear has evaluated hundreds of complementary security and management technologies before settling on the current curated mix. We have increased the overall security platform capability over time with the current offering making considerable use of automation for rapid and continuous response.
RedBear’s platform and service capabilities represent a market leading Security Managed Service solution.
Key capabilities include
Vulnerability management of endpoints to assess risk for new vulnerabilities and apply patches in a timely manner.
Machine learning based analytics of the logs to generate actionable alerts and notifications based on observed events.
Automation of response, offering near real time response 24×7.
Cloud hosted SIEM for incident investigation and management.
Threat intelligence and enrichment of events to identify potential threats and reduce false positives.
Log consolidation and analysis across AWS services, security services, operating system, and application logs.
Virtual patching where supported by the endpoint technology.
Endpoint and service monitoring for availability and performance.
Compliance dashboards for both technical and business level views of the Cloud platform.
Data retained for 180 days in a hot status and archived indefinitely. All data is stored in Australia using encrypted storage and unique keys.
Endpoint service monitoring for availability and performance.
ChatOps enabled notifications via Slack (with an option for Microsoft Teams) for reduced time to remediation & escalation.
Aligned to Australian Cyber Security Centre (ACSC) Australian Government Information Security Manual (ISM).
Integration into client’s change control and incident/problem management systems, such as Jira and ServiceNow.
Microsoft 365 security monitoring service
The COVID-19 pandemic has resulted in significant changes to working patterns for most organisations, with a more geographically dispersed workforce than ever before. Many organisations are making more and more user of Microsoft 365 (previously Office365) for collaboration. Security of a Microsoft 365 tenant starts with visibility of operations, yet many organisations remain unaware of the day to day activities and usage of the platform.
Microsoft 365 provides a Cloud based platform for business productivity, including Email (Exchange), SharePoint, Active Directory, Teams and OneDrive (as core offerings). The rich functionality also means that there are several opportunities for unseen security issues to arise. RedBear has built and run Microsoft 365 security monitoring for our existing financial services and Public Sector clients for several years and is a mature and comprehensive offering significantly beyond that of the standard Microsoft out of the box security monitoring offering.
Some of the key areas that RedBear’s Security Monitoring of Microsoft 365 includes are:
- Detection and alerting of failed logins from inside and outside Australia for Azure Active Directory;
- Detection of brute force attempts;
- Anomalous user behaviour access patterns (failed and successful) across the core products, including location and behaviour changes;
- Identification of impossible travel scenarios (login attempts from geographically disperse locations) across the core products;
- Access to SharePoint and OneDrive objects from external domains, including public sharing of objects;
- Identification of privileged operations within Microsoft 365;
- Security Compliance centre alerting such as suspected phishing emails;
- Usage statistics across Exchanges, OneDrive and Exchange statistics (information such as top sites/URLs, upload/downloads);
- Behaviour that may indicate a compromised Exchange mailbox;
- Administrator changes to their own account or group membership in Azure Active Directory;
RedBear uses both dashboards and alerts as part of our Security Managed Services solution
HRG Australia is the Australian division of an international corporate travel services company. The international roll out of a new key business application was a miss match with existing regional IT infrastructure and systems.
RedBear IT saved approximately $1 million in planned capital expenses to satisfy new application requirements.
– Steve Ash from HRG Australia