Service Description

VaporVM’s Managed Security Services are segregated into three main categories:

  • Security Monitoring
  • Incident Response
  • Threat Intelligence

Each of these categories has a list of underlying services that would help protect the customer from major vulnerabilities and threats.

Security Monitoring

VaporVM provides 24/7 monitoring of customer infrastructure and has visibility into various security aspects. Security monitoring is done real time and threats and vulnerabilities are tackled in the same manner. Our SOC analysts take proactive approach in mitigating customer environments against the latest threats. Monitoring also includes alerts for the customer for various criticality levels and delivers complete visibility into their system.

Security monitoring includes:

  • Host monitoring
  • Network monitoring
  • Application-log monitoring
  • Data-in-motion monitoring
  • Infrastructure log monitoring
  • User account authentication and access monitoring

Incident Reporting

VaporVM ensures that in case of any incident, proper SOPs are followed based on the predetermined criticality factor of the incident.

VaporVM follows a standard procedure to ensure that any breach or threat is timely dealt with and its impact is mitigated.  Following is a general SOP followed by VaporVM SOC team to handle any incident:

Following are further services delivered as a part VaporVM’s Managed Security Services.

  • Incident scope and severity determination
  • Computer forensics
  • Major breach support
  • Static and dynamic malware analysis

Threat Intelligence

VaporVM keeps itself up-to-date with the latest trends in cyber security and ensures that its customers are protected against any latest threats like various malwares and ransomwares. VaporVM uses its SEM solution’s expertise in managing an Open Threat Exchange (OTX) that has information about the latest vulnerabilities of countless vendors across the globe and runs correlation analysis to ensure that any such threat is mitigated before it results in an incident.

Security Incident Monitoring

VaporVM shall be monitoring the following types of security incidents.
System Compromise – Behavior indicating a compromised system
Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system
Delivery & Attack – Behavior indicating an attempted delivery of an exploit
Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network
Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications

USE CASES

1. SQL Injection Attacks

Target victims: Any enterprise with websites and databases
Vulnerability: High
Criticality: High
SOC feature to address: Intrusion Detection System (IDS)

2. Watering Hole Attack

Target victims: Personal and office systems
Vulnerability: Low
Criticality: High
SOC feature to address: Intrusion Detection System (IDS)

3. Malware Attacks

Target victims: Any enterprise with websites and databases
Vulnerability: High
Criticality: High
SOC feature to address: Open Threat Exchange correlation

4. Compliance Management

Target: Compliance oriented enterprises
Vulnerability: High
Criticality: High
SOC feature to address: Reporting dashboard that provides:

  • Asset discovery
  • Vulnerability assessment
  • Host and network intrusion detection
  • File integrity monitoring