Managed Detection & Response
Effective cyber security should not be cost prohibitive
Long behind us are the days that effective cyber security programs were reserved for enterprises with six-figure IT budgets. We are proving to each and every one of our customers that industry leading solutions and expert monitoring and response is well within reach of today's average enterprise.
Industry Leading Solutions
Every product and service that we offer is enterprise-grade and trusted worldwide. We carefully choose our offerings by maximizing capabilities while avoiding unneccesarily expensive "fluff" that often plagues the cyber security industry.
Network Intrusion Monitoring
Many providers exist today that will gladly ingest your firewall logs and call it "monitoring." We take a far more proactive approach and actively assess the network for weaknesses before a compromise and make recommendations for improvements. This is a never-ending process as threats constantly evolve, and so should our defenses. We implement network intrusion detection/prevention based on customer needs and tailoring to any existing solutions in use. Our appliances can be physical or virtual, and work seamlessly with the customer’s existing infrastructure. Again, this solution can be a simple “detector” that alerts on unusual or suspicious activity, or an actual blocking device that takes action against suspicious traffic. Regardless of which implementation is used, the intrusion sensor is monitored 24/7 by Recon’s Security Operations team which provides analysis and initial triage of any suspicious activity and notifies the customer as needed.
Security Appliance Management and Monitoring
We deploy, configure and manage industry leading Next Generation Firewalls, Mail Security solutions that provide intrusion prevention, application-layer control and reporting, URL filtering, antivirus scanning of files, download restrictions, user activity reporting, email security filtering, web application firewall, load balancing, high-availability w/failover, ability to quarantine infected hosts preventing connection to the internet, and more. Recon is able to provide fully-managed “zero touch” implementations, or a hybrid customer-assist approach where we augment existing staff in the management and monitoring of the security appliances.
Centralized Logging and Anomaly Alerting
Many small and medium businesses lack a very critical component found in every security plan, centralized logging and automatic alerting of detected anomalies. Recon builds, hosts, configures and manages a dedicated platform for each client to automatically forward all critical system event logs to for long-term storage, searching and automatic detection/alerting on suspicious events. This platform is capable of ingesting logs from virtually any source, ie. Windows servers (Exchange, AD, etc), Linux servers, workstations, firewalls, email security appliances, load balancers, Web Application Firewalls, etc
A bad habit among some security vendors is offering automated vulnerability scanning followed by a several hundred page automatically generated report left to be interpreted by the customer. We not only provide very thorough vulnerability scanning of our client systems, but we follow it with analyst written reports that summarize and consolidate into short, concise remediation steps written for fast and effective resolution. Recon can deploy a physical or virtual vulnerability scanner on a customer network to provide continuous scanning of critical systems for vulnerabilities. Recon provides an additional layer of value by combing through the daunting results of these scans (often hundreds of pages for an average small/medium business) and breaking them down into short, concise Vulnerability Remediation Plans. These plans are typically 4 or 5 pages and provide detailed instructions on how to remediate the most significant vulnerabilities identified by the scans on a routine basis.
Security Awareness Training
All of the technology and policy in the world cannot protect an organization from the number one most used attack vector: socially engineering employees by way of phishing, vishing and a variety of other methods meant to trick humans. By implementing a structured and regimented training plan, an organization can increase its security posture significantly by simply raising the awareness of its employees. Recon provides a training platform that can enroll and track completion of all employees of an organization and allow administrators to follow completion statistics. We built the training modules in-house, incorporating years of experience with “real world threats” to employees of any organization.
Usually used in conjunction with our Security Awareness Training, we can craft highly customized “phishing” emails targeting your employees in order to provide a detailed report on your organization’s resilience to similar attacks. Most organizations are entirely unaware of their human attack surface until an attack succeeds or a well-crafted test is run. Many similar services use generic templates that are easily caught be even less-vigilant users. We use campaigns that will resemble those used by sophisticated attackers, therefore painting a much more accurate picture of your true attack surface.
Advanced Network Defense & Decoy Systems
For customers requiring a very sophisticated network defense strategy, Recon has the ability to deploy various deception and early-warning systems across a customer network to provide advanced warning of an intrusion. These solutions range from honeypots that emulate real servers and workstations, to honeytokens that can be placed inside inboxes and network shares. Once in place, these deception systems will notify the customer and/or Recon’s Security Operations team anytime activity is detected, indicating a potential attack or insider threat. This level of network defense is ideal for customers who already have a solid foundation of network security and are looking to leverage cutting-edge detection tools to even further harden the security posture of the organization.
Breach and Confidential Data Leak Monitoring
Recon provides automatic scanning and searching of internet and dark web resources for the presence of information that is connected to a customer. This form of proactive monitoring allows our Security Operations team to alert a customer in the event an account may be compromised, sensitive data has been leaked or even to help ramp up defensive operations in advance of an impending attack.