Open Managed Security
Full-time security at a fraction of the cost.
Active monitoring, detection and response is no longer reserved for Fortune 100 organizations. We are proving to every one of our customers that industry leading technology and security expertise is well within reach of every organization.
What is Open Managed Security?
You may be familiar with terms such as Managed Security Services (MSS) Managed Detection & Response (MDR), Open Managed Security combines the best of these services leveraging best-of-breed open source platforms. Furthermore, we allow our clients to use the same tools that our SOC uses for detection and threat hunting.
Open Managed Security is “open” both because we use open source tools and our platform is open to our customers.Our live analysts, powered by our custom security stack, leveraging your existing infrastructure deliver comprehensive monitoring and world-class defense at “monitoring only” prices.
Network Intrusion Monitoring
Many MSSPs will gladly ingest your firewall logs and call it "monitoring." This often results in many alerts being forwarded to you that you otherwise already had access to, with little or no value added.
We take a far more proactive approach. We actively assess the network for weaknesses before a compromise and make recommendations for improvements. This is a continuous process.As threats evolve, so should our defenses. We implement network intrusion detection/prevention based on customer needs. Our appliances can be physical or virtual, and work seamlessly with the customer’s existing infrastructure. These solutions can be simple “detectors” that alert on unusual or suspicious activity or actual blocking devices that take action against suspicious traffic. Intrusion sensors are monitored 24/7 by Recon’s Security Operations team who provides analysis and initial triage of any suspicious activity and notifies the customer as needed.
Centralized Logging and Anomaly Alerting
Many businesses lack a very critical component found in every security plan, centralized logging and automatic alerting of detected anomalies. Recon builds, hosts, configures and manages the Recon Security Stack, a dedicated platform for each client to automatically forward all critical system event logs to for long-term storage, searching and automatic detection/alerting on suspicious events. The Recon Security Stack is capable of ingesting logs from virtually any source, ie. Windows servers (Exchange, AD, etc), Linux servers, workstations, firewalls, email security appliances, load balancers, Web Application Firewalls, etc.
A bad habit among some security vendors is offering automated vulnerability scanning followed by a several hundred page automatically generated report left to be interpreted by the customer. We not only provide very thorough vulnerability scanning of our client systems, but we follow it with analyst written reports that summarize and consolidate into short, concise remediation steps written for fast and effective resolution. Recon can deploy a physical or virtual vulnerability scanner on a customer network to provide continuous scanning of critical systems for vulnerabilities. Recon provides an additional layer of value by combing through the daunting results of these scans (often hundreds of pages) and breaking them down into short, concise Vulnerability Remediation Plans. These plans provide detailed instructions on how to remediate the most significant vulnerabilities identified by the scans on a routine basis.
Advanced Network Defense & Decoy Systems
For customers requiring a very sophisticated network defense strategy, Recon has the ability to deploy various deception and early-warning systems across a customer network to provide advanced warning of an intrusion. These solutions range from honeypots that emulate real servers and workstations, to honeytokens that can be placed inside inboxes and network shares. Once in place, these deception systems will notify the customer and/or Recon’s Security Operations team anytime activity is detected, indicating a potential attack or insider threat. This level of network defense is ideal for customers who already have a solid foundation of network security and are looking to leverage cutting-edge detection tools to even further harden the security posture of the organization.
Breach and Confidential Data Leak Monitoring
Recon provides automatic scanning and searching of internet and dark web resources for the presence of information that is connected to a customer. This form of proactive monitoring allows our Security Operations team to alert a customer in the event an account may be compromised, sensitive data has been leaked or even to help ramp up defensive operations in advance of an impending attack.