Services and Solutions
managed detection and response
Nuspire can collect and correlate any source that can output a log file.
Nuspire's security information and event management (SIEM) system’s cloud virtual log collection appliance (cLCA) enables dedicated virtual log collection delivered in standard Open Virtualization Format (OVF). The cLCA provides a dedicated cloud instance of an LCA hosted by Nuspire. The SIEM’s host software agent (HSA) provides OS support for UNIX/Linux, Microsoft Windows and other platforms. Another SIEM capability, global processing cloud, supports direct connectivity from network-based devices capable of sending log data with unique identifiers, such as serial numbers, within the log stream.
The LCA and HSA sensors provide a real-time authenticated, encrypted and compressed communication link to our SIEM’s global processing cloud for processing, alerting, reporting and storage of the collected logs. The LCA and HSA sensors are connected to Nuspire's secure management cloud, allowing cloud-based configuration of the sensor by Nuspire.
Bandwidth for collection is typically nominal due to the relatively small byte size of log communications. In the case of significant throughput requirements, Nuspire has a number of event collection strategies to minimize bandwidth issues on slow links.
All logs typically contain the following data elements: Timestamp, message type, source IP, destination IP and message. Depending on the device type, the collected data is combined with Simple Network Management Protocol (SNMP) status information and threat intelligence metadata.
Core to Nuspire’s service is how your data is collected, aggregated, normalized and correlated to identify immediate alerts of suspicious threats. Our multi-sourced reporting platform retains 400 days of log data, enriches events with advanced threat intelligence and correlates multiple events that are part of an attack utilizing artificial intelligence (AI) supported by human insights. You can review detailed data reports and easily access the retained log data at no additional cost.
We consider factors such as bandwidth availability/consumption, number of users, virtual private network (VPN) needs (site-to-site tunnels and external users), current gateway and future growth plans. Our goal is to make sure the gateway can meet your needs and grow with your organization over its expected lifespan.
Nuspire offers a fully managed solution, and only our security operations center (SOC) analysts and network analysts have access to the managed gateways. If you want us to make changes, contact the SOC, which operates 24x7x365, via phone or email.
Nuspire provides Fortinet FortiGate and can manage your Palo Alto Networks and Cisco next- generation firewalls that include state-of-the-art security and availability features such as:
- Built-in intrusion detection systems (IDS) and intrusion prevention system (IPS)
capabilities with Layer 7 deep packet inspection
- Secure Sockets Layer (SSL) inspection
- Denial of service (DoS) protection
- Proactive blocking of newly discovered threats
- Software-defined wide-area network (SD-WAN) capabilities.
If there is an issue with the internet service provider (ISP), do you take care of that?
Nuspire can utilize any North American ISP and alert on connectivity/availability failures and
provide contextual information, but we may not be authorized to speak to your ISP on your
If you manage the gateway device, can I call you about support on my computers or switches?
Nuspire is 100% focused on information security. We provide managed security services on
your gateways, but we do not have access to your switches or endpoints so cannot provide
support services on these devices.
In the event a Nuspire-owned gateway fails, we will immediately ship a replacement and handle the RMA on the failed device as seamlessly as possible. As equipment approaches end of support (EoS), Nuspire works with our customers to refresh equipment according to their requirements.
Our analysts can provide the best service when they have the latest information, so it's always a good idea to inform us of changes that could be misinterpreted as malicious activity at the gateway.
A firewall is your first line of defense. It sits between your critical business assets, such as business applications, data, employee workstations and programmable devices, and the internet. It inspects network traffic for communication with malicious sites and suspicious activity that could indicate a hacker has gained access to the network, important data is being exfiltrated or ransomware is attempting to encrypt important data. Without a firewall, your network and all critical assets are completely exposed to potential malicious actors.
Endpoint Detection and Response
Nuspire’s endpoint protection and response service is supported on the following platforms:
- Windows: XP, 7, 8, 8.1,10
- macOS: Mojave, High Sierra, Sierra, El Capitan
- Red Hat Enterprise Linux (RHEL)
- Windows Server: 2003, 2008, 2008 R2, 2012, 2012 R2, 2016
- Oracle Linux
- Amazon Linux AMI
- SUSE, openSUSE
- Citrix: XenApp, XenDesktop
- Microsoft Hyper-V
- Oracle VM VirtualBox
- VMware: vSphere, Workstation Pro, Fusion, Horizon
Properly configured, Nuspire’s service can coexist and enhance any current commercial anti- virus/anti-malware solution.
Our endpoint agent flags applications that exhibit potentially malicious or risky behavior. Our security analysts work with the client team to understand the nature of the application behaviors in question and make recommendations on either blacklisting or whitelisting the application through endpoint protection platform policy.
No. In some instances we modify our platform configuration to ignore certain aspects of authorized applications, but generally, the agent coexists with popular anti-virus and anti- malware applications.
Through a centralized software distribution application like Microsoft System Center Configuration Manager (SCCM) or ManageEngine. Or, the agent can be sent via email or posted to a secure internal web server with instructions for self-installation.
A static AI engine provides pre-execution protection. This engine replaces traditional signatures and obviates recurring scans that decrease end-user productivity. Behavioral AI engines track all processes and their interrelationships regardless of how long they are active. When malicious activities are detected, the agent responds automatically at machine speed. Our behavioral AI is vector-agnostic: file-based malware, scripts, weaponized documents, lateral movement, file- less malware and even zero-day vulnerabilities.
The endpoint agent is trained on millions of behaviors both malicious and benign. Detections of anomalous behaviors are retained in the endpoint system for use in blocking actions and remediation.
Nuspire analysts have access to the full attack storyline including the progression of file execution, process activity, file modifications and network communications. That data is correlated with threat intelligence data and indicators from other parts of your network to complete the picture. With an understanding of what was attempted, how it was done, what impacts if any occurred and the likely next steps, Nuspire analysts can prescribe effective remediation tactics and recommend overall security posture enhancements to prevent this type of attack in the future.
By ingesting logs from a variety of systems and correlating the logs with exceptionally detailed forensic data from the endpoint, Nuspire analysts can detect "slow and low" attacks and those implementing evasion techniques.
Every file change is logged and can trigger alerts for critical settings. Some remote management capabilities are available even when the system has been isolated from the network. This allows Nuspire analysts to accomplish remediation without exposing additional hosts to compromise.
Forensic data is useful in identifying the sources and methods of the attacker to be used in further securing the environment. This may include blocking IP ranges or countries at the firewall, implementing stronger email security controls or tuning endpoint controls to lock down or remove unneeded software.
No. A single agent is used for detection, prevention and response capabilities.
Yes, although our endpoint protection and response replaces existing AV solutions with superior capabilities. During transition periods or proof of concept engagements, the agent can coexist with legacy AV products.
The rollback feature leverages built-in capabilities in Microsoft Windows and Apple OS X. Both operating systems take snapshots of files on a computer. In Windows, this is done by the Volume Shadow Copy Service and in OS X by journaling. Our agent monitors the files that have been changed on an endpoint, and if a device becomes infected by ransomware, it rolls back the changes.
Nuspire's agent protects its services, processes, registry entries and other components by default. It also protects all Volume Shadow Copy Service copies, so users can quickly roll back and recover their files.
The deployment process is the same for servers, either through central software deployment or manual install. Remediation can be done manually through change control for high-impact servers to prevent automatic responses to false positives. Policies are tuned continuously to increase confidence in every action.
Protected devices can be "disconnected" from the network via policy or manually by the Nuspire security operations center (SOC). While in a disconnected state, the affected system will not be able to communicate normally on the network, but the SOC retains the ability to access and remediate the device via the installed agent software. There is no need to physically disconnect, move or ship the device in order to restore it to a known good state.
The automated actions are configurable based on whether a threat is categorized as malicious or merely suspicious. Nuspire analysts collect and use threat data to validate the categorization.
Yes. The agent can be configured to kill/quarantine an executable or process based on type of threat and whether it is categorized as malicious or merely suspicious.
No software is 100% secure all the time. A layered defense is always recommended. 24x7x365 monitoring and analysis increase the odds that an attempted attack can be detected and neutralized before it can cause any damage.
It depends on your industry and compliance requirements. Some common standards are National Institute of Standards (NIST) Special Publication 800-series, Internal Organization for Standardization (ISO) 20001/2 and Payment Card Industry Data Security Standard (PCI-DSS).
Depending on the engagement, typical deliverables include:
- A security program roadmap document
- A "security year" or calendar of security program activities both recurring and project-oriented
- A path from premises-based assets to the cloud, or vulnerability scan reports
- Other deliverables agreed upon by you and Nuspire
The Security Essentials team will work with client stakeholders to organize the hours into predictable work packages each month. We try to avoid accrual of hours because the service is intended to provide consistent support each month. No hours will be rolled from one contract year to another.
Your assessment is going to find problems that need your managed services, isn’t it? We at Nuspire are trusted advisors working in the best interests of our clients. Sometimes our managed services are the fastest and most effective way forward and sometimes not.
New requirements appear on a regular basis. General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Department of Defense Cybersecurity Maturity Model Certification (CMMC) have emerged in the last year. Some companies process financial transactions and want to align with Payment Card Industry (PCI) best practices even if they’re not subject to audit. Even if you are very sure you don’t have compliance requirements, you may still have a need to manage the risk to the organization’s information and systems. Additionally, you may have financial and fiduciary responsibilities to stakeholders, employees and clients to protect their data and information systems.
By taking the time to understand your business, objectives, risks (financial, information security and business continuity), industry-specific considerations, and legislative and regulatory requirements.
Nuspire has agreements with vetted third-party partners that are capable of exceeding customer requirements in areas such as penetration testing, vulnerability assessments, social engineering, onsite forensics, designing a path to the cloud and firewall rule translation. You receive these services plus Nuspire's managed services, altogether in one easy-to-understand statement.