Volexity specializes in network hunting and monitoring network traffic for signs of suspect and malicious activity. Through deployment of its network monitoring devices, Volexity is able to get both micro and macro level visibility into what is happening on your network. Solutions are designed to be both short and long term deployments, as well as in proactive or reactive capacities. Volexity typically deploys network security monitoring devices in support of Incident Response investigations and in support of some Proactive Threat Assessment engagements. Leveraging a combination of open source and proprietary data and signatures, Volexity is able to bring events to light that often go unnoticed.
The goal of each relationship Volexity has with a customer is to make it an actual partnership, as opposed to simple transactions that meet the bare minimum requirements. Volexity is there to investigate possible security incidents, recommend optimal security solutions, provide subject matter expertise, and help improve the overall security posture of your network and systems within it.
Managed Security Services
Volexity offers services to monitor your network for signs of suspect or malicious activity by deploying its Network Security Sensors (NSS) . Functioning as an intrusion detection system (IDS), threat intelligence platform, and network traffic investigation device, the Volexity NSS acts a force multiplier and time saver when it comes to incident detection and response. There is no minimum or maximum number of locations for NSS deployments. Devices automatically monitor network traffic and send alerts back to Volexity for triage and analysis.
Alert Validation and Escalation
All incoming alerts are handled by a Volexity analyst and triaged appropriately. The alerts are dispositioned as a confirmed incident, suspect incident, or non-incident. The incident classification guide and process for each incident type is detailed below. The analysis of alerts, validation or invalidation of the alerts, and reporting to the customer (if required) are all included as part of the Network Security Monitoring service that comes with the Network Security Sensors.
- Confirmed Incidents - These are validated alerts that represent malicious or hostile activity on the network. This type of incident is immediately reported to the customer when confirmed. This may invoke the incident response process and related forensics activity if requested/approved by the customer.
- Suspect Incidents – These are alerts that require additional context and investigation by Volexity analysts to verify as a non-incident or confirmed incident. The next steps will then follow the process laid out for either a confirmed incident or non-incident.
- Non-Incidents – These are alerts that are either informational in nature or were suspect incidents that were determined to be false positives. In these cases, the customer will not be notified. Volexity analysts handle everything in the background and the customer is not alerted or alarmed on alerts deemed to pose no risk to the infrastructure.
Volexity works with the customer to create an escalation plan for designating points of contact. Various scenarios and contact points can easily be coordinated and accommodated.
Short-term Proactive Deployments
Volexity NSS devices can also be leveraged in a short-term proactive deployment. Typically these engagements involve instrumenting a network for a brief period to determine if there is anything to be found. Additionally, this service may leverage proactive collection of system memory, selective files, and even full disk over the network for forensic analysis. This can be done to spot check systems that have been deemed critical or that have otherwise shown signs of suspect activity. Short-term proactive deployments can be deployed as part of the Volexity Proactive Threat Assessment.