Sheriff Cyber Security

OTX is tightly integrated with Sheriff’s CSM to provide the full picture of activity on your network threat intelligence from outside of you network. CSM uses this information to help you prioritize risk and focus your resources better, by correlating known malicious IPs with activities on network components such as firewalls, proxies, web servers, anti-virus systems, and intrusion detection systems. Malware can also be detected in transit over the network (as it is downloaded and installed onto a compromised host), or when it communicates back to its command and control servers. OTX integration is very helpful in identifying known malicious hosts acting as command and control servers.

Our built-in security tools and network monitoring capabilities provide visibility to exploits that unintegrated security tools won’t catch. Whereas static “signature-based” anti-malware software used to be effective, this is not the case with polymorphic malware. Polymorphic malware is destructive software, such as a Trojan, virus, work or spyware that constantly changes. In addition, Zero-day malware is often only detected by noticing strange behavior on the network – making CSM’s built in network and behavioral analysis critical.

Small and medium businesses are very attractive targets, typically lacking security-proficient IT staff and typically not having budget for purchasing IT security countermeasures from traditional security vendors. According to Gartner, in 2012 50% of all targeted attacks were aimed at businesses with fewer than 2,500 employees. In fact, the largest growth area for targeted attacks in 2013 was businesses with fewer than 250 employees; 31% of all attacks targeted them. CSM is an optimal product from small and medium businesses, since it’s affordable and includes all the security tools needed, built-in and integrated.

CSM is particularly effective with Web-based attacks, such as SQL Injection and Cross-site scripting. SQL Injection exploits are used to extract sensitive information from websites. Dynamic web applications with SQL backends are likely to be vulnerable to this attack. Cross-site scripting allows attackers to manipulate web sites that they do not own. The purpose of the exploit is to compromise the user’s local system to install malware or get information (such as hijacked cookies) so they can impersonate the user on another web site. CSM continuously monitors for SQL Injection and Cross-Site scripting exploits.

In terms of remediation, Sheriff CSM can notify people via email, open a ticket in the built-in ticketing system, or integration with an external help desk / ticketing system. It can also be configured to execute a script to take automated and custom actions, based on your environment. CSM’s built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups.

Sheriff Threat Intelligence applies more than 100 category-based correlation rules against the raw event log data we collect, as well as the events triggered by our built-in intrusion detection software. This enables rapid, accurate, and actionable guidance that interprets the severity of the exposure based on the full threat context.

Sheriff CSM includes several different security monitoring technologies to gather information on a variety of threat vectors and because we have access to everything you need to know about an asset you can get to root cause faster than ever.

We provide specific, contextual guidance on what to do when an alarm is triggered, so you can contain and investigate the incident quickly.

Finding, verifying, and fixing vulnerabilities is a constant battle for IT. Sheriff CSM helps by providing not only vulnerability scanning and assessment, but also details about the vulnerabilities. Having the view to external threat information, such as information on known malicious IPs provided with Open Threat Exchange™ is helpful in prioritizing remediation. In addition, Sheriff’s CSM integrated Host and Network IDS and SIEM provide rich contextual information to help with incident response.

As a security incident unfolds, you will be able to run vulnerability scans on-the-fly to help determine if you are vulnerable for exploits occurring. You will also be able to see the last scan results across your assets, to assist in incident response. You can see vulnerability and asset information conveniently display in a single console with CSM.

CSM allows you to schedule vulnerability scans on a flexible basis, such as hourly, weekly or monthly. In addition, you can scan more important network segments or groups more regularly. CSM also provides flexible reporting, which can be done ad-hoc, or on a scheduled basis to be sent to email addresses you specify.

CSM provides auto-discovered detailed asset information to help you with this work. Vulnerability scans, at a minimum, should be focused on externally-accessible assets that are of value to your business.