Protect your online business assets with Threat Monitoring from UKFast. Our solution is built in house by the same security specialists who answer your support calls, so your business has never been more secure.
Threat Monitoring uses agents installed on each of your servers, which continuously analyse data to distinguish between potential security breaches and normal activity.
Having Threat Response enabled as well as Threat Monitoring gives you access to our dedicated security team who will respond and help mitigate your threat alerts with full transparency.
UKFast provide a default list of logs and events collected which can be customised for your environment on a discovery day with a UKFast security analyst. If any of the 2000 rules created are triggered, an alert will be sent to our internal security team and the appropriate action will be taken. Summary reports and detailed log files are available for analysis and compliance purposes.
Internal and External vulnerability scans will detect any components that require patching or updating along with a severity rating. These scans can be run as often as required within the client management area and reports are generated as soon as the scan has completed.
A rootkit is a computer program designed to provide privileged access to a computer while actively hiding its presence. Detection methods from Threat Monitoring include behavioural-based methods and signatures. Unfortunately once a rootkit is in place often the only way to remove this is to completely rebuild the compromised system.
File Integrity Monitoring is a control that performs the act of validating the integrity of the files requested in the initial stages of set up, or as part of the default list.. This comparison method involves comparing a known checksum of the file monitored, with the checksum of the current state of file. If this is different an alert will be generated.
Alerts are sent via email, SMS or a telephone call from an security analyst, depending on the initial set up. Alerts are categorised into four levels;
Low level events are expected during day to day use. Low level events can vary from fail over events to Windows audit success / failures for Kerberos tickets. These events will be logged and reported for reference.
Normal events include user activity that is expected but is still monitored. These are events such as successful logins from IPs that are expected and during normal hours.
High level alerts may need immediate investigation, such as successful logins from unknown IP addresses and changes to user account permissions. These events should be infrequent and not ignored.
Critical alerts are indicators of a system compromise and need to be investigated immediately. Critical alerts could include successful logins after failed attempts, modifications to core system files, and modifications to payment gateway files.
Threat Monitoring is the first layer of monitoring and protecting your IT environment, and Threat Response ensures that threats are mitigated.
With Threat Response you get access to our dedicated security team who will respond and help mitigate your threat alerts with full transparency.
We will work closely with you to give full visibility of the mitigation approach, and implement this with your agreement.
|Feature||Threat Monitoring||With Response|
|Host-based Intrusion Detection|
|File integrity monitoring|
Our Threat Monitoring system alerts you of any breaches to your IT in real time.
Minimise the chance of your data being stolen and defend your web applications.
Create bespoke rule sets for your monitoring solution.
Guaranteed 100% network up time, ensuring your business is always online.
With Threat Response, threats to your infrastructure will be mitigated accordingly.
Detailed reports and live alerting through email, SMS and MyUKFast.
Your solution is only ever housed in our IL4 and ISO-certified, ultra-secure data centres. And as an exclusively UK-based company, hosting with UKFast offers guaranteed data sovereignty. UKFast is a government approved supplier through the G-Cloud 10 framework.