Threat Monitoring & Response

Zero compromise when securing your data

Protect your online business assets with Threat Monitoring from UKFast. Our solution is built in house by the same security specialists who answer your support calls, so your business has never been more secure.

Threat Monitoring uses agents installed on each of your servers, which continuously analyse data to distinguish between potential security breaches and normal activity.

Having Threat Response enabled as well as Threat Monitoring gives you access to our dedicated security team who will respond and help mitigate your threat alerts with full transparency.

Call us today on 0800 231 5680

To discuss your threat monitoring requirements

Request a quote

or start a Live Chat

What does Threat Monitoring do?

Host-based Intrusion Detection & Log File collation

UKFast provide a default list of logs and events collected which can be customised for your environment on a discovery day with a UKFast security analyst. If any of the 2000 rules created are triggered, an alert will be sent to our internal security team and the appropriate action will be taken. Summary reports and detailed log files are available for analysis and compliance purposes.

Vulnerability Scans

Internal and External vulnerability scans will detect any components that require patching or updating along with a severity rating. These scans can be run as often as required within the client management area and reports are generated as soon as the scan has completed.

Rootkit Detection

A rootkit is a computer program designed to provide privileged access to a computer while actively hiding its presence. Detection methods from Threat Monitoring include behavioural-based methods and signatures. Unfortunately once a rootkit is in place often the only way to remove this is to completely rebuild the compromised system.

File Integrity Monitoring

File Integrity Monitoring is a control that performs the act of validating the integrity of the files requested in the initial stages of set up, or as part of the default list.. This comparison method involves comparing a known checksum of the file monitored, with the checksum of the current state of file. If this is different an alert will be generated.

What do the alerts look like?

Alerts are sent via email, SMS or a telephone call from an security analyst, depending on the initial set up. Alerts are categorised into four levels;

Low

Low level events are expected during day to day use. Low level events can vary from fail over events to Windows audit success / failures for Kerberos tickets. These events will be logged and reported for reference.

Normal

Normal events include user activity that is expected but is still monitored. These are events such as successful logins from IPs that are expected and during normal hours.

High

High level alerts may need immediate investigation, such as successful logins from unknown IP addresses and changes to user account permissions. These events should be infrequent and not ignored.

Critical

Critical alerts are indicators of a system compromise and need to be investigated immediately. Critical alerts could include successful logins after failed attempts, modifications to core system files, and modifications to payment gateway files.

Threat Monitoring with Response

Threat Monitoring is the first layer of monitoring and protecting your IT environment, and Threat Response ensures that threats are mitigated.

With Threat Response you get access to our dedicated security team who will respond and help mitigate your threat alerts with full transparency.

We will work closely with you to give full visibility of the mitigation approach, and implement this with your agreement.

Feature Threat Monitoring With Response
Threat Alerts
Host-based Intrusion Detection
Vulnerability scans
File integrity monitoring
Rootkit detection
Proactive Response
Mitigation Advice
Fix Implementation

Speak to a Threat Monitoring specialist

Why use Threat Monitoring?

Early Detection

Our Threat Monitoring system alerts you of any breaches to your IT in real time.

Protection

Minimise the chance of your data being stolen and defend your web applications.

Flexibility

Create bespoke rule sets for your monitoring solution.

Always Available

Guaranteed 100% network up time, ensuring your business is always online.

Mitigating Alerts

With Threat Response, threats to your infrastructure will be mitigated accordingly.

Visibility

Detailed reports and live alerting through email, SMS and MyUKFast.

Certifications and Industry Compliance

Crown Commercial Service
Carbon Neutral
ISOQAR Registered

Your solution is only ever housed in our IL4 and ISO-certified, ultra-secure data centres. And as an exclusively UK-based company, hosting with UKFast offers guaranteed data sovereignty. UKFast is a government approved supplier through the G-Cloud 10 framework.