RECON™
A MANAGED SECURITY SERVICE
Today’s hackers launch threats faster than your customers can defend themselves. New pieces of malware are being launched daily and at this rate, many customers won’t be immune to a risk or breach. If your small to medium-sized business customers solely use a Security Information and Event Management (SIEM) solution or a patchwork of products, they’re at greater risk for a network attack.
The Recon™ Managed Security Service offering is an on-premise collection, correlation and analysis solution with 24x7 cloud-based monitoring and remediation assistance that helps protect your customers against today’s advanced threats.
Find devices on yournetwork, what’s installedon them, & vulnerabilities
Detect active threats & exploits on your
network
Analyze the threat & learn
how to remediate
Assess theNetwork
FindThreats
Respond toIncidents
Uni�ed Security Management
Investigate &Collaborate
Measure & Improve
Automatically share anonymousthreat information with the OTX
community
Open Threat Exchange
Benefits to your customers:• Unified security management – Simplifies and accelerates threat
detection, incident response and policy compliance by bringing key security capabilities—such as Asset Discovery, Network/Host IDS, File Integrity Monitoring, Vulnerability Assessment, Compliance Reporting, and more—into a comprehensive service.
• Cost-effective security – Includes features found in more robust security solutions that are often sold separately and offers a more manageable price point. You won’t have to recruit, hire or pay for hard-to-find security talent.
• Simplified compliance reporting – Consolidates data from hundreds of security products to ease the pain of manually compiling compliance reports. Plus, there are hundreds of built-in reports for managing PCI-DSS, ISO, SOX, HIPAA, as well as options for customizing.
• Fast deployment for superior threat detection and triage – Deployment is as simple as installing a physical or virtual appliance to defend against threats within hours.
How does it work?Simply install the physical or virtual appliance at your customer’s site for data and log collection. With integration to hundreds of third-party security products such as firewalls, Intrusion Detection Systems and others, Recon consolidates collected information from these devices for analysis. Identified threats and vulnerabilities are then forwarded as alerts to a secure cloud monitoring center. With a 24x7 security support team, we perform triage and research before notifying the end customer of the breach and remediation actions to take.
Benefits to you: • Portfolio expansion – Add a new security
competency to your portfolio or strengthen your existing offering.
• Efficient client service – Efficiently manage customers’ IT networks against cyberthreats without setting up your own monitoring service.
• Instant security expertise – Benefit from 24x7 monitoring by top-notch security researchers and professionals, so you can stay focused on your core business.
• Brand building – Availability to white-label as your own offering to build your business and brand.
• Greater profitability – Enjoy higher margins to increase revenue and profitability.
• Interoperability – Supports hundreds of new and existing security technologies.
Recon Features:Streamline your security operations, priced by events per second (EPS) you can choose the service that’s best for your business.
Tier of Service Tier 1 Tier 2 Tier 3 Tier 4
Max Events per Second (EPS) 1,000 2,500 3,500 5,000
Deployment & Support
24x7x365 Security Operations Center service
MSSP Startup Service - Initial deployment/configuration (max hours) 40 40 60 60
MSSP Infrastructure Deployment virtual virtual virtual virtual
Remediation/Configuration Tasks (hrs/mo) 4 6 12 16
Backup/Restore of USM configuration
USM High Availability (optional)
SIEM / Security Intelilgence
Log Collection up to 10 devices up to 10 devices up to 20 devices up to 20 devices
SIEM Event Correlation
Behavior Monitoring
Netflow Analysis
Threat Detection
Threat Intelligence Updates weekly weekly weekly weekly
Network IDS (port mirroring)
Distributed Denial of Service
Host IDS up to 10 devices up to 10 devices up to 30 devices up to 30 devices
Host IDS - Rootkit Detection
Host IDS - Event Logs Collection w/ compatible plugin w/ compatible plugin w/ compatible plugin w/ compatible plugin
Host IDS - Windows Registry Integrity Monitoring
Host IDS - File Integrity Monitoring
Host IDS - Agentless Monitoring
Vulnerability Assessment
Continuous Vulnerability & Event Correlation Monitoring
Active Vulnerability Scanning quarterly quarterly monthly monthly
Asset Discovery
Active & Passive Network Scanning
Asset Inventory
Reporting
Standard Compliance Reporting
Custom reporting using report builder up to 10 up to 10
Weekly Proactive Managed Service Activities
Validate threat intelligence updated
Verify Host IDS communications
Modify asset inventory (as appropriate)
Update security alert configuration (as appropriate)
Verify reports are configured correctly
Research security alerts and provide suggested remediations
Update Policies and event correlation rules (as appropriate)
Verify vulnerability scan execution
To find out how you can add Recon to your portfolio
and learn more about our offering, contact your sales
representative or email [email protected]
for more information.