Cybersecurity

Get in front.
Stay in front.

See how we partner
How we partner

Cyber threats. Network vulnerabilities. Human error. They add up to a continuous need to remain proactive—identifying the flaws in your data environment before an attacker can take advantage of them, and staying vigilant for suspicious activity.

Working as a natural extension of your team, Decisive helps you identify the long-term risks and put the necessary safeguards in place before an incursion occurs.

Our commitment to customers includes using our proven depth of knowledge and experience to custom-design technology and operational processes. Then, we constantly iterate to make your cybersecurity posture and threat response strategy the best it can be.

MANAGED SECURITY INFORMATION AND EVENT MANAGEMENT

The idea of “visibility” being essential to security is not new. Knowing what is happening in your environment is key to finding and mitigating problems as they occur, instead of long after the damage has been done. Security Information and Event Management (SIEM) allows organizations to consolidate the logs and telemetry from their environment into a single place, where it can be read as one language. Through the application of rules (use cases) this data can be analyzed for suspicious and malicious behaviour, creating alerts to minimize the time it takes to react. When you couple this technology with a 24/7/365 eyes-on-glass security operations centre (SOC) for monitoring, you have a constant finger on the pulse of your network.

As security becomes increasingly critical to enabling your business, organizations find themselves fighting over the limited pool of resources available with this valuable knowledge and experience. This is where Decisive’s managed security services come in. Leveraging our world-class SOC can enable businesses to get the help and peace of mind they need.

Decisive’s differentiators

 

Decisive’s Defensive Cyber Operations team has taken managed SIEM beyond outsourced management and monitoring of a toolset. Key service differentiators include:

  • An a-la-carte use case library to ensure you enable the right rules to make best use of your unique log sources.
  • Use case runbook provides prescriptive instruction on how each rule should be dealt with from an analysis and notification perspective. No more ambiguity when it comes to how your environment will be monitored.
  • Standard and Premium Threat Intelligence feeds. Decisive offers high fidelity threat intelligence to enrich your monitoring.
  • SOAR integration – All managed SIEM clients benefit from Security Orchestration and Automated Response, which reduces monitoring overhead and increases consistency.
  • Post-incident reporting – All Priority 1 and 2 incidents result in creation of formal post-incident reports, including continuous improvements steps triggered by the outcome.
  • Telemetry agents – Decisive’s defensive cyber operations team offers Windows and Linux agents that use native tools to ingest more information related to what is happening on your systems.
  • Decisive Group Bastien (DGB) Host – This the front door to your technology-agnostic event pipeline, developed by Decisive to ensure a resilient and fault-tolerant service.

Service outline:

  • Access to Defined Security Architect and Technical Account Manager for duration of your contract
  • Customized assessment and recommendations related to sizing, log ingestion, and rule application for your unique environment
  • Ability to ingest logs from all areas of hybrid work environment (private and public cloud, on prem, etc.)
  • Ability to provide dedicated or shared (multi-tenant) SIEM, on prem or in the cloud
  • Lifecycle management of managed solution assets (patch management, maintenance costs, health, performance, and availability monitoring)
  • Defined hot log retention (customized based on customer needs)
  • Defined cold log retention (customized based on customer needs)
  • Defined EPS of SIEM licensing (customized based on customer needs)
  • All ticketing performed in Decisive’s instance of Jira
  • Defined use case monitoring (customized based on customer needs)
  • Customer access to SIEM solution for querying logs
  • Testing of new/changed log sources to confirm parsing
  • Reference set of indicators of compromise updated on a regular basis
  • Reports delivered to customer related to threat intelligence within KPI score card
  • Security events/content—identified in the monitoring runbook (to be developed during transition and throughout the duration of the contract)—is monitored and triaged 24/7/365
  • Level 1 security analysts provided 24/7/365 for security monitoring by Decisive
  • Level 2 security analysts provided Monday–Friday 8 am–4:30 pm, and on call 24/7
  • Level 3 and 4 analysts provided by customer
  • Monthly reports1
    • availability reports showing uptime SLA for service infrastructure (standard)
    • KPI scorecard (standard)
    • incident summary report (standard)
    • critical assets – attack summary (customizable)
    • botnet activity (customizable)
    • inbound/outbound traffic by country (customizable)
    • summary of malware infections per month (customizable)
  • Regular monthly meeting with Technical Account Management to review service delivery and KPIs
  • All relevant use cases from Decisive’s catalog to be managed and updated as they evolve
  • Defined monthly service requests customized based on customer needs
  • Custom use case development available following assessment of effort (may involve project)
  • Incident management of all offences that are deemed worthy of ticket creation
  • Post-incident reporting for all Priority 1 or 2 incidents
  • Management of DBS host for log ingestion

1 Reports are customizable and replaceable. Pricing includes four customizable reports in addition to three standard service reports.

Discover more about Decisive’s proactive security monitoring approach
MANAGED FIREWALL
Get behind our wall.

From home user to enterprise organization, most technology consumers know the concept and requirement for a firewall. These policy-based security controls are used to dictate what can talk to what, and how. Enterprise firewalls have evolved to include many additional features to enhance the security posture of your network. At their core, firewalls are an engine that requires smart and concise configurations to ensure maximum effectiveness. Adhering to best practices and performing constant care and feeding are the best ways to ensure a healthy and secure firewall practice.

Maintaining the level of effort required to properly configure and maintain your firewalls can be extremely difficult without the addition of dedicated personnel for this purpose. Not all organizations are able to find properly trained and experienced resources, and they can also be quite costly.

Decisive is proud to extend our firewall expertise to our partners in the form of their managed firewall service. This service has been built from the ground up to ensure that regardless of your current firewall status, Decisive can get you where you need to be.

Decisive’s differentiators

 

Decisive’s Defensive Cyber Operations team built our managed firewall service with clients’ needs in mind, including:

  • Evaluation and cleanup of firewall ruleset ongoing through the duration of your contract
  • Tracking of newly released features for firewalls to ensure you are maximizing your investment
  • Ability to integrate with your organizations change management
  • Certified firewall experts available 24/7/365 to assist you when you need help most

Service outline:

  • Initial assessment and clean up of any existing firewall configuration during onboarding
  • Full accountability for in-scope firewall configurations
  • 24/7/365 SOC available for engagement
  • Vulnerability review/assessment against vendor disclosures
  • Major and minor firmware updates to appliances
  • Availability, capacity, and performance monitoring for devices
  • Change evaluation and implementation for firewalls
    • review of requested changes against best practice
    • suggestion of alternative configuration options to ensure functionality while maintaining security
  • Five changes of four hours or less per month (able to customize)
  • All ticketing performed in Decisive’s instance of Jira
  • Management of UTM functions of firewalls
  • Management of all firewall policies and routing
  • Management of IPSEC tunnels
  • Vendor management during incidents (requires letter of agency with vendor to contact regarding your maintenance)
  • Management of virtual Decisive Bastian Solutions host for out-of-band firewall management
  • Monthly reporting related to health/capacity as well as operational KPI
MANAGED PRIVILEGED ACCESS MANAGEMENT
Watch your privileges.

Not all access is created equal. Administrative privileges are a common target for most malicious activities, so use of these privileges should be limited. Ideally, a device or system should only be logged into using administrative privileges when absolutely necessary, and that access should be auditable. In addition, making administrative credentials visible to users creates the possibility of them being shared or used outside of their intended purpose, which means they should be carefully guarded.

Enter Privileged Access Management (PAM), your auditable single-sign-on broker for all administrative sessions across your environment.

The value of PAM is undeniable; however, many organizations discover it is out of their reach from a pricing and skills perspective. Decisive has designed our PAM specifically to extend it to organizations of all sizes.

Decisive’s differentiators

  • Hosted PAM available
  • Tracking of newly released features for firewalls to ensure you are maximizing your investment
  • Ability to offer low-user-count solutions
  • Multi-tenant service

Service outline:

  • PAM services provided by shared instance hosted in the Decisive Cloud, or dedicated solution in location of client’s choice (on prem, public cloud, private cloud, etc.)
  • Major and minor patching to solution/lifecycle management
  • Availability monitoring and reporting for solution elements
  • Change evaluation and implementation for user/target management
  • Brokering of RDP and SSH sessions for customizable number of targets
  • Video recording of sessions retained for configurable duration
  • Hosting, OS, and support of jumpbox servers
  • User accounts for customizable number of administrators or business users
  • Five minor changes per month of four hours or less in effort (customizable)
  • Vendor management during incidents
  • Ability to offer secrets management for dev ops environments
  • Ability to offer session brokering for tools such as CMDB or Vulnerability Management
VULNERABILITY MANAGEMENT
Check your environment.

Most attacks against IT infrastructure leverage system vulnerabilities. While not all vulnerabilities are known, those that are known have patches created to fix them quickly after disclosure. For this reason, it is incredibly important to assess your environment on a regular basis to understand what vulnerabilities are present, and to prioritize patching them.
Even the most carefully managed environments are not fully standardized; therefore, if you want to see what vulnerabilities require patching you must know which versions of software, firmware, and OS are currently deployed. In addition, data collection must occur across all locations, including cloud instances and gear that resides with remote workers.

The Decisive Group Vulnerability management service centres around accurate discovery, and authenticated scans of your environment. Our reporting considers the value you place on particular assets and on mitigating controls in play.

Finally, because resources to perform patching are often limited, prioritized remediation plans are provided to ensure your time is well spent.

Decisive’s differentiators

  • Contextualized results and remediation plan

Service outline:

  • Licensing for custom number of unique hosts to be scanned, as well as custom number of external IP addresses
  • Ability to use scanning agents for Windows/Linux/MacOS hosts for near real-time reporting of vulnerabilities
  • Virtual DGB host contains scanner
  • Management of customer number of hosts within Vulnerability Management Console
  • Discovery scans related to assets
  • Quarterly/monthly/weekly (to be determined during scoping) authenticated vulnerability scans will be run against in-scope hosts
  • Reporting package includes:
    • executive overview report
    • audit report
    • high-risk vulnerabilities report
    • remediation plan
    • top 25 remediation plan
MANAGED ENDPOINT SECURITY
Manage your remote connections.

Protecting network endpoints has always been a priority. Now, with remote and hybrid work situations commonplace in many sectors, the concept of endpoints has taken on new meaning. In almost every industry, more sensitive data is now flowing to personal devices, and an increasing number of workers are taking advantage of the pandemic-fuelled flexibility to work wherever they choose. More than ever, it is essential to be vigilant about what might be entering your environment through vulnerable network connections or human error.

Endpoint security solutions have undergone many changes as well. What was once simply anti-virus/anti-malware protection now incorporates many other controls that often operated away from the endpoint, such as web filtering, firewalling, and vulnerability scanning.

Decisive’s differentiators

  • Configurable profiles for different teams/types of devices within your organization
  • Option of dedicated or multi-tenant solutions

Service outline:

  • Lifecycle management of solution assets (patch management, maintenance costs, health, and availability monitoring)
  • Licensing for custom number of endpoint agents
  • Ticketing performed in Decisive instance of Jira
  • Ongoing management of endpoint security profiles and configurations related to:
    • anti-virus/anti-malware
    • web filtering
    • firewalling based on categorization
    • VPN (remote access)
    • vulnerability scanning
  • Monitoring of endpoint security use case in SIEM solution (available only to SIEM subscribers)
  • Monthly reporting related to activities and events collected by agents
  • Monthly service delivery review with Technical Account Management
  • Dedicated or shared/multi-tenant endpoint security console
  • Five minor changes to profiles per month (four hours or less in effort)