Our defense toolkit comprises of 6 main features:
- DNS Filtering
- Anti Virus
- User Account Restrictions
- Execution Restrictions
DNS Filtering: Cloud-based DNS filtering is the most convenient way for businesses to protect their networks and their users from malware, ransomware, phishing, and online content that could be a barrier to productivity in the workplace.
Firewall: A next-generation firewall (NGFW) is a type of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS).
Anti Virus: Endpoint protection helps businesses keep critical systems, intellectual property, customer data, employees, and guests safe from ransomware, phishing, malware, and other cyber attacks.
User Account Restrictions: The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Under POLP, users are granted permission to read, write or execute only the files or resources they need to do their jobs: In other words, the least amount of privilege necessary.
Execution Restrictions: Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run. Software restriction policies are part of the Microsoft security and management strategy to assist enterprises in increasing the reliability, integrity, and manageability of their computers.
Training: Security awareness training is an education process that teaches employees about cyber security and IT best practices. A comprehensive security awareness program for employees should train them on a variety of IT, and security topics. These may include how to avoid phishing and other types of social engineering cyber-attacks, spot potential malware behaviours, report possible security threats, follow company IT policies and best practices.
We protect your computer workloads such as servers and computers with a blend of hardware, software and cloud services. This together offers a robust strategy to keep your data safe and allowing us to get you back up and running quickly.
Investigation We identify which network devices are critical to business recovery, these devices are then included within our protection process.
Hardware Design All Servers, Virtual machines and desktops required are audited and we scale a NAS (Network Attached Storage) device with sufficient head room to hold all of these devices. All of our NAS devices run disks in a RAID format which provides and additional layer of protection against disk fails on the backup target. Our NAS device will be installed alongside your business network but ring-fenced from local and network wide users for additional security.
Software Configuration Each workload (device) will be installed with our choice of backup software (currently Veeam) and configured to backup a daily image to the NAS device. Should you need more frequent backups this can discussed in the audit process.
Hot Restore Alongside our backup schedule a virtual copy of each device will be taken, this allows us to very quickly start a virtual copy of your device through the use of a Hypervisor Server. Your system can then run virtualised on spare hardware until new equipment can be sourced.
Cloud Replication Our NAS device will store and exact replica of itself on our cloud storage systems. This will provide an important layer of protection in case of site wide damage such as fire or flood. All of our cloud storage spaces are triplicated across EU servers with full compliance with GDPR.
We respond to potential threats using realtime data processed by our monitoring systems and issues reported by end users.
Malware Reports: Anytime our Anti-Virus encounters a file which it thinks is malicious it will instantly stop it from running. The file is then quarantined and a report is sent in to our service desk for our technical team to review. We will then either add the file to our approval list or we’ll remove the file and perform a cleanup task.
Backup Notifications: All backup software used by our technicians is configured to report success and failures to the computer event log, our monitoring systems then review these logs as they’re created to alert us if anything has failed. We’re then able to remote access the end users computer to correct the issue and re-run the backup tasks.
Tasks from alerts: Our monitoring systems run 24/7 and prioritise tasks as they come in to the service desk. This means that our technicians can start on the important ones when they first start their day. Anything mission critical is sent to our on call technicians to triage and action if required.
End user reports: We encourage end users to call us if their computers are doing anything out of the ordinary. The majority of the time this is just due to an updated software application. However, it may be due to an infection. The quicker we can get to a new infection allows us to reduce the risks of it spreading to other devices in the network.
It is important that we have access to the infected computer quickly so we can contain the infection and start the repair process.
Even with a robust security strategy such as this, things can happen. Computer disks can fail, unhappy staff can be malicious and rogue software can find it’s way onto your network.
In order to provide the quickest repair option we firstly identify the root cause then action a recovery plan.
Malware damage to one PC: Often a malicious attack is localised to a single PC, in this instance the safest option is generally to re-image the device or restore from backup if it has critical applications or not in a server based environment.
Drive fail on one PC: If the primary disk fails on a PC the options are the same as above.
Software fail on one PC: Sometimes a software update can cause the computer to fail or work incorrectly. In this instance we can revert the computer to a point in time before the update and then investigate why the update caused the issue and correct as required.
File missing / damaged on network drive: If an end user deletes a file by mistake or a file becomes corrupted our technicians can remotely recover the file from local backups, usually within minutes.
Malware damage to Server: When malicious code is found on a server it has most likely come from another device on the network, in this instance our technicians will work together to identify the entry point device and correct it (see above). After verifying the local backups have not been compromised we will begin restoring the server from local backup options. If in the unlikely event the local backup is damaged we will begin to restore from the cloud. (Cloud restore options can take time due to internet speed constraints. Often we will download the files at our office and bring them to site as required.)
Software fail on Server: Sometimes a software update can cause the server to fail or work incorrectly. In this instance we can revert the server to a point in time before the update and then investigate why the update caused the issue and correct as required.
Total Drive fail on Server: We will begin restoring the server from local backup options. If in the unlikely event the local backup is damaged we will begin to restore from the cloud. (Cloud restore options can take time due to internet speed constraints. Often we will download the files at our office and bring them to site as required.)
Flood / Fire damage resulting in total site loss: We will download all backups and virtual disks from cloud storage at our offices, then begin restoring to new or temporary hardware. Once completed we will come to your new location to install and configure.