What is Comodo Threat Monitor?
Comodo Threat Monitor is a high quality continuous monitoring, incident handling and response service conducted by top levele security experts at Comodo Security Operations Center. Comodo NxSIEM monitors your network, perimeter devices and systems in order to detect suspicious acitivity. Comodo NxSIEM has capability to analyze billions of events and identify real threats to your assets. Using powerful correlations that are configured for your environment, false positives are eliminated and incidents automatically generated. These incidents are validated by 24*7 security analyst and customers are notified with respect to severity levels. Comodo Threat Monitor also provides comprehensive weekly or monthly reports about overall security that is white labeled for MSPs, to summarize overall security posture of the organization.
Configuration and Compromise Assesment
Comodo Threat Monitor Service includes configuration of NxSIEM Cloud for your needs once at first subscription. All NxSIEM Cloud configurations including custom correlation, dashboard, report definitions or modifications on predefined content is completed by experts for full coverage of security monitoring.This phase also includes NxSIEM sensor installations.
After configuration phase, Compromised Assessment is conducted to create a base for the security posture.
Comodo SoC security experts will continuously monitor, customer network and assets to find any indicator of compromise. If a critical event occurs, customer is warned instantly. Otherwise, any related evidence will be stored. Initial report will be generated and shared with customer.
What is monitored?
- Experts will monitor , following but not limited list of indicators.
- Unusual Inbound/Outbound Network Traffic
- User Account Activity Anomalies
- Geographical Anomalies
- Authentication Anomalies
- Anomalies Specific to Backend Applications
- Web Traffic Anomalies
- Malware File Checking
- Port-Application Traffic Anomalies
- Suspicious Registry Or System File Changes
- DNS Request Anomalies
- Mobile User Profile Anomalies
- Signs Of DDoS Activity
- Long-Term Trending
- Detection of Autonomous System Behavior
Incident Monitoring, Handling and Response
Incident monitoring, handling and response in case of an attack is the main responsibility for Comodo SOC. Comodo SoC supports these operations 7/24 for each customer separately. Incident monitoring is handled using Comodo NxSIEM product correlations and alerts as well as upon customer requests. Comodo SoC operators work for 7/24 in shifts to monitor incidents of customers and generate first level of response (write down initial findings, consult incident handling procedures, delegate for further investigations)
Comodo SoC Analyst is the main accountable security engineer that is responsible for handling the events. They follow incident handling procedures, investigate the main issue behind the incident, decide whether it is false positive or not and notify the customer or response the event immediately. Comodo SoC has a set of well documented procedures and guidelines for incident monitoring and response to handle wide variety of incidents in a timely manner.