Our Managed Services solution leverages our Sagan Technology and detects intrusions by first parsing network traffic in order to extract its application-level semantics. It then executes event-oriented analyzers that compare the activity with patterns deemed nefarious. Its analysis includes detection of specific attacks including those defined by signatures, as well as those defined in terms of events, and unusual activities (certain hosts connecting to certain services, or patterns of failed connection attempts).
Our Security Operations Center handlers then assess each alert to determine the nature and significance of the attack. In the case of a serious event, the system automatically alerts our SOC, 24 hours a day 7 days a week. In the event of a high-risk alert where we determine that the enterprise could be compromised, we will either block the source address of the offending traffic or notify the customer management personnel.
Quadrant uses a system that can be tailored 100% to your company's needs. Its specialized language allows us to select alerts appropriate to your network, as well as add and remove alerts as your policies change and new attacks are discovered. Additionally, we provide you with a web-based interface to see the alerts as well as a list of personnel currently monitoring your network. Through this interface you can also generate reports at any time for your own records. On a quarterly basis, we will provide you with a comprehensive report of all suspicious events including an executive summary of the most significant attacks.
All alerts that come into our SOC are stored in a database at our site and the traffic between your company and ours is securely encrypted. There are many other companies that perform Managed Intrusion Detection services but they do not encrypt the traffic. Instead, they send their alerts in clear text using utilities such as "syslog". This method is counter-productive to your network security since a "hacker" can watch that traffic and gain information that may help them break into your network.
Quadrant's IDS trend information is gathered every 5 minutes from multiple field sensors. This information is used to show general attacks detected on the Internet and also allows our SOC handlers to trend attacks across multiple enterprises.