Masergy Unified Enterprise Security™ (UES)
Better Security Coverage with Comprehensive Detection and Response Ecosystem
Effective security strategies must include rigorous detection and response capabilities, as mandated by the widely adopted National Institute of Standards and Technology (NIST) Cybersecurity Framework. Prevention controls remain necessary, but they simply cannot keep up with the accelerating cycle of attacks. The defender’s objective must include quick identification of security compromises and rapid incident response to stop malicious activity before the attacker has time to find and exfiltrate sensitive data.
Masergy’s Managed Detection and Response Platform, Unified Enterprise Security (UES) Service, starts with a comprehensive suite of detection and response tools, including proprietary and third party technology. This tool set is tailored for each customer’s specific risks and budgets, and leverages existing security investments as much as possible. Tool alerts are automatically ingested by the UES machine learning enabled analytics engine and prioritized for risk using information asset maps, vulnerability and threat intelligence data. Quality alerts with automated context are prioritized and triaged by our global Security Operations Center (SOC) team. Through well-defined processes, appropriate response actions are executed to mitigate attacks. This workflow is enabled by Masergy’s Security Incident Response and Orchestration Platform, a critical part of the UES infrastructure that supports customers worldwide.
Masergy’s UES Tool Suite: By using a diverse set of detection and response tools, threat coverage improves dramatically and enables high confidence alerting:
Standard with all UES Deployments
● Network Behavioral Analytics – Identifies sophisticated unknown attack patterns using patented machine learning analytics.
● Intrusion Detection/Prevention System– Leverages real-time network packet capture and deep packet inspection to identify latest known attacks.
● Network Visibility– Records complete network history to enable alerting, investigation and threat hunting.
● Vulnerability Scanning – Enables dynamic or regularly scheduled security scans and integrates data with other detection and response alerts.
● Integrated SIEM – Conducts analytics, search and investigation on security logs and event data.
Optional Solution Capabilities may also include:
● Next Generation Firewall – Integrates with next-gen firewalls for threat blocking and automated response.
● Endpoint Detection & Response* – Denies attackers an endpoint beachhead and isolates compromised endpoints before real damage is inflicted.
● Managed Cloud Workload Protection* – Extends detection and response capabilities to IaaS and PaaS cloud environments and on-premise server farms and data centers.
● Security Monitoring for Office 365Office – Enables detection & response for Office 365 deployments.
● Managed CASB* – Protects sensitive data for any Software as a Service application on any device, and enables detection response capabilities.
*additional rates may apply.
With the Masergy UES Service you get:
● Comprehensive Security Continuous Monitoring – including 24/7 alert monitoring, vulnerability scanning, log analysis, compliance monitoring and prioritized incident response.
● Integrated turnkey Threat Intelligence – including consolidated multiple threat feeds, threat landscape analysis, and automated Indicator of Compromise (IoC) push updates.
● Customized incident and response processes – tailored to your business and security needs and processes to make your team more efficient.
● Seamless ticketing integration – through Masergy’s open API-enabled system for faster and more efficient response processes.
● Flexible, customized reporting – for tracking key security, risk and operational efficiency metrics and key performance indicators (KPIs).
Unified Enterprise Security (UES) Recommendation
Based on the business issues and challenges enterprises currently face, Masergy has designed a UES solution that will best address the security and business needs of your organization. Below you will find an outline of the UES appliances and modules that compose the recommended solution. For an itemized list of the exact deployment configuration, please review your Masergy Service Order Form (SOF).
Platform Components and Services
UES Security System Appliance
This appliance enables the UES platform with a browser based monitoring console for centralized management of all service functions and capabilities listed below. It also handles alerting and incident response functions.
Intrusion Detection Monitoring
The Detection & Prevention Module (DPM) employs signature IDS/IPS technology for deep-packet inspection of layers 1–7 and also supports tunable signatures for specific customer security requirements. Another key capability is an intelligent packet inspection and capture system that selects suspicious packets for further behavioral analysis.
The Detection & Prevention Module offers:
● Automated alert analysis, correlation, escalation and prioritization.
● Integration with Masergy Threat Intelligence for automated updates of latest Indicators of Compromise (IoCs)
Platform Components and Services
The UES Vulnerability Scanner prioritizes alerting based on vulnerability risks specific to the customer’s environment. It can also be used for basic vulnerability scanning and remediation, and includes related reporting. An optional, fully versioned scanner with full workflow capabilities is available via our third party partner.
Network Behavioral Analysis
A core detection and response capability of the Masergy service is Network Behavioral Analysis, and is enabled on the Behavioral Correlation Module (BCM). The BCM identifies and tracks network traffic and packet behaviors over long periods of time, and automatically alerts the Masergy Security Operations Center (SOC) to suspicious anomalies. The advanced analytics engine identifies reconnaissance activity, unknown and zero day attacks. It can also identify threats from within, including suspicious insider activity.
Network Visibility & Security Dashboard
The Network Visibility and Security Dashboard provides a powerful tool for analyzing and investigating network activity. It collects IPFIX/Flow data from UES sensors and any netflow generating devices including firewalls, switches and routers. All IP addresses are resolved against usernames via Active Directory integration, and are further enriched geolocation, DNS lookups, BGP routing, application and other customer tagging. This simple to use tool is invaluable for investigating suspicious activity identified by UES alerting and for Threat Hunting activities.
Security Information and Event Management is included with the UES platform and is enabled by the Firewall and SIEM Module (FSM). This integrated SIEM is a very cost-effective solution for basic log management storage, search and rule-based correlation and alerting. The FSM also enables firewall integration so that blocking rules can be automatically pushed to the perimeter to mitigate newly identified threats.
All UES deployments are customized for a customer’s specific network security requirements based on industry standard best security practices for network security monitoring.
A typical UES deployment includes strategic deployment of our Detection & Prevention Module (DPM) at all Internet egress points to perform signature detection, prevention and behavioral packet analysis capture on all network traffic entering and leaving the network, also known as “north/south” traffic.
Additional DPMs may be deployed to provide coverage for strategic network zones such as server VLANs or MPLS/WAN connections in order to monitor “east/west” network traffic in and out of those zones to help identify anomalous activity. Additionally, DPMs can be deployed to remote sites when visibility into those networks is required. Importantly, DPMs are installed as 100% passive devices that receive mirrored traffic from monitored network segments, meaning there is no requirement to integrate DPMs with any 3rd party devices.
Customized Solution Design and Deployment
At Masergy, we understand each company has a unique set of network security issues. Variables may include vulnerabilities, existing infrastructure, multiple locations and system configuration. To get your Masergy UES solution up and running as quickly as possible, we have an extensive network of certified industry partners with the domain expertise you need. When operational, our team of security professionals is available 24/7, depending upon what level of managed services you choose.
STANDARD SERVICE IMPLEMENTATION PLAN
Phase 1 – Information Gathering
The Masergy Service Implementation Manager (SIM) will schedule a pre-installation call with the customer and Masergy’s implementation team. This call will review all of the facets involved with the implementation and deployment process of the security solution, to include data gathering (network diagram and customer goals) and discuss/confirm/recommend module placement and overall network requirements to accommodate the modules. Masergy will also provide an installation readiness checklist which includes a request for IP configuration information for the modules.
Phase 2 – Coordination & Deliverables
Masergy will work with the customer to verify the required deliverables as set forth herein are completed prior to installation including, verification of on-site environments (space/power), cabling requirements, equipment shipment, and firewall change control requirements.
Phase 3 – Installation & Activation
Masergy will provide customers a Method of Procedure (MOP) with instructions as to how to install the UES equipment. Following the customer’s installation of such equipment, Masergy will verify the Masergy UES Service is online, functioning properly, and communication with the Masergy Security Operations Center (“SOC”) and is operational for purposes of monitoring, incident response, research and abuse reporting.
If third party integrations are required such as firewall integration, EDR, CASB, O365 or anything other mechanism for managing and/or monitoring security events it will occur during this phase of the implementation process.
Phase 4 – Initial Tuning and Security Response Procedures
During the initial tuning phase, Masergy, working with the assigned customer contact(s) will establish a network baseline over the first 1-3 weeks (depending on volume of traffic and type of network).
This phase will include determining and identifying critical network assets, tuning the behavioral-based and signature IDS, create and schedule recurring as well as on-demand vulnerability scan batches for the network, establish the Security Alert and Response Procedure (SARP) to define the incident response escalation chain and the customer’s contact information, create system accounts for individuals requiring access, develop a logical network map of the placement of Masergy sensors and equipment and define critical assets and users/user ranges when applicable for adequate incident response in accordance with the company policies.
Phase 5 – Customer Training – Schedule by the SOC
Masergy will provide customer training on the Masergy UES Service including orientation and use of Network Visibility Tool, Console monitoring, traffic searches, reports, graphs, vulnerability scanning and scan reporting, in addition to the standard weekly and summary reports.
2. CUSTOMER PREREQUISITES
The customer is responsible for the following prerequisites:
a) Ensure all site related equipment is installed as outlined in the Masergy supplied Method of Procedure (MOP).
b) Ensure the network segments to be monitored are in place and all contracted components are installed, configured and operational.
c) Ensure the customer’s IP addressing structure conforms to Internet Standard Scheme, which is based on RFC 1700 (IP version 4).
d) Customer shall provide information required for the Masergy UES Service as outlined in the Installation Preparation and Quick Reference Checklist.
e) Provide Masergy with an encrypted communication path between the Master Control Unit and the SCC and Masergy Data Center. The Master Control Unit must be able to communicate directly with the Masergy update servers.
f) Provide a network environment that allows the Masergy UES Service modules to adequately communicate with each other.
g) Provide a network connection that allows the Masergy UES Service modules to see all traffic on the monitored segments, such as through a hub, spanned or mirrored switch port or tap.
h) Ensure components added at a later date comply with Masergy’s then current criteria.
3. CUSTOMER RESPONSIBILITIES
The customer’s is responsible to:
a) Ensure it has reviewed and understands the Customer Prerequisites specified in Section 3 herein must remain in effect for as long as Masergy continues to provide the UES service. The customer is responsible for all costs associated with meeting and maintaining these requirements.
b) Provide two (2) network operations contacts to Masergy (one as the primary and one as the alternate contact) that are available 24/7, to act as the customer’s network technical support. Qualifications for the customer’s network operations contacts include an in-depth knowledge of the customer’s enterprise network configuration, network component troubleshooting and third party products administration.
c) Provide the equipment and software necessary to access the portal via a web browser equivalent to the latest released build of Chrome.
d) Provide an on-site contact that will work with Masergy or a Masergy implementation partner to accomplish project coordination and scheduling during the implementation.
e) Provide maintenance, repair, and correction of all customer’s network components.
f) If applicable, provide Masergy or a Masergy implementation partner with an appropriate work environment, including office space, supplies, equipment, telephone, and network access.
g) Prepare and maintain the location of the equipment described herein. This includes power, shelves, and rack space.
h) Provide Masergy prior written notice of changes to be made to the customer’s network to firstname.lastname@example.org in order to minimize ‘false alarms’ and enhance accuracy of security reporting from Masergy.
i) Assist Masergy with minor maintenance of the security devices including rebooting, establishing a communication link or plugging in a replacement device.
j) Assume total responsibility for its and its users’ use of the Internet. Masergy specifically disclaims any warranties, endorsements or representations regarding any merchandise, information, software, products or services provided through the Internet.