What is your primary use case for Netsurion Managed Threat Protection?

I use it for security events and incident management. It's a fantastic product. Netsurion Managed XDR is a really good product. It is hosted, and they do a lot of the analysis. They get great reporting. It covers all my highly valuable assets and offers a really low impact on my systems. I check a regulatory box as well as a cybersecurity box, so it covers a lot of bases for us.

We are a small company located in Bermuda with a team of 42 people. Specializing in reinsurance, we offer a range of reinsurance products from around the world. During a recent cybersecurity gap analysis, it became apparent that we needed to enhance our network and security monitoring capabilities beyond the capacity of our current 42-person team. Within the company, only three individuals work in the IT department, making it impractical to assign someone to security log monitoring around the clock. To address this challenge, we have implemented Netsurion Managed XDR. This product, previously familiar to me from past professional experience, aggregates logs from our various devices including workstations, servers, switches, routers, and firewalls. These logs are then centralized on our on-premise servers, which are linked to Netsurion Managed XDR's security operations center. This center is staffed with experts who analyze the collected data, providing us with valuable insights. They promptly alert us through email, phone, and text if any unusual or critical activities are detected. These activities could range from unauthorized access attempts to anomalous Internet or firewall activities. The system also offers weekly observation reports, categorizing activities using color codes ranging from red to green. This report covers a spectrum of information such as account lockouts and Internet activity. I have also specifically requested alerts for any usage of administrative passwords. Additionally, we engage in monthly review meetings where we assess the previous month's data, including a Power BI report that delves into trends and various monitoring aspects. Another key service we utilize from Netsurion is their vulnerability assessment scanner. This monthly assessment involves scanning all our systems within the network to identify security vulnerabilities and needed updates. It's comparable to having a simulated penetration test, ensuring our systems are robust against potential threats. The resulting report provides valuable insights into our security posture. In essence, Netsurion Managed XDR fills the crucial role of network and security monitoring that our internal team cannot handle alone. It's akin to having a dedicated 24/7 security team constantly scrutinizing our network for threats. The system not only detects immediate issues but also assists us in enhancing our security measures for the long term. For instance, based on their recommendations, we have successfully blocked requests originating from certain countries, such as the Russian Federation, China, North Korea, and Iraq. This proactive measure has significantly reduced the unnecessary traffic targeting our network. Our experience with Netsurion's services has been exceptional. Their expertise and support are of the highest quality. As I had worked with them at a previous company, I sought them out again for our current needs. Particularly for a smaller company lacking a dedicated security team, this solution has proven to be one of the most effective ways to bolster our cybersecurity defenses. Their capabilities align perfectly with our requirements, and their professionalism makes them an ideal partner in safeguarding our digital environment.

Since we can't have 24/7 operations for our SOC, we hire out for that and have it as a managed service. This makes much more sense and allows us to focus on the day-to-day activities of the company.

Our main concern is IT security. We are looking at it from a point of view of making sure that we are fully PCI compliant. PCI is the compliance driver for us above all others. The log management, event management, and managed services are all fairly pricey services for a small business like us, but we felt the need to be able to take all the logging traffic that we are storing, then make some sense out of it. We needed someone with that expertise because we don't have a dedicated, trained security professional in our organization or in our small group. We turned to Netsurion for that service and have been happy with it.

I manage 13 companies that have 300 to 400 companies underneath them altogether. We're a private equity company, so we manage one company, and they control 10 to 20 companies themselves. Our operations are decentralized, so there aren't many existing products suitable for our use cases. When we initially deployed, Netsurion didn't seem like a particularly robust solution. We had the reporting, and if I told them to look for something specific, they could look for it and report on it. We haven't given them anything outside of the box to look at. It tells us everything that you see. We haven't whittled it down to specific events yet. Netsurion is on the endpoints. You install it, and it speaks to a web server. We have it on workstations and servers on AWS, Google Cloud Platform, Azure, and everything else. We're using it as a decentralized SIEM product, and it's one of the only ones out there. We use Netsurion for things like log forwarding, and we deploy it on every workstation. It's a manual process. There is an installed agent, and as long as it has internet connectivity, it goes and talks to the centralized server, and Netsurion's SOC monitors the logs for all those devices. Because we don't have a centralized enterprise network, there are a lot of different companies involved, and they could be anywhere. They could be working from home, or there could be several employees in a coworking space. The Netsurion agent has to be installed on every endpoint and allowed to communicate directly to the internet.

We use it for security incident and event management, and we use Netsurion's hosted SOC service, meaning their SOC team also assesses our events. The solution is on-premises. We have the agent running on our Windows systems, and we have the Linux systems pumping the syslog data to the Netsurion server.