Security

Technology has transformed what’s possible for today’s small and medium-sized organizations, but it also increases exposure to potential security risks.
Compromised Passwords

Compromised passwords are a serious risk to an environment.
Anomalous Logins

Anomalous logins may signify suspicious activity.
Business Intellectual Property

Data Loss Prevention/Information Lockdown- The SIEM can detect if files are being exported/imported instead of being stored where the information security policy dictates.
External Vulnerabilities

External vulnerabilities are opportunities for outside attackers to gain internal access to the network.
Login Failures

Large amounts of failed login attempts in a short timeframe can be an key indicator of a brute force attack.
Login History

Login history keeps records on who is attempting logins into which machines and how frequently.
Proprietary Applications Security

Realtime Security Risk Analysis on Proprietary Applications- The SIEM provides real time analysis of Proprietary Applications to look for security gaps and identify patterns of suspicious activity that can identify a breach has occurred.
Server SSH Key Access Monitoring

User logged into a Server using an SSH public key.
SIEM Firewall Alerts

Firewall Filter and IPS/IDS Log Analysis.
SIEM Office 365 Alerts

SIEM Office 365 Alerts.
Threat Intelligence Alert Destination IP Threat Indicated

Event destination IP address is listed on one of more blocklists as having an IOC - Indication of compromise.
Threat Intelligence Alert Source IP Threat Indicated

Event source IP address is listed on one of more blocklists as having an IOC - Indication of compromise.
Unauthorized 3rd Party Application Detection

3rd Party Application Detection and Remediation- The SIEM identifies unauthorized 3rd Party applications that have been granted access (a backdoor) into your network and provides you a portal to confirm applications in your environment.
User Behavior Analysis

User behavior analysis targets the method of login attempts by users.
Windows Account Usage

User account information can be collected and audited.
Windows Application Whitelisting

Application whitelisting events should be collected to look for applications that have been blocked from execution.
Windows Certificate Services

Certificate Services receives requests for digital certificates over RPC or HTTP.
Windows Clearing Event Logs

When an event log gets cleared, it is often suspicious.
Windows Defender Activity Monitoring

Spyware and malware remain a serious problem and Microsoft developed an antispyware and antivirus, Windows Defender, to combat this threat.
Windows DNS/Directory Services

Malicious or misused software can often attempt to resolve blacklisted or suspicious domain names.
Windows External Media Detection

Detection of USB device (e.g., mass storage devices) usage is important in some environments, such as air gapped networks.
Windows Kernel Driver Signing

Introduction of kernel driver signing in the 64-bit version of Windows Vista significantly improves defenses against insertion of malicious drivers or activities in the kernel.
Windows Microsoft Cryptography API

The Microsoft CryptoAPI can be used for certificate verification and encryption/decryption of data.
Windows Mobile Device Activities

Wireless devices are ubiquitous and the need to record an enterprise’s wireless device activities may be critical.
Windows Pass The Hash Detection

Tracking user accounts for detecting Pass the Hash (PtH) requires creating a custom view with XML to configure more advanced filtering options.
Windows PowerShell Activities

PowerShell events can be interesting as Powershell is included by default in modern Windows installations.
Windows Remote Desktop Logon Detection

Remote Desktop account activity events are not easily identifiable using the Event Viewer GUI.
Windows Task Scheduler Activities

Scheduled tasks can be maliciously created or deleted.
Windows Windows Firewall

If client workstations are taking advantage of the built-in host-based Windows Firewall, then there is value in collecting events to track the firewall status.
Windows File Modification Monitoring

Ransomware activity detection.

Explore our Solutions

AIS delivers a wide range of technology solutions, managed services, and consulting services that allow businesses to compete in today’s market. Whether deploying AIS solutions or other best-of-breed tools, the experienced, reliable AIS team delivers projects on time while streamlining IT services.
Headphones

AIS Labs

AIS offers a variety of technology solutions leveraging enterprise open-source software, developed and maintained by AIS engineers. These include AIS Managed Firewall, NMS, SIEM, and VoIP.

computer illustration

Managed Services

Partner with our experienced team for peace of mind when it comes to your IT needs. AIS offers proactive, ongoing IT support and maintenance, including regular monitoring, break/fix support, preventive maintenance, software upgrades and more.

Headphones

Consulting

Leverage our team of experts for on-demand consulting and project-based support. AIS can advise on and support all of your urgent and critical IT projects, from upgrades and migrations to departmental IT budgets and information security.

AIS offers top-notch security solutions to keep your business safe from potential breaches. Don't leave your data vulnerable - partner with AIS for peace of mind.

Last modified February 24, 2023