How ITR Works?

Integrated Threat Response (ITR) Managed Service

AnchorPoint’s ITR service is a combination of advanced security tools, threat intelligence, and expert action.

One way to describe how it works is by comparing your organization’s network security to that of your home’s.

There are three (3) essential phases of any effective security system – Before, During, and After . Within these three phases, there are three (3) corresponding actions that must happen – Protect, Detect, and Respond .

At home, you have some perimeter controls in place to help deter an intruder. Maybe you have some deadbolt locks, gated entry, and other controls in place to keep bad people out. You have to try and protect your home from invasion.

However, when they get in, you want to know about it. So, you installed an alarm system, a siren, linked it to a central monitoring station, installed surveillance cameras, and other sensors throughout your house. You have to detect the intruder.

Finally, once you know someone made it inside your house, you have to do something about it. You take action by getting your family to a safe room, utilizing a shotgun, a large dog, or an emu. Then, you call the police and alert your list of emergency contacts. By doing something, you reduce the total impact the intruder will create. By doing all three of these things, you reduce the likelihood of a major incident.

AnchorPoint’s Integrated Threat Response service focuses on detection and response. The primary purpose of ITR is to decrease attacker dwell time in your network. It’s improbable to stop them from getting in.

The difference between companies making headlines for being breached and companies making headlines for reaching record stock prices is the amount of time attackers have to make off with their sensitive data.

That’s why AnchorPoint’s Security Analysts hunt for signs of malicious activity 24×7. It takes continuous diligence to protect your customers’ data.

Once a threat is identified, our analysts will eliminate it, or escalate according to SLA.

AnchorPoint’s ITR service is a combination of advanced security tools, threat intelligence, and expert action.

Here’s what you can expect as a new customer:

  1. AnchorPoint conducts a baseline risk assessment
  2. Risks are prioritized and the highest risk items are scheduled for remediation
  3. You give AnchorPoint Security credentials to perform specific tasks
  4. SIEM appliance is installed __ your organization’s network
  5. We conduct a thorough asset inventory
  6. Disparate security tools are integrated and for the first time, you see what’s happening from all your tools in one place
  7. Our analysts notice anomalous netflow activity and drill down to uncover a C&C server sending data to an external          location.  It’s shut down, immediately and you are notified.
  8. A Security Analyst calls in for your weekly meeting and presents security actions against threats
  9. You have an upcoming board presentation on security and need a custom report, so you have your team contact the    AnchorPoint SOC to generate relevant information
  10. A risk reassessment is completed and compared to the baseline results
  11. AnchorPoint makes recommendations to reduce risk.