G.E.M.S. is the newest STP Ventures cyber security solution, laser focused on protecting your company assets from all manner of threats. A suite of security solutions that work together to provide you end-to-end network protection & intelligence, G.E.M.S. also provides companies with industry leading threat intelligence, analysis and response.
There are 5 major components to G.E.M.S. which we'll be breaking down below - with the help of this nifty (ok - simple) graphic.
As with all cyber security solutions the first step is ensuring your most foundational counter measures are in place and working as expected. Our Security Expert & G.E.M.S. Architect, Marshall Wright, identifies these foundational functions as: Antivirus Software, Data Backup & Edge Security. Keep reading for a further breakdown of each.
Every machine in your business should have some type of Antivirus software installed. Often, this software functions as the "last line of defense" against threats - a critical role to play in any security fabric. To fill this important role in your business we utilize Trend Micro's Managed Business Protection Suite. Trend Micro provides an Antivirus &Malware protection suite that is constantly updated with new threat definitions and can be centrally managed by our expert security team here at STP Ventures.
That said, it's not a requirement to use Trend Micro to accomplish the same level of protection that our G.E.M.S. solution offers. Be sure that your AV software is not a "free" version (such as Avast, AVG etc.) Often times these solutions are intentionally made less powerful than their paid counterparts and could cause potential holes in your company security. Instead opt for one of the major players that have the resources to ensure fast updates & global coverage.
A critical part of security that is sometimes overlooked is backing up your company data to a secure location. We utilize an online backup solution powered by Intronis, which backs up data to the cloud in redundant data centers geographically spread across the country. A "set it and forget it" solution, backing up to the cloud ensures you have access to critical company data that was saved prior to a breach of security and/or corruption in your environment.
Take it from us, you don't want to have your company financial data encrypted by ransomware without easy access to a good backup. The days/weeks that you are out of commission can be crippling to an active business. On the brighter side - if you utilize the G.E.M.S. solution you are greatly decreasing your risk of that ever happening.
The "edge" of your company, from a technical perspective, is the device(s) that are last hit by traffic leaving your network before entering the internet, and the first device inbound traffic hits when traffic comes in from the internet to your network.
As both the first & last thing traffic coming into and leaving your network this is one of the most important pieces to securing your company. This is most often accomplished by implementing a robust firewall device.
A properly configured & managed firewall device scans incoming data for known threat signatures that could potentially harm your company assets. That traffic (and threat) is then prevented from ever entering your network. Robust firewalls can also support additional security measures for your company, which we'll discuss in just a moment (see STP Black, Auto Threat Response.)
However, firewalls do have their limitations in that they are only able to scan for and prevent KNOWN threats. That leads us to the more advanced phases of G.E.M.S...
Now that we've gone through basic explanations of the foundational components of G.E.M.S. we'll take a look at the more advanced features.
USM - Unified Security Management
USM is a service powered by AlienVault, one of the world's largest threat intelligence & correlation vendors. USM offers a way to leverage always-on network & threat monitoring to live-monitor your company's assets 24/7. One of the most appealing aspects of USM is that once it is configured human involvement is rarely required except to perform an update or respond to / clean up remnants of a threat (more on that below, see STP Black - Auto Threat Response.)
USM is comprised of five core functions:
- SIEM, Security Information & Event Management
- Live monitoring & correlation of all activity and events on your network
- Asset Discovery
- Discovers & reports any device on your network with an IP address
- Can be leveraged to locate unapproved hardware that is causing or could cause a security breach
- Vulnerability Assessment
- Performs routine scans of the company environment for thousands of known vulnerabilities
- Intrusion Detection
- 24/7 monitoring of the company environment for both Network Intrusion & Host Intrusion
- Network Behavioral Monitoring
- This feature live monitors the company environment for anomalous events & behavior that could represent an unknown threat
- USM correlates these unknown events and determines their threat level based on many factors, including custom-defined thresholds and information specific to the company environment and practices
In short, USM provides a 24/7 deep-dive monitor of your company environment and assets in order to detect & report on threats of the known AND unknown variety.
STP Black, Auto Threat Response
This is a proprietary system created by Security Engineer, Marshall Wright, of STP Ventures.
This system works in conjunction with the USM feature described above & the on-premise firewall to provide an automated threat response to threats to the network. Many threat response systems require a security technician to manually review & manually respond to the threat, increasing the amount of time to remove the threat from the customer environment. STP Black automatically responds to the threat by banning the offending IP address from the network as soon as it is detected - this reduces the threat removal time and greatly reduces the burden placed on an in-house IT team.
This feature is powered by an STP Ventures database of known-bad, malicious & offensive IP addresses reported from around the globe.
STP Black functions in both a proactive & reactive role in your company environment. Since STP Black works in conjunction with USM it will automatically block threats that are picked up by the USM analysis in the environment, often ending a threat before the attacker has a chance to compromise your company assets & data.
Proactively - STP Black will automatically update your company firewall to blacklist offending IP addresses that are picked up from either 1) threats detected in our other managed networks or 2) the STP Ventures global database of malicious IP addresses.
STP Black provides companies a way to automatically respond to threats, greatly reducing (and even eliminating) threats to the environment. Stop the threat before your data is stolen...with STP Black.
The 5 components of G.E.M.S. combine to provide an end-to-end solution offering the highest level of network security & intelligence as well as threat intelligence, analysis and response.