The Risk Detection & Intelligence Service as a combination of automated risk identification (“Risk Detection“) and manual assessment by experts (“Risk Intelligence“) also impresses with its unique service structure.
The heart of the Risk Detection is the RadarBox, a hardware appliance with a hardened Linux operating system, including a special Risk & Security Software. It is operated in the enterprise network and includes all components for the risk detection such as HIDS, NIDS, VAS and SIEM, and the correlation engine. All network data and log information will be gathered, analyzed and processed here. Additionally a vulnerability assessment of the IT infrastructure of the company attainable via the internet is done by other RadarBoxes out of the RadarServices Security Operations Center (SOC). The results are supplied to the internal RadarBox so that the data collected thus remains always on the RadarBox within the company.
The correlation engine then processes all recovered information and events, aggregates and correlates them so that risks are obtained from a large amount of data. Risk identification is based on rules and policies that are defined in advance and are continuous updated.
The identified risks by the Risk Detection are regularly analyzed in a second step by the Risk Intelligence team. To connect to the RadarBox within the company from the SOC a secure connection with encryption is used. Furthermore every action is logged and video surveillanced.
For the company, the current risk status and all risks identified are reported in a single, browser-based cockpit, which is operated on the RadarBox.