Proteus | ONGOING

SERVICES
ONGOING

The Ongoing Security Services is the most important phase of GSS. The main objective of this phase is to guarantee the Security level obtained during the Implementation, preventing it from decreasing through time.

It will keep the customer's administration teams up-to-date with the new vulnerabilities that impact their environment, and the needed corrections or updates on the standards. Besides, it will keep track of the compliance on the environment in relation to the agreed baselines.

The Ongoing security servce is composed by the Updating, Auditing and Support services.

Updating

New vulnerabilities discovered each day create new threats and exposures on the customer's security layers. Besides, the environment keeps changing with the addition of new systems, changes in configurations, systems become obsolete and all these changes affect the compliance of the environment with the defined standards.

With its Alerting service, Proteus Information Security Services informs the customer about any new vulnerability, or systems entering an End-of-Life status, which will impact the customer's environment. Besides, updated automated tools are sent whenever the correction for the new vulnerability has to be included on the tools used by the teams on the implementation of the security standards.

Auditing

The Auditing process is key to check if the environment is indeed following the pre-defined security level. Inside this process, a periodic compliance check is performed, where all technical configuration items are analyzed to guarantee that the systems are following their standards, and to point to any correction action needed.

Besides the Compliance Check, the GSS provides a process called Remote Monitoring that constantly checks the external perimeter of the customer to identify any new vulnerabilities that can be exploited from the Internet. Each hour, all the external ranges are checked with vulnerability scans and in case any vulnerability is found the Alerting team will immediately notify the customer about the problem, risks and actions needed.

Without the Auditing processes, the Security level of the customer will start to decrease during time, although a misleading "secure" feeling will remain due to the previous investments in securing the environment.

The Auditing will guarantee that the expected protection level is active and in place, and point to the correct directions and next actions in case the level detected is below the required parameters.

Support

The Support service is related to consulting hours dedicated to the customer in order to clarify doubts about Information Security and help on the design or approval of new projects or changes in the network that may affect its security level. The service is provided by e-mail, phone or at the customer's facilities.

During the design of new projects, it is important to have a view of Information Security specialists to help on the decision making process. With the GSS Support service, the customer will not need to keep a local team specialized in the multiple areas of Information Security.

When needed, Proteus specialists will analyze the specifics on new projects, identifying possible concerns in terms of security, and suggesting solutions or alternate scenarios to mitigate the risks.

<back