Companies are regularly subjected to attacks. An intrusion detection system (IDS) analyses the data traffic and reliably secures infrastructures and applications. It checks the unencrypted data traffic and sounds the alarm in the event of attack patterns and protocol deviations.
Standards such as ISO 27001 and the recommendations of FINMA require that unauthorised accesses must be systematically monitored. An IDS is needed for this. Managed IDS records the warnings and classifies them. If they are perceived as incidents, an analyst assesses them.
A security incident is a potential attack on one of your company’s systems. Incidents are classified by the system and shown in the security dashboard. An analyst examines harmful attacks while harmless and false attacks are logged.
To protect your company network, communication is handled with a standard signature set. In addition, attacks on Web servers, file transfer servers, mail servers and DNS server are recognised. If the analysis confirms the attack, Swisscom escalates the security incident and recommends the implementation of relevant measures.
Swisscom uses exclusively manufacturer signatures and maintains an IDS signature database for all customers. The signatures are activated only in alert mode so that they do not block data traffic. The database is updated at regular intervals. Before Swisscom activates the signatures, they are imported in our own laboratory and extensively tested.
The MSS-i dashboard shows these reports, among others:
1. Daily, current security incident report
2 Monthly, detailed reporting of IDS modules as PDF files.
You ensure that unauthorised access can be detected in real time.
You have relevant security events filtered.
You can monitor the traffic behaviour of your organisation.