Technical Details

Garnet Shield™ is a network security monitoring and incident resolution service that relies on expert human analysts and stellar customer service. With Garnet Shield, you receive the advantages of constant network monitoring and access to an experienced and professional incident response staff.

Our managed detection and response service emphasizes the human aspects of providing analysis to our clients while leveraging the wonders and speed of technology. With the Garnet Shield service, you receive guidance with a prioritized list of action items.

IDS/IPS — Intrusion Detection and Prevention 

Garnet Shield’s sensor and 24/7 monitoring make up our Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). Garnet Shield uses custom technology to monitor network traffic going into and out of your network. 

The sensors analyze passing traffic and match it to a regularly updated library of known vulnerabilities and attack vectors. With the sensor in IPS mode, this matching traffic is dropped. The continual scanning of the network records activity of the source IPs and destination IPs.

Managed Detection and Response 

Garnet Shield’s managed detection and response service provides threat detection monitoring and incident response capabilities. Organizations, especially small and midsize businesses, are looking to improve real-time threat detection and incident response but may not have the necessary resources – people, processes and technology.  

If a managed detection and response service is your goal, then Garnet Shield is the place to start. We handle the technology, expertise and processes for you.

SOC – Security Operations Center

The surveillance team at the Security Operations Center (SOC) uses a management dashboard, which is a tool for monitoring alarms. The dashboard categorizes alarms into three statuses — Major, Minor and Warning.  

Each client is assigned a SOC engineer to manage the account and provide weekly expert analysis. SOC members drill into individual alarms and analyze the details to determine if the activity is normal or not. The SOC team provides enhanced monitoring capabilities and notifies the client of malicious activity.

Initial Deployment Process

The Garnet Shield sensor is placed on the client’s network in IDS (Intrusion Detection System) mode. The SOC monitors the sensor and its reports for a few weeks and provides the client with an initial report. 

Garnet River experts consult with the client to review the reports then set rules and thresholds, deciding what traffic can be monitored without being stopped, what frequency of issues can be tolerated, etc. Then the sensor is turned into IPS (Intrusion Prevention Service) mode to “drop” or block traffic that violates those rules and thresholds.

Reports

Garnet Shield sample report

Sample report

As alerts are analyzed and verified as actionable, the SOC team notifies your organization according to escalation procedures. Notification details include IP addresses affected, identified issues and mitigation recommendations. 

In addition to individual alert response, SOC engineers create custom weekly reports. The SOC team delivers to the client’s designated administrator a summary of past events, a list of upcoming changes and “Notes from the Security Operations Desk”, which feature information on what is happening on your network, severity levels and recommendations for what to do. 

Clients also have access to their own dashboard with 7-day and 30-day reports. The dashboard acts as a Security Information and Event Management (SIEM) monitoring and reporting option for you and the SOC team.