Sign in

Introducing the Watchtower Cyber Security Stack

Photo by Jonny Gios on Unsplash

What is Watchtower?

It is a combination of open-source and commercial software combined with an optional Unified Threat Management (UTM) device, all configured to work in harmony with our Cyber Security Operations Centre.

Ultimately it allows us to monitor the security of your IT assets in realtime, detecting security threats, and responding accordingly to those threats as they occur.

The Watchtower Stack

It should be noted however, we’re adding functionality to Watchtower on an ongoing basis, so these specs may be improved upon by the time you are reading this.

Password & 2FA Manager

Our password manager also manages two factor authentication (2FA) codes, and the encrypted seed data is backed up by us so you don’t have to worry in the event you lose your 2FA code generating device.

Security Information & Event Management (SIEM) System + Log Collector

If suspicious activity is detected, alerts are generated and sent to the CSOC, where staff analyse the alerts and investigate any security events, shutting down attacks in progress, and investigating the scope of the damage to determine if the attacker had any level of success.

Cyber Security Operations Centre (CSOC)

The dashboard provides staff with an at glance overview of the security status of all devices in our care. It shows key information such as devices that have their anti-virus/firewall disabled, log in attempts using invalid credentials, firewall rules being created, administrator accounts being created and other events that we might need to look into from a security perspective.

The alerting system uses risk profiles to determine suspicious activity that requires immediate intervention, and it alerts CSOC staff using at least two communication channels. Our CSOC currently sends alerts to staff via both emails sent to a security inbox, and messages sent to a dedicated Microsoft Teams channel. CSOC staff can then refer to the dashboard for more information and determine a course of action from there.

The CSOC generates alerts for suspected serious security incidents 24/7.

Anti-virus & Firewall

Email Anti-spam & Security

We also offer an advanced anti-spam/email security service product that goes beyond Microsoft’s base implementation.

Unified Threat Management (UTM) Device

We’ve built a UTM device that contains the following functionality:

  • Firewall
  • Suricata Intrusion Prevention System (IPS)
  • Location based IP address filtering
  • Squid non-transparent HTTP proxy with auto-configuration, URL filtering & URL logging
  • Site to site VPN for securely joining multiple locations into one network
  • Private & Secure DNS server using DNS over TLS to encrypt outgoing DNS queries
  • DNS blacklisting of known malicious web addresses

The UTM device is an optional extra that we sell configured with integration into Watchtower.

Endpoint Detection & Response (EDR) Agent + Log Shipper

The EDR agent monitors your device collecting metrics, logs, and running commands periodically to check that the endpoint is healthy.

If the EDR agent detects something that is not right, it generates logs which the log shipper sends instantly to the SIEM for analysis and alerting of CSOC staff.

Private & Secure DNS filtering

We use DNSSEC to ensure DNS queries are legitimate and tamper-proof, and DNS over TLS (DoT) to encrypt DNS queries for your privacy.

Business Identity Spoofing Prevention & Detection

We’ve setup our own DMARC report collector to ingest DMARC reports and alert the CSOC to any attempts seen by an attacker attempting to spoof your business email identity. This allows us to inform you if we see email spoofing occur, and allows you to be proactive and warn your clients to beware of fake invoices that an attacker may potentially send.

It can also assist with tracking errors that cause your email to go into recipients’ junk folder.

IT Security Advice

We offer a free IT security advice service for our managed IT services customers.

If you or your staff receive emails, phone calls or anything that you think might be suspicious, we will investigate and provide a determination on the likely legitimacy, at no cost.

We will work with your staff to increase their IT security awareness, developing and promoting a good IT security culture within your business.

Be protected by our Watchtower

About

White Knight IT is an IT Security, IT Support (inc. Help Desk), Business Communications, Digital Forensics/eDiscovery and Managed IT Services Provider located in Canberra ACT 2601, Australia.

Source

MSP/MSSP — IT Support, IT Security & IT Sales/Services provider with a security first approach applied to everything we do. Located in Canberra, ACT, Australia