Threat Management Services offers a combination
of high profile and business critiical service
modules to allow compnies to stay ahead
of the internal and external IT threats.
Preventative Planned Maintenance
The Preventative Planned Maintenance (PPM) service is intended to ensure that critical business devices and supporting services maintain a healthy operational state on an on-going basis. CNS’s PPM service reviews key components of the IT estate that are deemed critical to maintaining a prudent level of business integrity and availability at all times.
In general, PPM dovetails extremely well with CNS’s Device Management KPI Monitoring and Alerting service. Whilst the Device Management service is aimed at alerting the customer to state changes or impending issues, PPM is aimed at executing best practice maintenance tasks to keep the IT estate current and operationally healthy. Examples might be regularly checking for correct levels of security patches and AV signature updates, windows updates and disk fragmentation or simply checking licensing status.
Early detection of IT maintenance
issues against industry best practices helps
provide a level of advanced awareness to
impending disruptive conditions likely to
impact the integrity and availability of
business services. PPM audits are carried
out by qualified technicians who produce
regular reports highlighting their findings
and making sensible recommendation for the
CPNI (Centre for the Protection of National Infrastructure; part of MI5) is the Government alerting system put in place to reduce the vulnerability to the CNI (critical national infrastructure) to terrorism and other threats to essential services (communications, emergency services, energy, finance, food, government, health, transport and water sectors).
The CPNI alerting service is targeted primarily at ensuring the confidentiality, integrity and availability of the CNI; those key elements which are crucial to the continued delivery of essential services to the UK. However, as CNS has the appropriate CESG CHECK ‘Green’ accreditation we also receive the alerting service in the form of emails and RSS feeds. These alerts inform us of every known computer vulnerability and/or potential threat, whilst at the same time providing advice and information on computer network defence and other information assurance issues.
As part of any BTO (business take on) process CNS audit all devices to be covered under a contract and so are aware of versions and patching levels; therefore understanding the security posture. CNS then compare the received CPNI notifications and correlate them against customers architectures to see if they are relevant and if so, depending on the severity of the alert proactively manage the information by:
- Informing the customers in a proactive fashion (text, email, voice)
- Offering advice on countermeasures
- Providing consultancy services for any remedial works
- and if required raising the appropriate change requests to manage any appropriate amendments
- Detailed, scheduled reports on notifications so that the customer keeps abreast of
In addition to utilising the CPNI alerting service CNS also stays abreast of a number of other sources of vulnerability information.
The ever-increasing threat of virus attacks and security breaches place organisations at risk for potentially devastating business losses and network downtime. These risks make it critical for enterprises to continually scan and detect vulnerabilities, and rapidly deploy updates to protect their systems. Such fixes can be time consuming, costly, and inefficient — especially when deployed without consideration for user roles or corporate change management best practices.
CNS’s patch management service removes this headache in a secure, proactive approach by:
- Conducting regular security audits to ascertain an organisation’s patch status
- Reviewing the patches released for an organisation’s infrastructure and ascertain their relevance (is this patch a security requirement or not?)
- Liaising with the customer and providing detailed reports on the relevancy of patches and advice on next steps
- Providing the appropriate project plans and ITIL approved Change Management process for conducting patching
- Providing the appropriate resources for actually conducting patching
CNS patch management service focus on the patches that an organisation requires and can therefore be deemed to be accurate and comprehensive. This means that Customer Name’s architecture will retain its security integrity as CNS are able to know exactly what patches and holes reside on each contracted device or application. The key benefits of such are service are as follows:
- Ensure compliance by guaranteeing that patching is continuous and relevant
- Utilising a 3rd party whose speciality is reviewing security threats on a continuous basis
- Maximising productivity of internal staff by out tasking such time consuming, continuous projects
- Ability to verify and report to executive management on the compliance status of any system under management
- Out tasking the identity process for vulnerabilities, therefore allowing internal staff to concentrate on core technologies
- Allowing the deployment of patches based on security policies for ongoing operations or specific tasks for emergency deployments
Please contact us to find out more.