Our Approach to Security
The DEFCON Cybersecurity Program is designed to be co-managed with the IT Operations team. The IT infrastructure components of the program (endpoints, network, data retention/recovery, etc.) remain the responsibility of IT Operations (whether delivered by internal IT employees or by an IT MSP). ION247 provides the people, processes, and technology/tools to harden the security environment using the adaptive security framework:
- • Predict – Proactive vulnerability assessment to predict attacks on baseline system
- • Prevent – Harden and
- • Isolate systems and divert attackers to prevent incidents
- • Detect – Detect and contain incidents while prioritizing risk
- • Respond – Perform investigation/forensics to identify and implement changes to baseline system
All stages are supported by continuous monitoring and analytics.
The overall goal of ION247’s program is to establish a continuous focus on security maturity. Generally, IT Operation’s goals are to keep systems running and users supported.
The Scope of our program includes people, processes, and technology/tools to deliver outcomes as described below:
Stop Unknown Threats
Deep learning AI excels at detecting and blocking malware even when it hasn’t been seen before. It does this by scrutinizing file attributes from hundreds of millions of samples to identify threats without the need for a signature.
DEFCON includes advanced anti-ransomware capabilities that detect and block the malicious encryption processes used in ransomware attacks. Files that have been encrypted will be rolled back to a safe state, minimizing any impact to business productivity.
Anti-exploit technology stops the exploit techniques that attackers rely on to compromise devices, steal credentials, and distribute malware. By stopping the techniques used throughout the attack chain DEFCON keeps your organization secure against file-less attacks and zero-day exploits.
In addition to powerful modern functionality, DEFCON also utilizes proven traditional techniques such as application lockdown, web control, data loss prevention, and signature-based malware detection. This combination of modern and traditional techniques reduces the attack surface and provides the best defense in depth.
Endpoint Detection and Response (EDR)
DEFCON helps Identify devices that are having performance issues, configuration issues that can present security risks, or vulnerabilities that can be exploited by malware or attackers. It identifies processes that are making unusual network access attempts and finds software that could cause productivity or compliance issues. Finally, it locates files that only specific employees should have access to and finds data that has been modified in an unexpected manner.
Managed Threat Response (MTR)
24/7/365 threat hunting, detection, and response service that analyzes and responds to potential threats and indicators of compromise, and provides detailed analysis of events including what, where, when, how, and why.
Extended Detection and Response (XDR)
Go beyond endpoints and servers, pulling in firewall, email, and other data sources. You get a holistic view of your organization’s cybersecurity posture with the ability to drill down into granular detail.
Advanced Threat Protection
DEFCON ATP is an AI-based threat detection and response solution that blocks sophisticated phishing,
ransomware/malware, and spear phishing (business email compromise) attacks. ATP for M365 performs real-time behavioral analysis of the entire email with a combination of core AI technologies that look beyond signatures to identify unknown threats not yet seen in the wild. Leveraging data and user feedback reports from one billion protected mailboxes worldwide, the email filter is updated by the minute and continually fine-tuned to ensure a high precision rate.
End-User Training and Simulated Phishing Attacks
Targeted behavioral training and monthly simulated phishing attacks with unsafe behavior identification and comprehensive reporting.
Additional services include annual network security assessment and penetration test, data leakage/PII scans, security governance/policy support, and a dedicated vCSO that assists in creating security policies and the road map and serves as project manager for any high priority security remediations.