Security Monitoring

NFIR offers a comprehensive, managed security monitoring service for Small, medium and large businesses focused on collaboration, automation and customer-specific optimization with critical incident support.
NFIR beeldmerk kleur
NFIR beeldmerk kleur

Security Monitoring

NFIR offers a comprehensive, managed security monitoring service for Small, medium and large businesses focused on collaboration, automation and customer-specific optimization with critical incident support.

We view your business with your data as a building that need to be protected from attacks that come from outside in, but also from inside out. Our security monitoring service does this proactively by creating use cases that “go off” when a threat occurs. We categorize this threat within the team. Then we agree with the customer what to do.

Protecting your data basically starts with monitoring your network activities. In short, it comes down to connecting your log resources with our SOC (Security Operations Center). Log sources can be of various kinds such as IDS, Firewall, antivirus, G360, endpoint detection, Microsoft365 and Windows event logs. Combined with an endpoint and vulnerability security solution, we build the most complete solution possible to monitor and alert your data. With these 3 categories, we optimize our MDR service.

Our working method

NFIR offers an A-Z complete service. This means that we work with you from multiple disciplines from the intake. During the implementation phase, a team is assembled consisting of a business consultant, a security engineer and a project manager. This team will be in constant communication with you. Together with this team, you determine what the “use cases” – aka security rules – are that the alerts go off on. The final solution provided by NFIR is a 100% automated solution to monitor your network activities. You will receive critical notifications immediately via email or text message and can take action on them yourself. However, our service is set up so that we
do. That means we don’t overload you with monitor data that makes you lose sight of the forest for the trees. On the contrary, we only alarm you when necessary. As the service gradually runs within your organization, a service manager will also become a member of the team. After completion, he or she will go through all the reports with you every month. Based on this, the service manager will indicate how this process can be optimized.

Intrusion Detection and Vulnerability Scans

If desired, our Security Monitoring Specialists will provide with extra support when taking these actions. In addition, we can also relieve you of your worries when interpreting (more complex) reports. If things really go wrong, we can support you at any location with our Incident Response teams

Who do we offer Security Monitoring to?

NFIR’s vision on security monitoring is that this service should no longer be reserved for the largest companies in the Netherlands with a lot of security knowledge. For this reason, NFIR’s security monitoring service offers a very affordable and easy-to-interpret solution.

Security monitoring

Security Information and Event Management (SIEM) and Security Operation Center (SOC) incorporated into a complete Security Monitoring service. A fully automated solution where your organization no longer needs to interpret data and is completely unburdened.

Frequently asked questions

Security monitoring involves monitoring network traffic and analysing log files in order to detect threats, vulnerabilities and cyber attacks at an early stage. Because interpreting logs and investigating reports cannot be done effectively without underlying knowledge of the (customer) network, we focus on the collaboration between security monitoring and management. We help you discover vulnerabilities in your policies, configurations or network. We do this through regular progress meetings, helpful reporting and knowledge sessions. The knowledge sessions are based on the MITRE Defend framework and contribute to the maturity of your organization.

Log sources are connected to the network. Log sources are important servers or applications that generate log files. These log breaking states are sent to a SIEM. This is a central server where all log files are collected. In this SIEM, automatic detection rules search the log files. When a suspicious pattern is detected, this detection rule will generate a notification. This notification is investigated by our security engineers in the Security Operations Center (SOC). If the report is alarming we will contact you.

Monitoring your network can help detect malicious behaviour early on. If you want to protect your network, it is best to start monitoring your network. You gain insight into your network, you are quickly informed of suspicious activities and you can take appropriate action if a suspicious situation arises.

We develop our monitoring service by closely monitoring cyber security developments and adapting our detection rules accordingly. Furthermore, we continuously optimize our detection rules. We also constantly seek coordination with you as a client about current events that affect you and discuss security topics with you through short knowledge sessions.

Our Managed Detection and Response (MDR) service is designed to protect your data and interests even when a threat evades organisations’ general security controls. Our MDR security platform is an advanced 24/7 security control that covers a range of fundamental security activities, including cloud managed security for organisations that cannot maintain their own security centre. In addition to securing your company’s data and customer data, the government, with the GDPR (AVG) legislation, also requires you to take appropriate measures to protect personal information where you are a data controller or processor.