RECON™

A MANAGED SECURITY SERVICE

Today’s hackers launch threats faster than your customers can defend themselves. New pieces of malware are being launched daily and at this rate, many customers won’t be immune to a risk or breach. If your small to medium-sized business customers solely use a Security Information and Event Management (SIEM) solution or a patchwork of products, they’re at greater risk for a network attack.

The Recon™ Managed Security Service offering is an on-premise collection, correlation and analysis solution with 24x7 cloud-based monitoring and remediation assistance that helps protect your customers against today’s advanced threats.

Find devices on yournetwork, what’s installedon them, & vulnerabilities

Detect active threats & exploits on your

network

Analyze the threat & learn

how to remediate

Assess theNetwork

FindThreats

Respond toIncidents

Uni�ed Security Management

Investigate &Collaborate

Measure & Improve

Automatically share anonymousthreat information with the OTX

community

Open Threat Exchange

Benefits to your customers:• Unified security management – Simplifies and accelerates threat

detection, incident response and policy compliance by bringing key security capabilities—such as Asset Discovery, Network/Host IDS, File Integrity Monitoring, Vulnerability Assessment, Compliance Reporting, and more—into a comprehensive service.

• Cost-effective security – Includes features found in more robust security solutions that are often sold separately and offers a more manageable price point. You won’t have to recruit, hire or pay for hard-to-find security talent.

• Simplified compliance reporting – Consolidates data from hundreds of security products to ease the pain of manually compiling compliance reports. Plus, there are hundreds of built-in reports for managing PCI-DSS, ISO, SOX, HIPAA, as well as options for customizing.

• Fast deployment for superior threat detection and triage – Deployment is as simple as installing a physical or virtual appliance to defend against threats within hours.

How does it work?Simply install the physical or virtual appliance at your customer’s site for data and log collection. With integration to hundreds of third-party security products such as firewalls, Intrusion Detection Systems and others, Recon consolidates collected information from these devices for analysis. Identified threats and vulnerabilities are then forwarded as alerts to a secure cloud monitoring center. With a 24x7 security support team, we perform triage and research before notifying the end customer of the breach and remediation actions to take.

Benefits to you: • Portfolio expansion – Add a new security

competency to your portfolio or strengthen your existing offering.

• Efficient client service – Efficiently manage customers’ IT networks against cyberthreats without setting up your own monitoring service.

• Instant security expertise – Benefit from 24x7 monitoring by top-notch security researchers and professionals, so you can stay focused on your core business.

• Brand building – Availability to white-label as your own offering to build your business and brand.

• Greater profitability – Enjoy higher margins to increase revenue and profitability.

• Interoperability – Supports hundreds of new and existing security technologies.

Recon Features:Streamline your security operations, priced by events per second (EPS) you can choose the service that’s best for your business.

Tier of Service Tier 1 Tier 2 Tier 3 Tier 4

Max Events per Second (EPS) 1,000 2,500 3,500 5,000

Deployment & Support

24x7x365 Security Operations Center service

MSSP Startup Service - Initial deployment/configuration (max hours) 40 40 60 60

MSSP Infrastructure Deployment virtual virtual virtual virtual

Remediation/Configuration Tasks (hrs/mo) 4 6 12 16

Backup/Restore of USM configuration

USM High Availability (optional)

SIEM / Security Intelilgence

Log Collection up to 10 devices up to 10 devices up to 20 devices up to 20 devices

SIEM Event Correlation

Behavior Monitoring

Netflow Analysis

Threat Detection

Threat Intelligence Updates weekly weekly weekly weekly

Network IDS (port mirroring)

Distributed Denial of Service

Host IDS up to 10 devices up to 10 devices up to 30 devices up to 30 devices

Host IDS - Rootkit Detection

Host IDS - Event Logs Collection w/ compatible plugin w/ compatible plugin w/ compatible plugin w/ compatible plugin

Host IDS - Windows Registry Integrity Monitoring

Host IDS - File Integrity Monitoring

Host IDS - Agentless Monitoring

Vulnerability Assessment

Continuous Vulnerability & Event Correlation Monitoring

Active Vulnerability Scanning quarterly quarterly monthly monthly

Asset Discovery

Active & Passive Network Scanning

Asset Inventory

Reporting

Standard Compliance Reporting

Custom reporting using report builder up to 10 up to 10

Weekly Proactive Managed Service Activities

Validate threat intelligence updated

Verify Host IDS communications

Modify asset inventory (as appropriate)

Update security alert configuration (as appropriate)

Verify reports are configured correctly

Research security alerts and provide suggested remediations

Update Policies and event correlation rules (as appropriate)

Verify vulnerability scan execution

To find out how you can add Recon to your portfolio

and learn more about our offering, contact your sales

representative or email SecurityServices@techdata.com

for more information.