Securing business data

Intrusion Detection & Threat Management

Intrusion Detection & Threat Management

CNS Mosaic Managed Services use a Unified Security Management (USM) Platform to provide Intrusion Detection & Threat Management.

The USM service provides comprehensive security visibility and is critical in uncovering security breaches; providing a holistic view of events across customer networks and reflects the need to identify security incidents at various touch points:

Web Based Attack Detection

The component is effective with Web-based attacks, such as SQL Injection and Cross-site scripting; the purpose of such exploits is to compromise local systems to install malware or get information to impersonate the user on another web site. The deployed CNS Mosaic USM solution continuously monitors for SQL Injection and Cross-Site scripting exploits.

Open Threat Exchange (OTX)

This component provides crowd-sourced threat intelligence on the latest exploits worldwide and provides the full picture of activity on your network threat intelligence from outside of you network. The CNS service uses this information to help prioritise risk and focus resources better, by correlating known malicious IPs with activities on network components such as firewalls, proxies, web servers, anti-virus systems, and intrusion detection systems. Malware can also be detected in transit over the network or when it communicates back to its command and control servers.

Intrusion Detection Systems

Host Intrusion Detection (HIDS)

This module monitors customer servers and applications for malicious activity and other unauthorised use of host resources. The service includes ongoing monitoring of HIDS (Host Intrusion Detection) agents, security maintenance, alerting on intrusions and HIDS reports (as required)

The IDS service is aimed at collecting information about activity on particular single systems and is installed on machines that are deemed to be susceptible to possible attacks (usually referred to as mission critical assets). The service is not intended for use on endpoint devices such as desktops and laptops. CNS Mosaic would be happy to discuss potential solutions for those devices outside of this service.

The service uses the OSSEC agent that is installed on the target device. It can be installed on LINUX, UNIX and Windows systems.The service provides the following benefit to customers.Identification of system compromise for single systems such as:

  • Modification of critical configuration files (e.g. registry settings, password, etc.)

  • Common rootkits

  • Rogue processes


The service provides the following benefit to customers:

  • 24 x 365 Monitoring – someone is watching the system all the time and this offloads need for a 24 x 365 internal response team.
  • Expert and knowledgeable response to IT, network and security events.
  • A defence policy defines how to filter alerts and what to respond to.
  • Service responds to suspicious activity, either external or internal, with source and destination addresses, actions taken and impact.
  • Log event storage - secure storage, retention and deletion of logs.
  • All signature updates applied by CNS Service Desk and tested beforehand.
  • All lifecycle management updates and patches, managed by CNS as part of the managed service.
  • Fixed annual cost for managed service, appliance and all updates.

Network IDS (NIDS)

This module delivers on-going monitoring, alerting that enable security best practice.  The service provides signature-based anomaly detection, and protocol analysis technologies. This enables customers to identify the latest attacks, malware infections, system compromise, policy violations, and other exposures.

Implemented on the built-in software that utilises Snort and Suricata as the NIDS engine the service is:

  • Designed to monitor and analyse network traffic in real time
  • To help identify and block possible security breaches (e.g.; intrusions from outside the organisation and misuse from within the organisation)

This comprehensive service protects corporate assets from attack or abuse by providing 24 x 365 remote monitoring, management and response to detected incidents. CNS SOC engineers are alerted to all incidents and use this information to rapidly identify potential threats and respond with the appropriate force to minimize risk to customers.

Get in touch

Talk to our experts today
call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere