Calibre One

Monitor, Detect & Advise Cybersecurity Service

Essential Components of our Program

The Calibre One Monitor, Detect & Advise Program Consists of the following Key Elements:
1
Onboarding and Shaping Up
2
Monitor, Detect & Advise
Additional option
Ongoing Reviews, Audits and Risk Assessments
Step 1

Onboarding And Shaping Up​

Office 365 is a very secure platform with many tools to assist with securing and monitoring the environment and while the Out of the box default setup is good, to be truly secure it needs to be configured and optimised for your needs. This is not a function of normal ICT maintenance and most IT maintenance companies will lack the expertise to configure many of the variables, the tools necessary to monitor the conditions and the manpower to act on such alerts in a timely manner. This is the role of our security specialist team.

Our onboarding and Shaping Up process is designed to bring your Office365 tenancy to a higher level of security. To do this we use the built in Microsoft Office 365 Scorecard System to generate an overall security score for your tenancy. This will provide a score reflecting the points from a maximum possible – for example 74% (pretty good) or 11% (really bad). Our onboarding process is designed to bring your Tenancy to a MINIMUM 75% of the potential score for your specific environment – in the above example the 74% would be acceptable while the lower figure is not. This figure is an evolving score and changes over time as Microsoft introduce new features and threats change. (Future Monitoring of this score and adaptation of the environment is one of the variables our security services monitors).

The one-off charge for Onboarding and Shaping Up varies as a result of this core with the lower the score, the more work required to get the tenancy to this level. Please NOTE: We consider this to be an ESSENTIAL component – Calibre One will not provide security services to any tenancy not meeting minimum acceptable Microsoft score values.

Step 2

Monitor, Detect & Advise​

Our suite of tools provides essential monitoring and alerting – warning us to suspicious or malicious activities within your environment. Some are designed to detect ongoing and persistent external threats; others are designed to mitigate and react in the event your tenancy is compromised. This provides essential coverage and then speedy reaction should anything happen.

How do we Monitor and Detect?

An effective program of monitoring and detection is essential to provide basic levels of security. The Calibre One Cybersecurity program monitors and detects customers for the below security threats and attacks:

This detection identifies that users were active from an IP address identified as risky by Microsoft Threat Intelligence. These IP addresses are involved in malicious activities, such as Botnet C&C, and may indicate compromised account.

This detection identifies two user activities (is a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to the second, indicating that a different user is using the same credentials. This detection uses a machine learning algorithm that ignores obvious “false positives” contributing to the impossible travel condition, such as VPNs and locations regularly used by other users in the organisation.
This policy profiles your environment and triggers alerts when activity is detected from a location that was not recently or never visited by the user or by any user in the organisation. Detecting anomalous locations necessitates an initial learning period of 7 days, during which it does not alert on any new locations.

Generates an alert when an excessive volume of login attempts to an account is detected.

Generates an alert when someone in your organisation has sent more mail than is allowed by the outbound spam policy. This is usually an indication the user is sending too many emails, or that the account may be compromised. This policy has a Medium severity setting. If you get an alert generated by this alert policy, it’s a good idea to check whether the user account is compromised.
Generates an alert when someone in your organization is restricted from sending outbound mail. This typically results when an account is compromised, and the user is listed on the Restricted Users page in the Security & Compliance Center. (To access this page, go to Threat management > Review > Restricted Users).This policy has a High severity setting. For more information about restricted users, see Removing a user, domain, or IP address from a block list after sending spam email.
Generates an alert when someone in your organisation creates an inbox rule for their mailbox that forwards or redirects messages to another email account. This policy only tracks inbox rules that are created using Outlook on the web (formerly known as Outlook Web App) or Exchange Online PowerShell.
Generates an alert when someone in your organisation creates an inbox rule for their mailbox that performs an action deemed as suspicious.

How do we advise customers?

All issues detected will be raised in the Calibre One ticket recording system as an Incident Ticket. On becoming aware of the incident, Calibre One will:

  • Triage the ticket to determine its nature, validity and severity.
  • Issues determined to be of an Immediate threat in nature will result in the NOC engineer responsible taking action to:
    • Immediately restrict further access to the account.
    • Liaise with the effected user to determine if the threat was in fact real and the circumstances surrounding the incident.
    • Reenable the account or take further action to secure and freeze it as required.
    • Document all actions.
    • Report the incident via the predetermined reporting chain.
  • Lodge a ticket with your Managed Services provider (MSP) to undertake any further action.

All actions required to triage and respond to an immediate threat is included in the cost.

Follow up and/or subsequent investigation work is subject to additional coststo be determined at the time.

Step 3 - optional

Ongoing Reviews, Audits And Risk Assessments​

Essential to any program is ongoing Monitoring and Assessment of the program itself. The risk constantly changes and so you need to regularly review your policies, practices and procedures against the evolving risks.Our Essentials package provides a suggested bi-annual scheduled Risk Assessment reviews and Audits to ensure you remain compliant.

Pricing

There are three elements to the program pricing:

  • uplifting and securing of the Office 365 tenancy, configuration of monitoring agents and equipment
  • the ongoing per user cost of monitoring
  • the initially suggested compliance reviews and inspections to ensure ongoing compliance.
Shaping Up

varies

Once off fee

The Shaping Up charge varies depending on current state as determined by the Microsoft Security Score card and complexity of your environment. The Shaping Up costs are tiered for tenancies with scores less than 75%, 50% or %25 of the possible score. That is; the better your initial score, the less is required to get the environment up to shape and the lower the Shaping up charge will be.

Ongoing

$9.50

user / month

$10.00

device / month

$8.24

user / month

Microsoft 365 P1 License

Review

varies

Once off fee

  • Our Essentials package provides a suggested bi-annual scheduled Risk Assessment reviews and Audits to ensure you remain compliant.

Interested In Our Cybersecurity Service?

Get in touch today!

About

Services

Resources

Help

Connect with us
Facebook Twitter Linkedin Youtube
© All rights reserved for Calibre One.
Designed and Maintained by Pink Birch Design.