The DoIT security team also provides a range of practical security services to help maintain cybersecurity and to monitor (and respond to) cybersecurity threats.
SOC Services (and functions):
DoIT operates a 24x7 Security Operations Center (SOC) for networkMaryland and other State Government clients. The SOC monitors alerts and initiates notification or incident-handling as warranted.
- Collect logs from client devices (into a system information and event monitoring [SIEM] system)
- Continuously monitor identified threats and anomalies
- Generate reports to provide insight (and oversight) on multiple aspects of environmental security, e.g., user accounts locked because of too many login attempts
- Generate reports to facilitate auditing and security-monitoring requirements
- Initiate incident handling or notification as needed
- Manage incident investigation and mitigation
- Conduct digital investigation(s) as directed (usually in support of incident handling)
- Support insider-threat — analyze threats, report incident, and support investigation of reported cases
- Investigate malware — assess action and potential threat
Penetration testing
Provide several types of penetration testing.
Threat Intelligence
Collect and maintain cyber threat intelligence.
- Utilize in SOC and other cybersecurity operations
- Distribute intelligence for subscriber's insight and action
Vulnerability management
Execute routine vulnerability scans; distribute reports; initiate tickets for fixes; note that asset owners are ultimately responsible for ensuring vulnerabilities are mitigated.
Secured Environment (in addition to Managed Security Services)
Perimeter Defense ServicesPlaces an agency's point of presence behind a next-generation firewall with security services that include:
- Whitelisting and blacklisting
- Data loss prevention
- Alert analysis and remediation advice
- Quarantine services
- Advanced threat detection
- Exfiltration protection by enabling Deep Packet Inspection (e.g., malicious activity and malware, including ransomware)
- Customizable (security) reporting
Network Access Control
Provide network access control, and monitor and report on changes to network perimeter, including IP address changes, port and services changes, and wireless network changes.
- Asset Management
- Monitor and control system, software, and information assets; maintain asset inventory, and provide logging to enable SOC alerts on unauthorized changes.
Configuration Management
Provides tools and procedures for deploying and maintaining secure configurations for system, software, and network devices; provide logging to enable monitoring and alerting on unauthorized changes.
Endpoint SecurityDeploy and configure endpoint and server protection instrumentation and application software security, for example:
- Antivirus deployment
- Data encryption
- HIPS
- Etc.
Data Security and Encryption
Configure, deploy, and manage an enterprise encrytion suite, including encryption of data, databases, and full-disks.
