Applied Watch Technologies
How to Buy | Contact Us | Support | Site Map
Training Video
Download Demo

Managed Monitoring

Second Watch Global Monitoring Mission Statement:

To provide oversight and co-ordination of all external Blackhat intelligence sources and resources in order to assess the contextual intelligence in its entirety and likely impact on Customer Networks"


Applied Watch Managed Security Monitoring Services

Security has proven in recent years to be a very formidable and challenging area of information technology. Security management charged with protecting the assets of the company's enterprise around the clock are dealt a demanding responsibility that they don't have the neither staff nor available technical prowess needed to accommodate such a large undertaking.

In the face of constantly evolving threats, changing network environments, insufficient operating budgets, and scarce security expertise in the area of intrusion analysis and incident response, companies are rapidly looking to outsource the challenge of building a 24 hour Security Operations Center to monitor an always-on Internet connection that doesn't understand the meaning of 9 to 5.

Applied Watch Technologies staffs GIAC Certified Intrusion Analysts and can monitor customer networks 24 hours a day, 7 days a week, 365 days a year. Applied Watch's SOC engineers can assist in augmenting internal engineering teams by operating as both a 24 hour watch or escalation point of realized threats against its network.

The primary day-to-day mission of the Applied Watch SOC analyst is to maintain situational awareness in order to provide an immediate response posture to any suspected security event for validation and remediation of customer networks.


Customer Transparency

Unlike other managed security providers, Applied Watch provides 100% transparency to its managed customers by allowing them access to the central Applied Watch Server where events on their network are aggregated and correlated. Utilizing it's flagship product, the Applied Watch Command Center was designed from ground up to be a tool for MSP environments offering a unique user/group system, which traps specific customer event data to just that customer's group of Agents even though thousands of other customers and Agents are logging to the same Server. This unique approach to users and group-level access stands in stark contrast to typical MSP models in service delivery.

The "Second Watch" Service Offering

The Applied Watch 24 hour managed intrusion detection service offers the complete forensic lifecycle bundled in to a single annual service. The Second Watch service offering covers the complete gamut from event detection, response, analysis, and remediation. Applied Watch will work with the customer to not only recover from a compromise but prevent the compromise in the future through patch implementation and patch management.

Real-time Threat Intelligence and Global Monitoring

Applied Watch Technologies works closely with the SANS Institute by providing nightly Dshield reports as well as monitoring the SANS Internet Storm Center for real-time views of emerging threats on the Internet, such as suspicious number of increased port scans and exploit attempts that would lead Applied Watch to believe increased vigilance in customer perimeter monitoring may be necessary. Applied Watch would maintain a database of customer assets accessible from the Internet that it would conduct a comparative analysis on when newly evolved threats are discovered.


The Second Watch Services:

  1. Expert Analysts trained in digital forensics and maintaining chain of evidence rules for eventual prosecution
  2. Implementation services for additional IDS sensors
  3. 24x7x365 IDS ruleset management, tuning, and updating
  4. Correlation of events between different security devices and system logs on the customer's network
  5. Early warning system of new zero-day exploits, worm outbreaks, and newly evolved threats propagating the Internet
  6. On-site or telephone assisted incident response (Does not include T&E)
  7. Real-time Console access to events on the network
  8. On-demand and nightly reports of investigated events as well as trending, executive, and technical reports on past 24 hour activity
  9. Optional vulnerability and exposure management through sanctioned vulnerability scanning or penetration testing

Back to the top