+ 001 0231 123 32



All demo content is for sample purposes only, intended to represent a live site. Please use the RocketLauncher to install an equivalent of the demo, all images will be replaced with sample images.

Rustyice is the intersection of security and network management in one seamless experience.
Rustyice FORT secures your networks and systems


Rustyice RAMP gives you all the insight you need


Actionable Managed Security

Rustyice Solutions has built a reputation based upon high level technology solution implementations and cutting edge information technology deployments
Available Now

Solve Your Toughest Problems With Rustyice Solutions

Monitored Networks are Secure Networks
Your databases, networks and applications present tantalizing vectors through which your adversaries can enter and extract sensitive information. We're here to make sure that doesn't happen
Subscribe to our newsletter to get the latest news on our work.
What is the risk?
Monitoring Information and Communications Technologies (ICT) activity allows businesses to better detect attacks and react to them appropriately whilst providing a basis upon which lessons can be learned to improve the overall security of the business.
How can the risk be managed?
Businesses need to put strategies, policies, systems and processes in place to ensure that they are capable of monitoring their ICT systems and respond appropriately to attacks. A consistent approach to monitoring needs to be adopted across the business that is based on a clear understanding of the risks.
  • Establish a monitoring strategy +
    Develop and implement an organisational monitoring strategy and policy based on an assessment of the risks. The strategy should take into account any previous security incidents and attacks and align with the organisation’s incident management policies.
  • Monitor network traffic +
    The inbound and outbound network traffic traversing network boundaries should be continuously monitored to identify unusual activity or trends that could indicate attacks and the compromise of data. The transfer of sensitive information, particularly large data transfers or unauthorised encrypted traffic should automatically generate a security alert and prompt a follow up investigation. The analysis of network traffic can be a key tool in preventing the loss of data.
  • Test legal compliance +
    Ensure that the monitoring processes comply with legal or regulatory constraints on the monitoring of user activity.
  • Establish centralised analysis +
    Develop and deploy a centralised capability that can collect and analyse accounting logs and security alerts from ICT systems across the organisation, including user systems, servers, network devices, and including security appliances, systems and applications. Much of this should be automated due to the volume of data involved enabling analysts to quickly identify and investigate anomalies. Ensure that the design and implementation of the centralised solution does not provide an opportunity for attackers to bypass normal network security and access controls.
  • Provide resilient and synchronised timing +
    Ensure that the monitoring and analysis of audit logs is supported by a centralised and synchronised timing source that is used across the entire organisation to time-stamp audit logs, alerts and events to support incident response, security investigations and disciplinary or legal action.
  • Align the incident management policies +
    Ensure that policies and processes are in place to appropriately manage and respond to incidents detected by monitoring solutions.
  • Monitor all ICT systems +
    Ensure that the solution monitors all networks and host systems (such as clients and servers) potentially through the use of Network and Host Intrusion Detection Systems (NIDS/HIDS) and Prevention Solutions (NIPS/HIPS), supplemented as required by Wireless Intrusion Detection Systems (WIDS). These solutions should provide both signature based capabilities to detect known attacks and heuristic capabilities to detect potentially unknown attacks through new or unusual system behaviour.
  • Monitor all user activity +
    The monitoring capability should have the ability to generate audit logs that are capable of identifying unauthorised or accidental input, misuse of technology or data. Critically, it should be able to identify the user, the activity that prompted the alert and the information they were attempting to access.
  • Fine-tune monitoring systems +
    Ensure that monitoring systems are fine-tuned appropriately only to collect logs, events and alerts that are relevant in the context of delivering the requirements of the monitoring policy. Inappropriate collection of monitoring information could breach data protection and privacy legislation. It could also be costly in terms storing the audit information and could hinder the efficient detection of real attacks.
  • Ensure there is sufficient storage +
    Security managers should determine the types of information needed to satisfy the organisation’s monitoring policy. Vast quantities of data can be generated and appropriate storage will need to be made available. The organisation will also need to consider the sensitivity of the processed audit logs and any requirement for archiving to satisfy any regulatory or legal requirements.
  • Train the security personnel +
    Ensure that security personnel receive appropriate training on the deployment of monitoring capability and the analysis of security alerts, events and accounting logs.
  • Conduct a lessons learned review +
    Ensure that processes are in place to test monitoring capabilities and learn from security incidents and improve the efficiency of the monitoring capability.