FAQ – Haven Service

We continuously audit the marketplace for the latest technologies and modify Haven to ensure maximum efficacy. Current technologies include:

Endpoint- CylancePROTECT and OPTICS. CylancePROTECT is a next-generation antimalware solution that leverages machine learning to detect and prevent malware. CylanceOPTICS is an advanced endpoint detection and response (EDR) solution that can provide full visibility into attacks and local system activity. OPTICS also supports manual and automated response playbooks.

Email- Mimecast is an email security platform that provides anti-malware, spam, plus advanced threat prevention for email attachments and URL’s. In addition, Mimecast supports basic data loss prevention policies and sending encrypted emails to protect sending sensitive data to external recipients.

Network- Palo Alto Networks FW is a next-generation firewall that supports automated detection and prevention of malicious web traffic through URL and application filtering, file sandbox analysis, and SSL decryption. Additionally, Palo Alto Networks includes Global Protect VPN for secure remote access and secure access over insecure or public networks.

Vulnerability Scanning- Network and systems are routinely scanned and analyzed to strengthen system defenses. Scanning is performed monthly or as needed and reported to the Client organization to remediate vulnerabilities to reduce the organization’s attack surface that can lead to a compromise of non-public data. (NOTE: Vulnerability Scanning is part of the Haven™ package. For Haven Cloud and Haven SecureAdvisor, please inquire.)

Employee Awareness Training- Employee awareness training is delivered monthly in micro learning segments to increase employee security awareness and internet safety. Simulated phishing campaigns are delivered in parallel to help employees better detect and report potentially malicious emails. Most compromises result from human error, which can be significantly reduced by better educating personnel.

SIEM- Centralized log collection utilized by Corvid Cyberdefense security analysts to identify and respond to organizational threats. Corvid’s SIEM collects logs from endpoints, network appliances, and other IT and security technologies deployed in the Client environment.
Haven addresses many of the technical security controls defined in common security standards. Upon request, you will be provided with a Haven crosswalk for the compliance standard required by your industry. Common compliance standards include: NIST SP 800-171, NIST SP 800-53 and CMMC.
If you require assistance to develop custom policies, standards, operating procedures, or other security compliance documentation, Corvid Cyberdefense offers professional services. Please contact our business team.

Haven SIEM data is stored in a secure collocated data center with high availability. Our technology partners leverage cloud service providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Depending on the deployment model that is optimal for your organization, Haven can be fully cloud-based or as a hybrid solution. If physical hardware is required, Corvid will ship a pre-configured appliance that will need to be connected to your network and set up with network connectivity. Software will need to be deployed/installed by your employees. If on-site support is required, arrangements can be made based on an agreed upon one-time fee. Full deployment of Haven takes approximately 4 weeks on average; however, it varies by customer environment and needs.

Haven is an end-to-end solution that includes monitoring, detection, response, and remediation of security threats. Other MSSPs typically focus only on monitoring, detection, and alerting, requiring the client to determine how to handle and remediate threats.

Client data is stored in a highly secure environment secured by network segmentation, user and network security groups, multi-factor authentication.

Corvid Cyberdefense provides 24x7x365 coverage. Clients may contact support via phone, helpdesk web portal, or email depending on severity and preference. See our SLA for delivery and response timing.

Logs for all systems originate on the network security appliance, and the originals are stored there.

For every stream for the purpose of monitoring and security, the logs traverse a private SSL tunnel to our main non-public data center in Raleigh, NC. These logs are then housed in an internal single-tenant environment 100% under Corvid Cyberdefense’s control. Each client’s data is housed in data verticals apart from other clients, such that no client can have bleed over access.

Onsite backups and snapshots are accomplished within the same private cluster and engage no extra-corporate services.

Tertiary backups are flowed offsite multiple times per day for continuity to a virtual private cloud at AWS, employing object storage only. No public applications or structures are in place at said VPC, and no other systems at AWS are employed to interact with this data in any way.

Data at rest in cold storage and live in-cluster are maintained for 90 days per contractual SLA. Data is cycled out after this time on the following Sunday from the expiry of said data.

At a minimum all analysts must have Network+, a certification designed to test the competency of a mid-level network technician in supporting and configuring TCP/IP clients in terms of network design, cabling, hardware setup, configuration, installation, support, and troubleshooting.

Analysts are certified in each security technology and they maintain a provided structural learning path via on-site training.

For clients with an on-premise network security appliance, vulnerability scans are conducted on the 4th and 7th of each month. This ensures that the scans occur on a weekday.

No. Haven is designed to provide you with the technology to reduce the amount threats that can impact your organization. Our 24/7 security operations center (SOC) investigates event alerts triggered by the technology to determine if additional action is needed. If there is suspicious activity that cannot be confirmed by the SOC and requires domain knowledge, or if there is activity that is confirmed to be malicious OR is determined to be suspicious with potential for a compromise in data confidentiality or integrity, you will be notified directly per the SLA: corvidcyberdefense.com/haventerms