Logger Script


Managed Security

Managed security service is a service that provides a professional and sustainable security management through professional operations management personnel to VPC customers.

What is Managed Security Services?

Managed security service is a service that provides a professional and sustainable security management through professional operations management personnel to VPC customers. It is bespoke service of each layer of security, so you can keep optimized security by the comprehensive operations management system that consist of initial build consulting, 24x7 security operation and monitoring and response of the infringement.

Service Highlights

01. Customer can build optimized security system more easily by initial consulting, also it is possible to flexible design service to meet the diverse customer requirement.

02. Customer can reduce the costs of oerating directly and maintain high security in a systematic operation management by security professionals of kt.

03. Provides reliable security management after business hours such as weekend and holidays by 24hours of 365days sustained securiy management service.

04. Customer can determine the operating status of the system through the regular security information.

05. Customer always can get the security-related information by 24x7 help desk.

Service target

1. CDC(Cloud Data Center) Security

Prevent physical access to the Customer's IT infrastructure from a non-authorized personnel and, depending on the access policy monitoring / control of traditional and most basic security measures. Unlike the concept of ITS to maintain and repair the existing multiple operating personnel access at any time, cloud system can satisfy the strong physical security than this, because physical access control of operating personnel. Access control for computational resources, Cage installation, monitoring agents deployed, security infrastructures, such as installation of CCTV kt ucloud offers strong physical security measures.

2. Network Security

Hackers on the Internet, such as a network layer from malicious intrusion / invasion of external protocols, IP, security measures to defend the computational resources of the interior through the control of the port. All computational resources that are connected to the internet and basically allows free access from outside, to prevent such unauthorized access is needed most preferentially blocked from network access control and intrusion. Security to be the first to build in enterprise computing security measures, yet, always-operational surveillance system is part of the most costly and labor-consuming and needs. Firewall, UTM, disconnect the internal network by building Anti-DDoS systems from external threats, protection, and in conjunction with security systems such as IDS / IPS / ESM monitoring and analysis.

3. Server Security

Customer's computer system security is how to strengthen the security of the server (VM) level of operations. The OS of the server has its own number of security vulnerabilities, including vulnerabilities in operational management of exposure can also be an administrator account. Other malicious code, viruses, backdoors (Backdoor), bot (Bot), etc., etc. There is also the threat of infringement resulting from external servers. Server antivirus solution, the OS itself through regular patches eliminate vulnerabilities, periodic management accounts and passwords, eliminating the vulnerability regular inspections and eliminate these threats through such measures.

4. Web / Application Security

As in recent years is the majority of the IT Business is done through the web, most hacking attacks are being made through the web. Hacking through the web is the nature of the foreign service to be accessible by anyone, with existing network security appliance is not able to defend the attack has caused a lot of damage. The cloud infrastructure is shares which the Web environment is growing more and more the importance of Web security. Web / Application security is its own vulnerabilities and eliminate these security measures to defend the attack and infringement through the Web professionally. Web application firewall, web vulnerabilities through complementary solutions, such as shells monitor and defend the illegal infringement.

5. DB / Contents Security

Database and the content is the final value to be security guard companies. This is important to control the access to prevent unauthorized disclosure of the outside of the Data and preparing in case of a spill such as encryption, a security plan to the audit records (Audit) for this activity. DB encryption / access control, content encryption, data loss prevention, DRM / DLP, etc. through to prevent the leakage of the outside.

6 Intrusion Prevention System Administration Services

Firewall Managed Service

Intrusion prevention system is the basic operation of the maintenance of the security of the computational resources, its field is sensitive enough to influence the quality of the overall service. Intrusion Prevention System Management Service is a service offering firewall operation by a security expert of kt. Analyze and recommend the security rules met the customer's system, and apply the rules in accordance with customer requests.

- Firewall appliance operational management and Health Check
- Support Security Rule configuration
- Basic firewall rule recommendations, analysis
- Emergency analysis and applying blocking rule when infringement concerned
- Applying customized rule
- Policy backup

Classification Service list note
Configuration Management Secure network consulting initial
Configuration/Rule applying and backup When changing / month
Availability Management Utilization management system Always
Policy Management Treatment firewall policy Upon request
Backup and provide firewall policy When changing / month
Firewall system monitoring 24 hours / 365 days
Operations Management Blocking intrusion attempts via the remote management console 24 hours / 365 days
the latest Patch and Upgrade of System features after manufacturer announce
Alert Service of service Event

7. Security Services

Managed Security Monitoring
The Security Service is a professional security personnel monitor the intrusion / infringement by 24/7 real-time security monitoring and reporting activities for the protection of the customer's information resources and systems analysis, and reporting services to respond to infringement. Firewall, IDS, etc. ESM (Enterprise Security Management) in the event of security solutions and integrated security control room integration, analysis, and provide monitoring and response / prevention activities..

- Event Monitoring at each security equipment
- Events collected, integrated monitoring and analytics through the ESM
- Live infringement / offensive attempt monitoring, analysis and response
- Respond in the event of an incident
- customer report when the main event occurred
- provides Security Management regular reports
- Infringement response / incident reports provided
- provides the latest security trends and information
- Security Help Desk

Classification Content Note
Firewall Firewall Event Monitoring 24hours/365days
IDS/IPS IDS Event Monitoring 24hours/365days
ESM integrated monitoring through the ESM 24hours/365days
Alert report When infringement (attack)attempting Alert in the event
In the event of an incident After detection
System Alert and Failure Alert in the event
Security appliance performance issues Alert in the event
Incident Response Support CERT agent when security incident occurs After report
Security incident response process After detection
Damaged systems analysis and emergency action After the occurrence
Attack countermeasure After the occurrence
Report Control report Monthly
Infringement corresponding report After treatment
Incident Report After treatment
Security Technology Trends / Vulnerability Information / accident information / advisory In the event

8. Web Services Firewall Operations Management

WAF Managed Service
Web application firewall solution for professional security management solution, a solution that early learning is necessary and takes a lot of effort and time it requires to continue to operate even after optimization. Web Firewall Operations Management Service is a service offering on behalf of the Administration web application firewall that customers have a lot of burden incurred in operating directly.

- Web Firewall Traffic type learning progress
- Based on the learning content detection and defense Rule Set
- Basic defense and Level Selection Rule applies
- SQL injection, XSS web attacks such as interception and tampering
- OWASP 10 Vulnerabilities defense

Classification Content Note
Configuration Management Monitoring range established (Domain) Iniitial
Configuration and settings backup When changing/monthly
Availability Management Utilization management system Always
Policy Management Web traffic learning progress Early (3 weeks)
WAF Rule Customizing Early/when changing
WAF Pattern Update When the manufacturer announced
Operations Management Intrusion attempts surveillance through remote management 24hours/365days
Latest Patch Upgrade of systems and functions When the manufacturer announced
Systems Alert Service In the event

9. Shell Monitor Service

Shell Monitor Service
As in the Internet environment, it takes up a lot of weight and is a web service directly infringe on your system and increase the practice to insert malicious code into your system using a separate Giro distribute malware. Shell and monitor services to diagnose and monitor whether the insertion of malicious code, which is removed during service discovery.

- Insert malicious webshell surveillance
- Whether each domain webshell insert diagnosis
- Removal and restoration of the original discovery webshell

Classification Content Note
Operations Management Insert webshell surveillance Always
Webshell diagnosed and deleting Always

10. Vaccine service

Server Anti-Virus Service
Services are diagnosed with vaccine virus and trojan malware infection that may occur, such as Joan of cloud servers used to provide / manage the server only Anti-Virus vaccine, and provides the ability to remove the malware infection. - Real-time malware monitoring
- Virus diagnosis and removal within the server
- Spyware / Adware diagnosis and removal
- Operating Status identify and control by the central administration
- Auto / Manual Selectable update

Classification Content Note
Operations Management Updating version and engine When the manufacturer announced
Auto / Manual
Central Management Always

Service Type

Classification Service Note
cloud VPC Basic security control Intrusion Prevention System Management Service
Premium security control Intrusion Prevention System Management Service
Intrusion Detection System Management Service
24/7 Security Services
Periodic Security Reports Service
Annual inspection service vulnerability
Web Firewall Operations Management WEB F/W operations management services
Shell Monitor Malware detection/protection services
Vaccine service Server antivirus service

Supported appliance and solution

1. Firewall
Korean Product Foreign products
Secui MF2 Series(scheduled) Juniper ISG Series
Juniper SSG Series
Fortinet Fortigate Series

2. IDS(Korean Product)
Winstechnet Sniper IDS Series

3. IPS(Foreign products)
- Winstechnet Sniper IPS Series
- Secui MFI Series(scheduled)

4. WAF(Web Firewall, Korean Product)
- PentaSecurity WAPLES Series
- Monitorapp WebInsight Series
- Piolink Webfront Series

Virtual Machine Alert
Option 1.
  • Select Server (CPU/RAM)
  • : Server(VM) 1v core/1G memory
  • Operatoion System
  • :
  • Comment
  • :