Sizing with proposed team
File Integrity Monitoring
Fire Eye : 2
5100 Endpoints (Desktop + Servers)
Ongoing False Positive & Negative fine Tuning of signatures
Fine tuning the logging parameters towards the SIEM
Endpoint Protection Profile Management
Enabling signature, Protection Profiles, Endpoint policies for the various target operating systems & Applications ( IOCs, Hashes, URLs, IPs)
Fine tuning the signatures / Protection Profiles on ongoing basis to avoid false positives
Endpoint / Server Signature Updates
Managing all endpoint / servers using endpoint console.
Checking & enforcing updates on daily basis
Coordination with OEMs / vendors for mitigating the threats related new Samples
Remote Endpoints Hands and Feet Support in case thee endpoint is reachable. ( Wipro supports the endpoints via remote session tools)
Upkeep of the APT solution
Monitoring of Manual / Automatic Payload analysis ( File Sample / Unknown threats Submission)
Coordination with Firewall / Proxy team for stopping any Call back attempts
Submit Malware Sample(IOCs) and to performs malware analysis in the APT systems
Continuous monitoring of Web filter (URL Database) signature updates,
AV updates from principle vendor’s source for keeping the track of all the updates (such as Current Version, Last update).
Creating custom URL filters, Proxy Profiles as per requirement.
Unknown categories list should be prepared and reported to proxy vendor with follow-up.
Fine tuning URL database on need basis.
Day to day management of proxy cache.
Generation of reports on proxy usage, violations, capacity reports and other trend reports on scheduled time intervals.
Mandatory : 6-8 years of experience