Cybersecurity Security FAQ's
Secure Operations Center/Support
Support is available 24 x 7 x 365.
Support can be reached via
- e-mail at: email@example.com
- Phone at: +44 207 993 6949 (UK) +1 (410) 995-7997 (US)
- or via the Trident Client Portal
GBMS Tech SOC engineers answer the phones, respond to emails and resolve issues. Many of them helped build the technology that GBMS Tech uses, so they understand it in the most fundamental ways and are equipped to resolve the issues that customers may encounter. Support is available
GBMS Tech SOC engineers hold several IT and IT Security certifications. Training is a continual process as security threats are continually evolving.
Certified Information Systems Security Professional (CISSP), Microsoft Certified Systems Administration (MSCA), Microsoft Certified Professional, Microsoft Certified Systems Engineer (MCSE), Network +, Security +, Offensive Security Certified Professional (OSCP), Offensive Certified Expert (OSCE), Certified Fraud Examiner (CFE), Certified Ethical Hacker (CEH), Certified Hacker Forensic Investigation (CHFI), Access Data Certified Examiner (ACE), , Sophos Architect, Cisco Certified Network Associate (CCNA), Certified Information Security Manager (CISM), HIPAA Certified Auditor
Trident Endpoint Protection
Trust Lockdown currently protects Windows operating systems including servers, desktops, laptops, and tablets. See Technical Specifications for a list of operating systems and minimum requirements.
The Trident Endpoint Protection does not protect Android or Apple mobile devices yet.
Yes. The U.S. Computer Emergency Response Team (US-CERT under Department of Homeland Security), the Australian and the Canadian governments all recommend application whitelisting as the best protection for all computer systems, adopting it as the #1 malware mitigation strategy.
Trident Endpoint Protection is better than whitelisting. It was built to address the shortcomings of traditional application whitelisting. Trident Endpoint protection addresses the shortcomings of traditional whitelisting by using secured application and version control. With traditional whitelisting large amounts of time are used up updating the lists to be current.
With secured application and version control, there is one global secured list that is continually updated by GBMS Tech and users will only need to select the applications and versions they trust to run.
Yes. Most of today’s malware use script files as part of their attack. You can add Trusted Scripts to your protection, which are validated along with executables. Your trusted script files can run, and unknown scripts are blocked.
White Cloud Security protects all the following types of endpoints running Microsoft Windows platforms listed in our Technical Specification:
- Desktops and Servers
- Laptops, Tablets, and Portable Devices
- Industrial Control Systems
- Virtual Terminals
- Cloud Servers
- Embedded Windows
- Automatic Teller Machines (ATMs)
- Casino Gaming machines
Trident Endpoint Protection blocks untrusted executables and untrusted scripts. This includes:
- Ransomware, executable or script based; e.g. CryptoLocker, CryptWall
- Wiper Virus type attacks
- Stuxnet type attacks against Industrial Control Systems
- Watering Hole type attacks where hackers infect trusted websites
- Droppers from Websites
- Phishing and Spear Phishing Attack type infections
- Keyloggers and similar information stealing trojans
- Executable and Script based Internet Worm type attacks
We have a Persistent Cache feature that protects you in the event you lose connection with the network. Your Persistent Cache then validates your applications to run when you are offline.
Blocked items are visible to the end-user via local pop-up at the endpoint. The Administrator can control the visibility of the pop-up from the dashboard for the entire group, or individual endpoints.
Blocked items are also logged at the dashboard, and an email is sent in real-time to the designated email for that group.
Trident Endpoint Protection is not whitelisting but secured application and version control.
With traditional whitelisting large amounts of time are used up updating the lists to be current. With secured application and version control, there is one global secured list that is continually updated by GBMS Tech and users will only need to select the applications and versions they trust to run.
Our Trident Endpoint Protection has unique advantages that application whitelisting products don’t have:
- Multiple fingerprint technology that prevents possible hashtag collision attacks
- Instant protection without scanning the endpoint
- App usage intelligence through our event logging of all run, blocked, and monitored items
- Validation of apps independent of user privileges, host name, source, and path
- Available 2-Man Rule strategy for increased security in change management
- Reduced CPU usage because of the elimination of push requirements
- We make application control simple to install and easy manage; eliminating the barriers of adoption.
Trident Network Protection
The Trident Network Protection protects all network connected devices. If your printer, telephone (VOIP), smartphone, tablet, server or PC is connected to your network the resulting network traffic will be protected by the Trident Network Protection.
On larger networks, multiple Trident Network Protection can be deployed to protect individual subnets.
The Trident Network Protection protects your network by monitoring incoming and outgoing traffic. The Trident Network Protection filters the incoming and outgoing traffic by examining the traffic and comparing it to lists of known malicious traffic.
Using machine learning and SOC team analysis, the Trident Network Protection can filter out known malicious malware and reduce intrusion attempts. The filtered traffic has improved bandwidth available for all network connected devices, which further improves network performance. Servers don’t have to work as hard when performance robbing intrusion attempts are blocked before they reach the host.
The Trident Network Protection connects to two ports on your network, and the traffic can continue to your firewall without issue. Additionally, in a future release the Trident Network Protection can be configured to update your firewall configuration when new threats are detected.
The Trident Network Protection does not negatively impact network performance or bandwidth. The filtering technology of the Trident CMP will improve your network traffic by blocking performance- impacting cyberattacks, known spam providers, and connectivity to known harmful internet locations.
The Trident Network Protection captures all network traffic alerts and collates the alerts found during real time monitoring. Trident Network Protection machine learning prioritises the alerts and combined with SOC team analysis any identifiable threats can be identified and blocked from the network. Active evolving threats such as botnets and adaptive malware can be detected with Trident Network Protection. Threats are tracked geographically, so entire countries can be blocked if needed.
The Trident Network Protection is an affordable, reliable, proven solution that works for any size organization. What makes Trident Network Protection superior is its speed and reliance on machine learning to sort network traffic. Machine learning reduces time wasted on false-positive alerts that are commonplace in other IDS/IPS platforms.
Each Trident Network Protection is monitored by a team of SOC Analysts. Alerts and updates generated by the Trident CMP are processed by an expert staff who turn the alerts into comprehensive intrusion detection reports. The reports contain statistical data on network security, and analysis of the alerts discovered during network monitoring.
Argentum offers a complete DDoS protection which includes Web Application Firewall (WAF), Website monitoring, CDN and Load balancing.
Argentum is broadcasted out of 6 scrubbing centers, each with multiple 10Gb/sec upstream providers and auto failover between centers.
During setup, customers redirect their DNS to point to a Argentum IP. This directs all traffic away from the client server, shielding the server from the Internet and the attack traffic attempting to reach it. Instead, all traffic is sent to one or more of the Argentum traffic scrubbing nodes, which are strategically dispersed worldwide.
The scrubbing nodes clean the traffic and send only legitimate requests back to the client server. The client server is shielded from all attack traffic because the malicious traffic never gets past the scrubbing nodes. While using Argentum, the client server is completely hidden to the Internet and only communicates with the Argentum system, no one else.
GBMS Tech, Ltd. Security Operations Center (SOC) dynamically sets alerts for each client. Settings vary between clients depending on what is a normal number of requests to the site in question within a given unit of time.
Alerts will notify the security engineering team when the requests exceed the determined thresholds at which point the team analyzes the traffic to determine the next course of action and applies any additional mitigation techniques. This is all performed with no interruption to the systems availability, and no intervention by the customer.
Once the attack is under control, clients are contacted with a detailed analysis of the attack and the mitigation that took place
Yes, you require a separate Virtual IP for each SSL. Each protected entity requires a separate Virtual IP.
Clients can run up to 10 different domains through 1 Virtual IP, as long as they are on the same IP on the client side and they share the same SSL certificate.
One Virtual IP includes 20Mb/Sec of clean traffic?
New client websites can be provisioned in approximately 15 minutes, on average, and is limited only by the time it takes for the DNS change to propagate over the Internet. Once the DNS “A” record is switched over everything will start running instantly.
Every customer is set up with Argentums base configuration. The base configuration is designed to mitigate a wide variety of attacks, including:
- ICMP & UDP floods
- Port scans
- SYN attack
- Distributed reflection DoS (DRDOS)
The GBMS Tech SOC team then builds a custom configuration that is architected to the individual customer design and layout, ensuring optimal performance while further protecting the site from the more sophisticated attack techniques such as:
- HTTP/S GET
- HTTP/S POST
- Fragmented packets.