ANS Documentation

Improve This Doc
  • Cloud
  • Domains and DNS management
  • Backup and High Availability
  • eCommerce Stacks
  • Security
    • DDoSX®
    • Web Application Firewall
    • Threat Monitoring and Threat Response
      • General Information and FAQs
      • How does it work?
      • System Requirements
      • Getting Started
      • Installing on a UKFast hosted server
      • Installing on a non-UKFast hosted server
      • PCI DSS Compliance
      • Alerts and rulesets
      • Attack Ruleset
      • High Level Alerts Explained
      • Alert Remediation Tips
      • Common Attacks
      • Databases
      • Exploits
      • File Monitoring (FIM)
      • Malware
      • Service Specific Alerts
      • System
      • Windows
      • Scans and Reconnaissance
    • McAfee Antivirus
    • Vulnerability Scans
    • ANS MDR
    • Keeping Magento secure
    • Keeping WordPress secure
    • Brute Force Attacks
    • CryptoLocker
    • Dirty COW
    • The Logjam attack
    • Meltdown and Spectre
    • Memcached security concerns and reflection/amplification DDoS attacks
    • Wana Decryptor / Wana Decrypt0r 2.0 / WannaCry
    • Log4J Vulnerability
    • Polkit Security Vulnerability CVE-2021-4034
    • CVE-2022-0847 - Dirty Pipe Vulnerability
  • Email
  • Monitoring and usage management
  • Networking
  • Operating systems
  • Webcelerator
  • MyUKFast
  • Home >
  • Security >
  • Threat Monitoring and Threat Response >
  • General Information and FAQs

General Information and FAQs¶

What is Threat Monitoring¶

Threat Monitoring from UKFast is our tailored, all in one HIDS/SIEM system that enables you to continually monitor for malicious activity on your IT environment. Threat Monitoring is a must for businesses who take security seriously and is highly recommended to those who wish to achieve PCI-DSS compliance for processing online card payments.

How does Threat Monitoring link into PCI-DSS?¶

As per control 12.4.1 of the PCI-DSS standards, businesses that accept card payments are required to employ a form log collection to allow activity to be tracked in the event of a breach.

UKFast’s Threat Monitoring handles this for you. By collecting all your server’s logs and sending them to our Threat Monitoring infrastructure, we can parse these logs for threats and store them securely for 12 months, as required the PCI-DSS requirements.

This easy, no-fuss solution to this, and many other PCI-DSS requirements ensure your business is compliant and ready to take card payments online.

What attacks can Threat Monitoring detect?¶

As Threat Monitoring is installed onto your servers, it can easily detect and protect against a wide variety of attacks. We employ an advanced ruleset of bespoke detection rules that can identify attacks such as:

  • Brute-force attacks

  • SQL Injection

  • XSS (Cross-Site Scripting)

  • Shellshock

  • Path Traversal

  • Code Injection

  • Version Gathering

  • Network Scanning/Mapping

  • Challange-Response Exploits

  • SSH CRC-32 Compensation attacks

  • Invalid DNS packets

  • Ping of death

  • Replay Attacks

  • Buffer Overflow attacks

  • Rootkits

  • Malware and Viruses

  • WordPress attacks

  • osCommerce Login Bypass attacks

  • PHPMyAdmin Scans

  • POST Bots

  • Website Scraping

Any many more…

How will I be alerted?¶

Threat Monitoring alerts can be easily viewed in the form on an email, sent directly from our real-time alerting system. These alerts will contain a brief description of the attack/alert, the agent (your server) IP address and the full log event detailing the attacks.

You can also view a breakdown report of live threat events in your MyUKFast Threat Monitoring dashboard.

What is Threat Response?¶

Threat Response is an additional service which provides managed support by our in-house security team, pro-actively looking into all your alerts and applying and remediation as needed. With Threat Response, all your Threat Monitoring alerts will be sent directly to our dedicated team of security experts.

Next Article > How does Threat Monitoring work?

  • Useful Links
  • SMB
  • Enterprise
  • Channel
  • Public Sector
  • ANS Data Centres
  • About ANS
  • Careers
  • Blog
  • Get in touch
  •  
  • Sales 0800 458 4545
  • Support 0800 230 0032
  • Get in touch

© ANS Group Limited | Terms and Conditions | Corporate Guidance | Sitemap
ANS Group Limited, registered in England and Wales, company registration number 03176761, registered office 1 Archway, Birley Fields, Manchester M15 5QJ