Managed Security & Incident Response
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
End-to-end Security Solutions
Rhyno’s Managed Security Services deliver a suite of leading and proprietary security solutions to help companies protect, prevent, and recover from security incidents. Our cybersecurity services help secure companies against cyber threats and mitigate the risk of emerging attack vectors.
Rhyno NIDPS is a network threat detection system that provides Intrusion Detection (IDS), Intrusion Prevention (IPS), and Network Security monitoring.
High Performance
A single instance is capable of inspecting multi-gigabit traffic. The engine is built around a multi-threaded, modern, clean, and highly scalable codebase. There is native support for hardware acceleration from several vendors and through PF_RING and AF_PACKET.
Automatic protocol detection
Our NIDPS automatically detects protocols such as HTTP on any port and apply the proper detection and logging logic. This greatly helps with finding malware and CnC channels.
TLS/SSL Logging and Analysis
Not only can you match against most aspects of an SSL/TLS exchange within the ruleset language, but you can also log all key exchanges for analysis. Great way to make sure your network is not the victim of a less than reputable certificate authority.
Robust Visualization
Rhyno NIDPS uses Kibana’s data visualization dashboard. It provides robust visualization capabilities on all content logged and indexed on an Elasticsearch cluster. Users can create bar, line and scatter plots, or pie charts and maps on top of large volumes of received data.
With multithreading, deep packet inspection, and pattern matching, Rhyno NIDPS is a complete system for threat and attack detection.
Rhyno NIDPS implements a robust and continually-updated signature language to match on known and latest threats, policy violations, and malicious behavior. It also detects anomalies in your network traffic through ETS and VRT rulesets.
More than an IDS/IPS
Rhyno NIDPS can log HTTP requests, log and store TLS certificates, extract files from flows, and store them to disk. The full pcap capture support allows easy analysis. All this makes RhynoGuard a powerful engine for your Network Security Monitoring (NSM) ecosystem.
Powerful NIPS
Rhyno NIDPS not only monitors inbound and outbound traffic but it stops malicious activity before it enters the network. The system notifies our Rhyno staff via SMS and email alerts when suspicious exchanges are encountered. They then analyze all possible threats. False positives are logged into the system while real threats go through further analysis and subsequent remediation.
System Configurations
Rhyno NIDPS Edge | Rhyno NIDPS Max | Rhyno NIDPS Xtreme |
|
Capacity | Up to 50 Endpoints | Up to 100 Endpoints | Up to 500 Endpoints |
Performance | Moderate | High | Ultra High |
CPU | Intel Core i5-9400 6-Core 2.9 GHz | Xeon E-2176G 6-core 3.70 GHz | AMD RYZEN 9 3900X 12-Core 3.8 GHz |
RAM | 16GB DDR4 SDRAM | 32GB ECC DDR4 | 64GB ECC DDR4 |
Storage | 500GB SSD | 1T SSD | 2T SSD |
Interfaces | 4xGbps Ethernet ports | 6xGbps Ethernet ports + 2x10Gbps Ethernet ports | 6xGbps Ethernet ports + 4x10Gbps Ethernet ports |
RhynoGUARD MDR™ | |||
RhynoVPN | |||
WAF | |||
Installation | |||
Optional SFP, SFP+ ports | |||
Wireless Protection | |||
RhynoAI | |||
Form Factor | Tower, Rack | Tower, Rack, Mini server | Tower, Rack, Mini server |
What is an Intrusion Detection & Prevention System?
A NIDPS monitors network traffic for signs of a possible attack. When it detects potentially dangerous activity, it takes action to stop the attack. Often this takes the form of dropping malicious packets, blocking network traffic, or resetting connections. The NIDPS also usually sends an alert to security administrators about the potentially malicious activity.
A NIDPS is somewhat similar to a firewall, but there are some differences. A firewall faces outward and blocks all incoming traffic unless it meets the rules that allow it to pass through, while a NIDPS looks at the traffic that is already on the network and only blocks traffic that meets certain criteria.
Enhance threat detection and management with Rhyno's Managed SIEM service.
With the threat landscape evolving at an unprecedented rate, real-time threat monitoring to provide visibility of security events inside your organization’s network is now an important layer of defense.
Rhyno’s Managed SIEM service combines the latest Security Information and Event Management (SIEM) technology, experienced security experts, and up-to-the-minute threat intelligence to enhance threat visibility across on-premises, cloud, and hybrid environments.
How can Rhyno’s Managed SIEM service help?
Many organizations that invest in SIEM quickly realize that they cannot manage without a large number of security experts to deploy their chosen solution and analyze and respond to the high volume of alerts it is likely to generate. Alert fatigue is a common problem for security teams and can lead to important alerts being missed or overlooked. A high proportion of SIEM alerts are also false positives.
For an affordable subscription, Rhyno provides the people, technology, and intelligence your organization needs to get the most out of SIEM. Certified to deploy and manage a range of SIEM solutions, our Security Operations Centre (SOC) professionals work as an extension of your in-house team to level up threat detection and response capabilities and alleviate the burden of analyzing and investigating security alerts 24/7.
What is SIEM?
Security Information and Event Management is a set of integrated log management and monitoring tools that help organizations detect targeted attacks and data breaches. SIEM systems aggregate and analyze log event information from devices, infrastructure, systems, and applications to detect suspicious activity inside networks. When anomalous behavior is identified, an alert is generated for investigation.
Enhance threat detection and incident response
Rhyno’s analysts and engineers are experienced at using a range of SIEM technologies and possess the skills and knowledge needed to best leverage them to detect and respond to current and emerging threats.
Maximize your SIEM investment
Our professionals deploy the SIEM system that will best meet your organization’s needs or take over the management of an existing investment. We’ll integrate the log sources and intelligence required to achieve threat visibility and conduct regular checks to ensure it remains in optimal health.
RhynoVPN is a next-generation VPN-as-a-Service for businesses. Securely network your worldwide sites, cloud, and remote employees with ease.
While a private network has the security advantage of isolating your critical IT services from the Internet, it can be costly to extend to different sites, devices, and users. That’s where we come in. Our Virtual Private Network (VPN) provides the ideal solution for extending private network services while maintaining security.
Built on OpenVPN
OpenVPN is widely regarded to be the gold standard in protocols. Developed in 2001, it’s open-source, meaning that anyone can access and modify its code. This has created a community of VPN protocol programmers and users who constantly test, update, and improve the protocol.
Is OpenVPN Safe?
In short: yes. OpenVPN is one of the most secure protocols you can find and comes highly recommended by security experts.
OpenVPN is even considered safe from spying by the NSA (United States National Security Agency), which has sophisticated methods and a large budget.
Furthermore, OpenVPN’s many state-of-the-art features make it maximally secure. Its ciphers are generally quite strong, giving it optimal encryption. Its custom SSL/TLS tunneling is also typically safe and reliable, especially when used on TCP. Making use of OpenVPN’s PFS encryption option further strengthens this protocol’s already outstanding security.
In fact, when it comes to protecting your privacy, using OpenVPN on TCP Port 443 can make it appear to outsiders as if you’re not even using a VPN (while you reap all the security benefits of having one in place).
Why Use RhynoVPN?
- Uses the public Internet to create an economical, isolated, and secure private network
- Remote access to internal services increases mobile workforce productivity
- Reduces security risk by preventing unauthorized access to specific network resources
- Encryption ensures privacy on untrusted Wi-Fi and other public access networks
- Extends centralized unified threat management to remote networks
Full-featured and Cost-effective VPN Solution
While built with the OpenVPN open source code, our solutions add functionality that fulfills the needs of discerning business clients. Access Server secures your data communications, provides Internet privacy, remote access for employees, secures IoT, and networking Cloud data centers.
100% Customizable
Since OpenVPN is so customizable, we can modify it to suit your security preferences and make your VPN even safer. In fact, OpenVPN’s open-source community also continuously evaluates the protocol’s security, looking for and patching up any problems.
To secure your business, you need endpoint protection that’s stronger and smarter than traditional business antivirus.
Complete cybersecurity must account for networks, users, and endpoints. Our layered security approach protects your business in multiple directions. By utilizing Webroot’s multi-vector protection, we secure endpoints and users across all stages of a cyberattack.
Why Webroot?
Webroot SecureAnywhere Business Endpoint Protection is an innovative and predictive endpoint protection software. It leverages machine learning and cloud computing to effectively prevent malware and other digital threats from damaging business cloud infrastructures.
Stop sophisticated cyberattacks
- Next-generation protection
- Contextual threat intelligence
- Industry-leading efficacy
- Fast deployment & scans
Save time and money
- Lower TCO & flexible billing
- No software conflicts
- Lightweight and no reimaging
What is endpoint security?
Endpoint security or endpoint protection is a general term that describes cybersecurity services for network endpoints, like laptops, desktops, smartphones, tablets, servers, and virtual environments. These services may include antivirus and antimalware, web filtering, and more.
Endpoint protection helps businesses keep critical systems, intellectual property, customer data, employees, and guests safe from ransomware, phishing, malware, and other cyberattacks.
Why businesses need endpoint security?
Criminals are constantly developing new ways to attack networks, take advantage of employee trust, and steal data. Smaller businesses may think they’re not a target, but that couldn’t be further from the truth. In fact, small businesses with 100 employees or fewer now face the same risk of attack as a 20,000-employee enterprise.*
No matter their size, businesses need reliable endpoint security that can stop modern attacks. And since most companies are subject to some form of compliance and privacy regulations, protection for endpoints is 100% necessary to help businesses avoid hefty fines and damage to their reputation due to a security breach.
Secure your DNS connection against cyberattacks, get total visibility into web usage, and enforce acceptable web usage policies to reduce security risk.
By using Webroot’s DNS Protection agent, we support both IPv6 and DNS over HTTPS (DoH), meaning we can protect your users at the DNS layer on modern networks, like public hotspots, without sacrificing security, privacy, visibility, or admin control.
Skip the hardware and software
This fully cloud-based, secure, and resilient service takes just minutes to set up. Protect your DNS connection, network, and users from cyberattacks.
Get detailed reports on-demand
Drill down into reports on all threats the business would’ve been susceptible to without DNS Protection in place, and get full visibility into risk and usage.
Enable policies by group, device, IP
Control internet usage for your users using pre-configured and custom policies by group, device or network.
Block threats at the domain level
Over 80 URL categories give you granular, policy-based control to automatically block dangerous and questionable sites (such as Malware and Adult) or unwanted sites (such as streaming media).
Reduce costs relating to infections
DNS filtering stops up to 88% of known malware at the domain layer, so it never reaches your network. It saves you time and money, while also minimizing unproductive web usage.
What is DNS protection?
Before we talk about DNS security, you need to understand the DNS. The domain name system (DNS) works like a phone book for the internet. When a user enters text into a browser, DNS servers take that input and translate it into the unique internet protocol (IP) addresses that let the browser open the desired site. But DNS protocols were never designed with security in mind, and are highly vulnerable to cyberattacks, such as cache poisoning, DDoS, DNS hijacking, botnets, C&C, man-in-the-middle, and more.
By redirecting users’ web traffic through a cloud-based, DNS security solution, businesses and MSPs can finely tune and enforce web access policies, ensure regulatory compliance, and stop 88% of threats at the network’s edge—before they ever hit the network or endpoints.
Why businesses need DNS protection?
Uncontrolled internet access is a high-risk activity for any business, regardless of size. Faced with today’s sophisticated attacks, endpoint security alone is no longer enough to stay safe from modern cybercrime. In fact, a recent report from EfficientIP found that 77% of businesses around the world suffered at least one DNS cyberattack in 2018. What’s even more worrying: on average, businesses got hit with as many as seven attacks throughout the year.
Per the report, the average cost of a single attack was $715,000 USD. When you do the math, it’s clear how DNS Protection for servers, endpoints, and other networked devices could make all the difference to a business’s success (and survival).
Intelligent, integrated, and scalable solution to protect your business-critical web applications from malicious attacks, with no changes to your existing infrastructure.
A Web Application Firewall creates a shield between your web apps and the Internet thus mitigating many common attacks. By using CloudFlare’s Technology, we deliver an affordable option that is easy to implement and consistently updated to protect against the newest threats without any additional work or cost on the user’s end.
An integrated solution to protect all your apps, everywhere.
Rhyno’s Managed WAF is built to seamlessly integrate with our security and performance products including DDoS, Bot Management, CDN, Load Balancing, Argo Smart Routing and more, to deliver a highly performant and integrated security solution
A modern approach provides a uniform security solution to protect all your apps, agnostic of where they reside globally: on-prem data centers, private cloud, and multiple public clouds.
Integration with existing third-party tools and systems is an important design aspect for our Managed WAF. Programmatically we create rules that block potential threats in near-real-time by integrating the API with third-party SIEMs, internal alerting systems, or vulnerability scanners.
Rhyno’s Managed WAF enables protection against malicious attacks that aim to exploit vulnerabilities including SQLi, XSS, DDoS, zero-day, and more, by applying OWASP Core and Managed Rulesets.
What is a Web Application Firewall?
A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others.
How We Protect Your Web Apps?
By deploying a WAF in front of your web applications, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.
A WAF operates through a set of rules often called policies. These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.
Why Rhyno?
Working as an extension of your team, Rhyno delivers advanced solutions for Managed Detection and Response and security assessment. By leveraging our understanding of the tactics attackers use to breach defenses, in-depth knowledge of the latest security tools, and a commitment to innovation, we ensure our clients are armed to continuously prevent, detect and respond to cyber threats.
Adversarial mindset
We harness the latest cyber offensive intelligence to help identify and address security risks sooner.
Outcome-focused
We work closely with our clients to better understand and address their needs.
High-quality service
We strive to continually deliver the highest standards of customer support and exceed expectations.
Technology-agnostic
We’re not constrained by one set of technologies so select the best tools for each client.
Rhyno has the rightsolution for you
The world’s best businesses trust Rhyno
