Managed Security Services: ThreatGuard
Enterprise Intrusion Monitoring and Detection

Every organization across all industries no matter whether you’re small or large are vulnerable to a cyber-attack.

Over the years cyber-attacks have become more frequent as well as impactful to business operations and financial stability. According to the Verizon 2014 Data Breach Investigation Report, 92% of all breaches over the past 10 years can be explained through 9 attack patterns. This suggest that although exploits may have become more sophisticated the patterns have remained the same. AlienVault Labs indicates that the average compromise takes 229 days to detect. However, 84% of organizations breached have had evidence in their logs indicated a compromise (VERIZON). As devices and network traffic only seem to be intensifying in terms of volume, Cybexa can help organizations take-on the heavy lifting and remove the complexity in providing intrusion detection and monitoring services.

At Cybexa’s Security Operations Center also known as ThreatGuard, our customer’s networks are being monitored in a fully secured and high availability operations center. Our security has been verified by our ability to meet the requirements and subsequently awarded a Top Secret Facilities Clearance from the Department of Defense. What makes Cybexa stand apart from the competition is our ability to be:

  • Flexibility

    Our customers come first and we take pride in ensuring that each event and incident is fully investigated and our customer’s walk away knowing threats are being taken care of. Excellent customer service is our focus, which is why we constantly seek feedback from our customers to ensure we are meeting expectations as well as improving our services.

  • Acquire and Retain the Right Talent

    Being located in the heart of Northern Virginia and haven been part of the Intelligence Community and the DoD we have unique access to information security expertise. Cybexa uses an internal security engineer certification program that includes on-the-job training requirements as well as uses third-party training solutions for advance security certifications. We invest heavily into our people to ensure we remain relevant in this every changing threat environment.

  • Forward-thinking Technologies While Being Affordable

    Other Managed Security Service Providers services and pricing are expensive and too complex or ambiguous to understand. We have strived to make our service tiers easy-to-understand at an affordable prices. There is no reason why small and medium sized business can’t leverage the advance security tools and processes used by many fortune 500 companies to secure their business. Small business are increasing being targeted, which represent 1 of every 5 attacks.

If you interested in lowering the total cost of ownership, converting a capital expense to a predictable operating expense, and/or looking for an affordable though higher value-added security service ThreatGuard by Cybexa is ready to help. We are staffed by certified and highly skilled security analysts and engineers prepared and eager to defend you against the most advance persistent threats today.


Cybexa protects you against today’s threats so you focus resources on activities core to your business


Track what is running on your networks and host machines.

  1. Active & Network Monitoring
  2. Network Asset Inventory Management
  3. Host Software Inventory Management


Retain system and security information to meet compliance requirements.

  1. PCI & HIPAA Compliant
  2. Ability to retrieve old logs for potential future legal cases
  3. Access to log data for analysis


Protecting your business through the integration of intelligence with signature and behavioral monitoring systems

  1. Network Intrusion Detection
  2. Host Intrusion Detection
  3. Wireless Intrusion Detection
  4. File Integrity Monitoring
  5. Complex correlation engine and continuous update signature rule set


Augmenting and integrating threat intelligence and knowledge allows for faster detection and response to cyber threats.

  1. Security Information and Event Management
  2. Remediation Instructions
  3. Compliance and Custom Reporting
  4. Threat Intelligence from the largest crowd sourced threat exchange


Scanning frequently significantly reduces the risk of being compromised as more that 80% of all attacks exploit known vulnerabilities.

  1. Continuous authenticated and unauthenticated scans
  2. Vulnerability Findings ranked from highest to lowest risk
  3. Remediation Verification


Find unknown threats are complex enough, but impossible without profiling and monitoring the behavior of your network.

  1. Established and Maintained Profile for your network
  2. Network flow analysis
  3. Full packet capture
  4. Server Availability Monitoring



  • Phase 1

    ThreatGuard Onboarding Process


    Using our rapid onboarding kit, Cybexa will meet with key stakeholders to determine current IT architecture and services, location of operations, review of the security architecture (if applicable). At the end of this you will be provided a:

    • Project Plan
    • Deployment Architecture for Platform and sensors
    • Pre-installation Checklist and Questionnaire
    • Recommendations for additional security measures

    Upon acceptance of architecture Cybexa will Install our security platform and begin configuration of security features. During this process we will:

    • Configure the network and system configurations settings
    • Configure and deploy Intrusion Detection System
    • Install and update rule set and correlation engine
    • Configure and forward all security and system logs to the SIEM
    • Detect and ingest asset inventory on the network
    • Configure and deploy HIDs agents on all requested endpoints (If applicable)
    • Configure automated workflows
    • Perform tests and deploy

    Once system and security tests pass acceptance test, Cybexa will assign a full-time dedicated security engineer to your organization for one week to begin the tuning process and establish a baseline. After this process you will have:

    • Significantly reduction or nearly elimination of all false positives alerts
    • A baseline behavior of your network activity and configuration
    • Defined group of policy objects to filter non-enforced policies as well as enforcement of created policies
    • Customized and standard reports built and scheduled
    • Deployment and training on the Executive dashboard and integrated ticketing system for future incidents requiring your attention.
  • Phase 2

    After our onboarding process you will transition to our operations group where a security analyst will be assigned to defend your network from malicious actors. We will follow a fairly simple though powerful iterative process to continuous monitor and improve your security posture.


    Using research from AlienVault and ThreatGuard Labs we will ensure correlations rules are up-to-date. Threat Intelligence Feeds and correlation rules are updated every 30 minutes designed to detect the basic threats to some of the most advance threats as it relates to your environment. Our security analysts will be reviewing your logs and network behavior to detect active threats to your environment.


    When threats are detected we categorize those threats by risk level using the Lockheed Martin “Cybersecurity Kill-Chain”. We will investigate each threat and determine if 1) it’s an active and real threat to your network and 2) is action required to mitigate or eliminate this threat. If so, ThreatGuard will quickly create an incident in our ticketing system and notify you with all the valuable information to include instructions or how to remediate or mitigate the threat.


    Cybexa will provide threat reports to you and will schedule quarterly reviews with key stakeholders to review them. During these one-hour reviews our intent is to offer tailored security preventative recommendations to take proactive measures to stop the top threats attacking your environment.

– ThreatGuard Tier Service Plan –
ThreatDetect ThreatDefend ThreatPrevent
24/7/365 monitoring capability to ensure you remain protected with the latest technology and intelligence. . . .
Network Intrusion Detection . . .
Incident Investigation . . .
Security Log Collection . . .
Remediation Instructions . . .
SIEM . .
Reputation Monitoring . .
Counter Threat Intelligence . .
Event Correlation & Analysis . .
DDoS Detection . .
Server & Service Availability . .
Database Log Collection . .
Standard Compliance Reporting . .
Advanced Persistent Threat Detection .
Botnet Detection .
Customized Reporting .
Vulnerability Testing & Reporting .
File Integrity Monitoring .
Host & Wireless IDS .
Starting Price $2,500/month $6,000/month $10,000/month