File Integrity Monitoring
As part of this service, the client will perform the following:
Platform Management And Administration
- Administer and manage the NNT Change Tracker FIM, including deployment, configuration, troubleshooting, and ongoing platform optimization.
- Ensure platform health, availability, and secure operation across all POS machines.
Onboarding And Offboarding
- Onboarding of POS machines based on the new store opening and PCI-scope countries.
- Configuring the FIM rules.
- Offboarding of agents based on the store closing request.
Troubleshooting and Issue Resolution
- Monitor, identify, and resolve platform-related issues, including:
- Application and console functionality
- Communication with POS machines
- SIEM Integration
- Engage with support processes to address any anomalies that impact tool effectiveness.
Health Monitoring And Availability
- Continuously monitor the status and availability of all assets onboarded to the platform.
- Address failures or downtime to ensure uninterrupted detection coverage.
SOC Integration and Alerting
- Ensure effective integration between Canary and the Security Operations Center (SOC), including:
- Event forwarding to SIEM.
- Alert correlation
- Escalation of alerts within SOC processes.
- Validate alert quality and reduce false positives through periodic reviews.
Vendor Coordination
- Act as the main point of contact with the NNT Change Track vendor for:
- Technical support
- Issue resolution
- Product updates and enhancements
- Track and manage support tickets and ensure timely closure.
Access Management and Governance
- Manage user accounts and roles for the NNT change tracker management console.
- Conduct quarterly access reviews to validate access rights and enforce the principle of least privilege.
Documentation and SOP Maintenance
- Develop, maintain, and regularly update Standard Operating Procedures (SOPs) for:
- Agent deployment
- Incident response for alerts
- Platform maintenance and upgrade
- Integration workflows
Integration and Security Ecosystem Alignment
- Integrate Canary with other security platforms, such as:
- SIEM
- Threat intelligence systems
- Incident response and ticketing platforms
- Ensure deception data enriches MAFs overall security monitoring and detection framework.
Business Continuity and Disaster Recovery
- Develop, maintain, and periodically test BC/DR plans for the NNT platform and related assets.
- Validate platform recovery capabilities in the event of disruption or attack.
File Integrity Monitoring,FIM,SIEM Integration,Business Continuity,Security Operations Center
