How do we collect data?

One of the first questions we were asked this week was, “How do you collect data needed to properly hunt?”

As you know, data is crucial for you and your team to be able to make informed business decisions. The Milton Security team is no different. We collect data from a plethora of sources to help us make informed decisions about how best to protect your brand. Don’t believe us? Have a look at just a small example of different types of data we can ingest:

  • Cloud Portals: O365, Meraki, Imperva, CASB
  • Internal Authentication: Active Directory
  • Cloud Systems: Azure, AWS, GCP
  • External Portals: OWA, EWS, Sharefile, SSL VPN, RDP, IIS, Apache
  • East/West: Vectra, DarkTrace, Bro, Load Balancers (A10, F5, Netscalers, etc)
  • USB and/or Endpoint DLP: McAfee, Symantec, Digital Guardians
  • Physical Security: Lenel, S2, Laptops being plugged into switch ports
  • Centralized Logging: Splunk, LogRhythm, AlienVault, Syslog, AlertLogic
  • WAF/HIDS: Imperva, Tripwire, Varonis, Idera
  • Ingress/Egress: Firewalls, Proxy, WAF, Exchange, Network DLP, Email DLP
  • Endpoint Log Visibility: AV, AV Firewall, Sysmon, EDR, OSQuery, Endpoint Firewall

We collect all of this data with an on-premise collector called MACe (Milton Argos Collection Engine). MACe is a lightweight processing system, or VM (Virtual Machine) that ingests data, then compresses and encrypts the data before sending it to MACeHome (in Brea, CA) via a secure tunnel. In most instances, we only need to deploy one MACe. However in a larger, or more complex, environment, we add more MACe systems. The MACe systems are part of the service and factored into the costs, so we never charge for these collectors.

The key to doing this right is getting the right data to our Milton Argos Platform in order to begin the process of finding the real information that you need to make good security and business decisions. So, we start with what data do we need, where is that data, and how do we bring it together at the MACe.

Pretty easy right? I tried to answer as succinctly as possible.

If there are any questions you have about our process, or any other topic concerning cybersecurity, feel free to fill out the form and send us a question!

We love sharing our thorough process to show that protecting your data really is our business.