Specifications include, but are not limited to: Monitoring: 1. All internal corporate systems to include workstations, servers/domain controllers, switching/routing infrastructure, virtualization and storage infrastructure, and other connected IT devices. 2. All external public facing systems to include firewalls, load balancers, web servers, FTP servers, and web service interface points. 3. All DMZ systems to include flow controls from external to internal systems. 4. All wireless systems to include internal touch points from all SSID, broadcast or hidden, as well as encryption levels. 5. All distributed control systems to include corporate LAN to control system LAN and integration systems. 6. All network traffic into and out of the firewalls and across the internal switches and VLANS. Threat Intelligence and Reporting 1. Gather threat intelligence and provide same to port and suggest implementation controls necessary to combat threats. 2. Provide a portal that can be used by port security personnel to look at and monitor activity as well. 3. Provide monthly reports on monitored activity 4. Provide immediate notification on detection of malicious activity or suspicious anomalies.
