Protective Monitoring information in the UKCloud Portal

Overview

This document describes what showback information you can view in the UKCloud Portal about the different clouds, networks and security domains supported by UKCloud's Protective Monitoring service.

The document also includes examples of the security events that are displayed in the Portal and what you should do when you see an incident.

You can find UKCloud's Protective Monitoring Portal showback information on the My Security Events page. To view this page, you must have Read monitoring permissions on the page.

What is supported for Portal showback?

Clouds and security domains

Multi-cloud for VMWare, Assured-OFFICIAL

Networks

Internet

All other clouds and networks

Note that all other clouds and networks are supported by UKCloud's standard Protective Monitoring service. UKCloud's security team will inform you of any security incidents for anything other than Multi-cloud for VMWare on the Assured security domain, using internet connectivity in the usual way (that is, via email or phone call).

Example security incidents

• Communication seen with known malware sites

• Data being exchanged in plain text

• Certificate issues

• Brute force attacks

• Vulnerability scanning

• Attempts to compromise operating systems and services

• Machines contacting known malicious domains

• Machines being used for personal use (if you're running a VPN server, UKCloud will capture internet browsing)

• Any traffic that is encrypted will not be spotted by UKCloud unless it's contacting known malicious domains

What to do when a security incident appears

If a security incident appears on the My Security Events page, then UKCloud will contact you via email or a phone call.

Feedback

If you would like to request that other clouds, networks or security domains are supported, contact products@ukcloud.com.

If you have any comments on this document or any other aspect of your UKCloud experience, send them to products@ukcloud.com.