Police Cyber Alarm
What is Police Cyber Alarm?
Police Cyber Alarm (PCA) is a Cyber Security tool for small to medium sized businesses as well as non-profit organisations such as charities, schools, local government and health services. PCA allows us to support your organisations Cyber Security by providing comprehensive reporting on suspicious activity targeting your organisation. PCA is provided free of charge through the National Police Chiefs Council in partnership with local forces.
How does it work?
Police Cyber Alarm allows organisations to monitor malicious activity against their network. There are two aspects of the system, Firewall monitoring and vulnerability scanning.
Once the PCA Collector is installed it analyses data from the organisations firewall or other security devices such as Network Intrusion Detection/Prevention systems (IDS/IPS), Network Anti-Virus and Anti-Spam filters. It then compares the data to what has been detected by other PCA collectors to determine if an IP address is potentially acting maliciously.
Member organisations are then provided with reports, telling them which devices were targeted, the nature of any suspicious traffic, what port was accessed and if the traffic was blocked or allowed onto the network.
PCA is also able to scan an organisations web applications and external IP addresses automatically for known vulnerabilities and grades them on a scale of Critical, High, Medium and Low. The member is then provided with report detailing the nature of the vulnerability, the affected device, its severity and any relevant Common Vulnerabilities and Exposure code (CVE).
PCA only collects metadata and header information from the organisations system, it does not analyse the content of traffic or packets.
How does the Met use PCA to improve my organisation’s cyber security?
The Metropolitan Police Cyber Crime Unit review and analyses data from member organisations in order to identify system vulnerabilities or suspicious events that are targeting their organisation.
We analyse these reports regularly to allows us to deliver tailored advice and guidance specific to that organisations needs as well as the threat’s they face. Whilst PCA does not scan packets of data moving through a firewall, it is able to log the IP address and port the host is trying to access. PCA then compares the IP address against other collectors to see if that IP has tried to access other systems signed up to PCA. It then uses this intelligence to help determine if the IP is malicious by examining the IP address itself, the port it was trying to access, geolocation data etc.
PCA allows us directly engage with organisations and highlight potentially significant issues at the first opportunity to help stop cyber threats.