THINKING
Security, Compliance and Risk Practitioners
Get in Touch!

About Us

Welcome!

Thinking (www.thinking.net.nz) is a market leading and independent, service delivery, managed service provider, ideas and creative organisation focused on the ICT Security industry. Our core values include building partnerships, learning and curiosity.


Common sense and pragmatism underlies our approach drawing on experience and training to deliver solutions to our client's satisfaction.


The services we offer include a mixture of business advisory, project and ICT consultancy related topics. This combination allows us to see beyond the traditional ICT approach of point solutions to build structures that are beneficial to our clients' long term business success.

Our Services

Please contact us to discuss your needs

The Thinking Monitoring Service provides a secure cloud-based web portal (EndClient Portal) through which contracted specialist IT security and communication systems are monitored in near real-time with updates at regular intervals dependant on the service requirement.
EndClient Portal access is supported by most standard web browsers and there available i-Phone and Android apps for download too.

Features of the EndClient Portal includes:

  • Support for up to three (3) EndClient Portal users per customer
  • Dashboards to provide at-a-glance access to monitoring information
  • Predefined views provide users with quick access to the information they find most useful
  • Predefined reports provide information on monitored systems that can be used to support internal service level (SLA) reporting and provide historical information for capacity planning and trending analysis. Reports can be saved from the portal in PDF or CSV format.
  • Alerts that can be configured to email or TXT key staff alert/outage details so they can start resolving issues as soon as possible
  • The configuration of one-off and recurring maintenance outage windows to suppress monitoring and alerting false positives during scheduled maintenance periods
  • The storage of up to 12 months of historical data allows your IT support resources to assess trends over time which assists your IT resources to identify recurring/intermittent faults and measure asset availability and trending over time.
  • Portal information drill-down on alarms and asset information.
 

If you have a project that requires a fixed fee installation, upgrade or migration tailored for your environment, then Activate is designed just for you.

Includes:

  • Project Management and Implementation Plan
  • Customised deployment
  • User Acceptance Testing
  • Full As Built Documentation
  • Set Price
 

Following on from our Surety - Vulnerability Assessment service we offer full Penetration Testing services as well. These are conducted on a case by case basis and require the preparation of a statement of work and agreement befire we proceed.

Vulnerability Assessment

  • Red Team based typically non-intrusive analysis of vulnerabilities with assessment of effective risk to the business

Relationship Risk Management

  • Assisting businesses with implementing risk assurance Fully managed Third party due diligence services. Risk assessments are based on existing templates provided by customer, national/International security standards,or customised to suit. Hosted in the cloud, the platform Integrates with overall risk management and reporting tools and removes the need for spreadsheet management.

Policy Development

  • Security policy creation and development of individually customised policies, covering PCI DSS, NZISM, HIPA ISO 27001 data privacy and contractual requirements.

Compliance

  • PCI DSS compliance support, from initial responses to scoping and full PCI DSS program compliance management. In addition, NZISM and 27001 compliance support.

Security Management

  • Virtual ITSM/CISO services where employing a full time position cannot be justified. We can provide expert consultancy on an ongoing basis. Addressing baseline security risks, security program development, and reporting.
    Security architecture consultancy, SABSA expert security reviews of security architecture, networks, Cloud services, BYOD, Office 360, Virtual environments, Hybrid cloud.

Please contact us for more information.

SAM

Security Appliance Monitoring

Service Description

Supported Appliance/System Vendors: Check Point, RSA, Fortinet, BlueCoat, PaloAlto, Watchguard, Citrix and Cisco. Other devices can be supported on an application basis.

Service Setup (Onboarding): Thinking will facilitate the setup of the monitoring service and will work with your support staff to establish a secure connection of your nominated devices to the cloud service. Administrator level access is required to establish the service. An Onboarding fee may apply, see rates and fees schedule for details.

Monitoring Scope: Thinking will provide the contracted End Customer system with monitors for critical services, critical processes, memory, storage, logs, interfaces and bandwidth monitoring capability as appropriate. A list of standard monitors will be available to view via the End Client Portal.

The standard monitoring package will limit each contracted device/system to a maximum of twenty (20) monitors. Additional monitors are available but are subject to additional service fees.

Monitoring Script Maintenance: Thinking will be responsible for maintaining working monitor and remediation scripts for the contracted appliance(s) so long as the device and OS are under a current vendor support contract.

Customers will not be permitted to modify the Thinking monitoring scripts or apply their own monitors via this service.

End Customer Portal: Each customer will be provided with up to 3 logons to a secure web portal where current and historical error/fault data can be viewed in a series of graphs and reports at:

SAM LogonOpens in a new window

End Customer Portal - Security: Customers must use discretion when managing logon accounts to this service and maintain security best practices.

Users must not share their login identifier or password

Passwords to the portal should be changed every sixty (60) days

Passwords will be enforced to comply with basic complexity practices

A facility for users to reset their own passwords will be provided on the End Customer Portal login page

Monitoring Communications: Monitoring meta-data transmitted from your devices to the End Customer Portal database are secured using industry security filters or Virtual Private Network (VPN) technology to ensure transmission privacy.

Data Sovereignty: The End Customer Portal and the monitoring meta-data databases are housed in a secure datacentre in New Zealand.

Alert Notifications: When service availability or error events are detected by the monitoring service, they are displayed in the customer portal on the home screen and are stored for historical analysis for up to 12 months.

Android and i-Phone applications are available for download that enable direct portal access from your mobile phone.

Notifications can be configured to:

Forward to multiple email addresses

Send TXT alerts to mobile phones (subject to additional service fees)

Service Availability: Thinking will use commercial best efforts to provide customers with 97% service availability relating to its cloud platform.

Thinking Service Maintenance: To provide optimal performance of the service, it is necessary to perform routine maintenance on the Cloud hosting servers which may temporarily require taking the servers off-line.

Thinking reserves the right to plan a scheduled outage with seven (7) days advance notice. Thinking will use commercial best efforts to schedule these outages at off-peak hours and limit their occurrence to strictly necessary upgrades and required maintenance.

Scheduled outages will be notified via e-mail to the designated administrator of each customer.

It is the responsibility of the customer administrators to notify others within their organisation of scheduled outages.

Service Desk Support: This service is a monitoring only service and does not include access to a formal helpdesk. Support for the diagnosis or remediation of incidents may be requested by contacting Thinking via email or through the EndClient Portal. Time and material charges may apply.

The hours of operation of this service are:

Portal operation - 24 hours a day, 7 days a week (24/7)

EndClient Portal support - 8:30 a.m. to 5:00 p.m. Normal Business Hours

Customer Responsibilities: It is the customer's responsibility to ensure that:

All monitored devices are supported by a current vendor support contract

is notified at least seven (7) days advance of any planned changes or outages that could affect the monitored devices

Moves, Adds & Changes (MAC): Thinking provides a MAC process where the customer can undertake changes to monitored on their network that require part or all of the monitoring service to be reconfigured including:

Change of Internet provider (ISP) or connection type

Software changes to the monitored devices

Equipment swaps or replacements

A MAC request form will be available on the EndClient Portal to formally notify Thinking of the impending changes. Thinking will reply to the customer informing them if any additional changes to the underlying service are necessary and whether additional charges may apply.

To minimise the impact of MAC's on the monitoring service the customer should provide Thinking with seven (7) days advance notice of any planned changes.

 

Screenshots of an example host is shown below to give you an overview of what we can achieve. We would be happy to demonstrate our capability for your particular business situation.

Services Overview

of monitored services are shown below. We can add anything that the SNMP MIB supports for your device.

Drill Down

Drill down is available on any service that logs a numeric response over time such as disk usage, processor, sessions etc

ANDROID Interface

Example of the Android application monitoring a host and services in real time. Also available on the iPhone.

 

Monitoring

  • Hardware (Disc, Memory, CPU, NIC’s etc.)
  • Availability (ping, mrtg, uptime)
  • Operating system (swap, routed, SSH, NTP etc.)
  • Throughput (Sessions, link usage, jitter etc.)
  • Firewall Services (VPN, Cluster, mgmt., etc.)
  • Change Control (FW Policy, uptime)
  • Versions and Usage (Version, licenses etc.)
  • External change (Baseline scan)
  • Custom (can write custom monitors to suit – additional charges may apply)
  • BPI (Business Process Intelligence – additional charges apply)

Alerting

  • Email (multiple recipients per service monitored)
  • SMS
  • Scheduled Downtime/Recurring downtime
  • Alert acknowledgement and mass acknowledgement

Reporting

  • Executive Summary
  • Availability
  • Capacity Planning
  • Bandwidth
  • Notification/Alert/State History
  • SLA reporting
  • Graphs on specific services
  • Maps on hosts/services (BB, Hyper, Mine etc.) – useful for projection to screen
  • Dashboard (in portal)

Portal Access

  • Web Access
  • Mobile App Access (iPhone and Android)
 

Security Devices

  • Backup prior
  • Download patches
  • Apply Patches
  • Post patch testing of functionality
  • Manage any vendor support calls associated with patching
  • After Hours or during hours to suit
 

Access to this portal is for authorised users only

To logon please have a valid user id and click on the link below:

SAM Monitoring

Our Partners

We Use Only the Best

Our Vendors

We Use Only the Best

Contact Us

We will get back to you promptly