Managed Detection and Response (MDR)
Our researchers, based on lessons learned during investigations of real incidents, as well as advanced Red Teaming exercises, develop hunting tecniques from attack hypotheses. Our approach, gives us the ability to abstract from the day-to-day life of a traditional monitoring SOC service, where a large part of security analysts effort is dedicated to dealing with the heterogeneity of sources, normalization of high volumes of ingested information, blind pots, alerts and false positives, allowing us to focus on the detection of techniques and behavior of threat actors.
We design “deception" campaigns at key points of your infrastructure, which allow distracting and identifying attackers.
We collect quality telemetry from endpoints and servers to analyze hypothesis patterns on the installed base.
We analyze the behavior of the different entities of your organization (user, networks, systems ...) to look for anomalous patterns that may involve a risk.
HUNTERS & INCIDENT HANDLERS
Our team is formed by renowned experts focused on generating value through the hypothesis, research and response.
"We focus on minimizing the impact of security incidents through reduced detection time and optimization of response models"
- To reduce MTTD (mean time to detect) and MTTR (Mean time to recover)
- Digital crisis early warning.
- To optimize security strategy and detection models.
- To simplify the technological model, providing agile SET UP models.
- To reduce the cost of a threat hunting program through an end-to-end service.
INITIAL ASSESSMENT & CONTEXT RULES
Our initial assessment aims to put your risk scenario in context, understanding the IT environment, knowing your priorities and being able to offer a personalized service suited to your needs. It will help you to develop an effective response strategy as well as to identify vulnerabilities and weaknesses on your environment.
REAL TIME NOTIFICATIONS
Real time notification of a suspicious activity that triggers an in-depth investigation with the aim of identifying if the activity is part of a targeted attack. If confirmed, our team prepares a specific notification of the malicious operation.
REPORTING & IMPROVEMENT
Monthly we report the evolution and maturity of the service. Additionally, quarterly we make a specific follow-up focused on planning and developing recommendations that optimize the maturity of detection and response controls.
INCIDENT FOLLOW UP
Our experts will delivery advice and guidance in case of incident or suspicious activity. You will have 24/7 direct contact with our hunters and incident handlers.
THREAT DETECTION VS REAL THREAT HUNTING
Reactive ( < dwell time)
The investigation is triggered from a security event.
Detection technology ( < visibility)
Event based technology: SIEM, IDS, FWs, Proxy, AV...
Detection based on patterns and IOCs.
Architecture, use cases definition & deployment, heterogeneus sources, blind spots, configuration fails, false positive.
Our research is based on hyphotheses about tactics and techniques employed by threat actors.
High Fidelity Telemetry & Deception
Telemetry driven analysis of users behavior and deception campaigns.
Unknown and targeted attacks
Detection based on TTPs, intelligence, clues...
Just with the deployment of endpoints can we deliver the hunt.