Managed Detection and Response (MDR)

Our researchers, based on lessons learned during investigations of real incidents, as well as advanced Red Teaming exercises, develop hunting tecniques from attack hypotheses. Our approach, gives us the ability to abstract from the day-to-day life of a traditional monitoring SOC service, where a large part of security analysts effort is dedicated to dealing with the heterogeneity of sources, normalization of high volumes of ingested information, blind pots, alerts and false positives, allowing us to focus on the detection of techniques and behavior of threat actors.

CAPABILITIES

DECEPTION

We design “deception" campaigns at key points of your infrastructure, which allow distracting and identifying attackers.

TELEMETRY

We collect quality telemetry from endpoints and servers to analyze hypothesis patterns on the installed base.

BEHAVIOR

We analyze the behavior of the different entities of your organization (user, networks, systems ...) to look for anomalous patterns that may involve a risk.

HUNTERS & INCIDENT HANDLERS

Our team is formed by renowned experts focused on generating value through the hypothesis, research and response.

BENEFITS

Proactive Alerts

"We focus on minimizing the impact of security incidents through reduced detection time and optimization of response models"

  • To reduce MTTD (mean time to detect) and MTTR (Mean time to recover)
  • Digital crisis early warning.
  • To optimize security strategy and detection models.
  • To simplify the technological model, providing agile SET UP models.
  • To reduce the cost of a threat hunting program through an end-to-end service.

24/7 SERVICE

INITIAL ASSESSMENT & CONTEXT RULES

Our initial assessment aims to put your risk scenario in context, understanding the IT environment, knowing your priorities and being able to offer a personalized service suited to your needs. It will help you to develop an effective response strategy as well as to identify vulnerabilities and weaknesses on your environment.

REAL TIME NOTIFICATIONS

Real time notification of a suspicious activity that triggers an in-depth investigation with the aim of identifying if the activity is part of a targeted attack. If confirmed, our team prepares a specific notification of the malicious operation.

REPORTING & IMPROVEMENT

Monthly we report the evolution and maturity of the service. Additionally, quarterly we make a specific follow-up focused on planning and developing recommendations that optimize the maturity of detection and response controls.

INCIDENT FOLLOW UP

Our experts will delivery advice and guidance in case of incident or suspicious activity. You will have 24/7 direct contact with our hunters and incident handlers.

THREAT DETECTION VS REAL THREAT HUNTING

THREAT DETECTION Tradicional approach

THREAT DETECTION

Tradicional approach

Reactive ( < dwell time)
The investigation is triggered from a security event.

Detection technology ( < visibility)
Event based technology: SIEM, IDS, FWs, Proxy, AV...

Known attacks
Detection based on patterns and IOCs.

Complex set-up
Architecture, use cases definition & deployment, heterogeneus sources, blind spots, configuration fails, false positive.

THREAT HUNTING Blackarrow approach

THREAT HUNTING

BlackArrow approach

Proactive
Our research is based on hyphotheses about tactics and techniques employed by threat actors.

High Fidelity Telemetry & Deception
Telemetry driven analysis of users behavior and deception campaigns.

Unknown and targeted attacks
Detection based on TTPs, intelligence, clues...

Agile set-up
Just with the deployment of endpoints can we deliver the hunt.