Managed Detection and Response
Technical Features
IT IS A SIEM! And an EDR! It uses ML and AI! Make it an XDR! <Insert more buzzwords here>
Cloud Native SIEM technology - Azure Sentinel - we make no compromise here.
Collects data from endpoints, IaaS, PaaS and SaaS and store it in a data lake.
Normalizes data to allow for rich set of native correlation rules.
User and Entity Behavioral analytics, that can map data from any source.
Employs Microsoft Threat Intelligence and external feeds.
Provides for threat hunting capabilities using YAML rules, Jupiter Notebooks, or simply KQL queries for the experienced (that's us!)
Provides for response automation and orchestration using Azure Functions.
Natively integrates with Office 365, Azure and the entire Microsoft technology stack to provide superior efficiency of operations, resource utilization ultimately leading to greater security and cost reduction.
Our Service
We will design the solution, to ensure it meets your needs:
High Level Design - to ensure the service fits in your overall infrastructure design - this includes sizing, log collection strategy, retention, and integrations with any of your existing systems.
Low Level Design - we will detail all elements required for the log collection, their position in the network and any necessary configuration.
We will work with you to understand what is valuable to know:
We will configure a default set of security monitoring use cases that all IT environments must have.
We will work with you to design and implement use cases specific to your context - IT environment and business processes.
We will work with you to design and implement dashboards to help you gain visibility into the state of your IT environment.
We will respond to incidents:
We will work with your teams to define incident response playbooks and automate anything that is automatable.
We will monitor for and respond to security incidents and continuously improve the system.
We will keep you informed and engaged when required, but will not send the noise your way.
Obviously - the more of our stack you use, the better the Incident Response process becomes.
Benefit
Cloud Native SIEM - initial deployment is lightning fast.
Huge community around the technology, and we're part of it.
Ready to go use cases and automation we've previously developed and deployed for other customers.
Integration with the rest of our technology stack, enhancing your security across the board.
Flexible Incident Response Packages.
Our Approach
We make it simple for you, while providing the flexibility you need. In case of a new deployment:
We assign an expert to participate in the design phase to capture all requirements and design the right solution for you.
We can resell licenses or you can buy them yourselves, whichever makes sense financially for you.
PaaS solution.
We will design and implement the log collection with your existing IT staff.
We will design and implement use cases and incident response playbooks that meet your business needs.
Operations Bundles
All bundles include:
2 man days a month for new log source integration, use case development or tuning, threat hunting, per month.
Reporting for log ingestion volume, alerts, number and type of triaged incidents.
Daily review
Daily Incident Triage
Each morning, our analysts will review and triage incidents from the previous 24 hours, prioritizing based on severity.
Daytime SOC
9-5 Incident Triage
Our analysts will triage incidents from 9 to 5. Critical severity incidents will be triaged out of hours.
24/7 SOC
Our analysts will triage all incidents on a 24/7 basis.
24/7 Incident Triage
Additional Service Options
Introduce new feature
We will design and integrate any previously unused or newly released features, according to your schedules and considering your change management process. We will then operate them as part of the standard operations bundles.
New log source integration
If you need more than 1 a month, we have you covered.
New use case development
In case you want to move fast on new use cases, we can do it!
Dedicated Security Incident Leader
When you want to have somebody from our SOC to be intimately familiar with your business and IT environment, for the fastest response possible, we have the experts!