Enterprise CyberSOC

We see our CyberSOC as a strategic and differentiated capability. We bring attacker perspective to our defensive controls operations by using our world class Red Team to sharpen and test detection rules, and provide training and perspective to our CyberSOC operators. Our approach integrates cutting-edge Purple Teams techniques to improve MITRE ATT&CK alignment and identify visibility gaps.

Our Unique SOC Framework

Purple Teams Icon

Purple Teams

Threat simulations to improve visibility and trend your threat resilience metrics.

Threat Hunt Icon

Threat Hunts

Threat hunts to identify anomalies and suspicious events which may be indicative of compromise.

24x7 CyberSOC

Cybersecurity Forensics Icon

Forensics

Certified forensic examiner assistance to help identify the spread and cause of potential security incidents.

Cybersecurity Engineering Icon

Engineering

Configuration and tuning of detection policies, rules, and alarms on an ongoing basis.

Our Unique SOC Framework

24x7 CyberSOC

Monitoring, Notification, and Response using the tools in your environment. Threat Intelligence and Incident Triage.

7

Purple Teams

Threat simulations to improve visibility and trend your threat resilience metrics.

3

Threat Hunts

Threat hunts to identify anomalies and suspicious events which may be indicative of compromise.

3

Forensics

Certified forensic examiner assistance to help identify the spread and cause of potential security incidents.

3

Engineering

Configuration and tuning of detection policies, rules, and alarms on an ongoing basis.

24×7 Defense

Monitoring, Alerting, and Response

SRA monitors and responds to security threats across your global environment using your tools to investigate, remediate, and/or escalate incidents in accordance with your IR runbooks and alert workflows.

 

Reporting and Metrics

We support your security metrics program by developing metrics based on your platforms, with the most common being ticket closure, mean-time-to-respond and other related metrics.

We provide weekly and monthly reports, and meet with you to review the monitoring environment, incident reports, attack trends, and recommended hardening to help mitigate future attacks.

 

Purple Teams with VECTR

Collaborate. Quantify. Improve.

Purple Teams through VECTR™ generates threat resilience metrics and helps align Red and Blue Teams towards the same mission: protecting the organization by discovering and developing content for detection gaps. If you are scratching your head on how to adopt and align to the MITRE ATT&CK Framework, this is for you.

VECTR™ is the only free platform of its kind, and is taught in three SANS classes (that we’re aware of).

Forensics

We use indicators of compromise (IOC’s) and certified methods to help identify if there are malware artifacts present on your systems and perform forensic analyses to identity root causes.

Threat Hunts

We conduct Hunts to identify anomalies and suspicious events which may be indicative of compromise that may have eluded conventional detection rules.

We use data gathering and analysis tools to execute “campaigns”. Examples:

  • Persistence: are there unusual programs in start-up and registry?
  • Tampering: have settings been changed to hide activity?
  • Escalation: have accounts elevated their privileges?

Subscribe to our Daily Threat Intelligence Bulletin

Our Threat Intelligence Gathering & Reporting (TIGR) team curates a daily brief, the TIGR Threat Watch, with information collected from several industry intel sources. Threat Bulletins include details on the CVE and recommendations for mitigation and remediation. The TIGR Threat Watch is accessible in real time via RSS. You will also receive critical vulnerability notifications as information develops.