Enterprise CyberSOC
We see our CyberSOC as a strategic and differentiated capability. We bring attacker perspective to our defensive controls operations by using our world class Red Team to sharpen and test detection rules, and provide training and perspective to our CyberSOC operators. Our approach integrates cutting-edge Purple Teams techniques to improve MITRE ATT&CK alignment and identify visibility gaps.
Our Unique SOC Framework
Purple Teams
Threat simulations to improve visibility and trend your threat resilience metrics.
Threat Hunts
Threat hunts to identify anomalies and suspicious events which may be indicative of compromise.
24x7 CyberSOC
Forensics
Certified forensic examiner assistance to help identify the spread and cause of potential security incidents.
Engineering
Configuration and tuning of detection policies, rules, and alarms on an ongoing basis.
Our Unique SOC Framework
24x7 CyberSOC
Monitoring, Notification, and Response using the tools in your environment. Threat Intelligence and Incident Triage.
Purple Teams
Threat simulations to improve visibility and trend your threat resilience metrics.
Threat Hunts
Threat hunts to identify anomalies and suspicious events which may be indicative of compromise.
Forensics
Certified forensic examiner assistance to help identify the spread and cause of potential security incidents.
Engineering
Configuration and tuning of detection policies, rules, and alarms on an ongoing basis.
24×7 Defense
Monitoring, Alerting, and Response
SRA monitors and responds to security threats across your global environment using your tools to investigate, remediate, and/or escalate incidents in accordance with your IR runbooks and alert workflows.
Reporting and Metrics
We support your security metrics program by developing metrics based on your platforms, with the most common being ticket closure, mean-time-to-respond and other related metrics.
We provide weekly and monthly reports, and meet with you to review the monitoring environment, incident reports, attack trends, and recommended hardening to help mitigate future attacks.
Purple Teams with VECTR
Collaborate. Quantify. Improve.
Purple Teams through VECTR™ generates threat resilience metrics and helps align Red and Blue Teams towards the same mission: protecting the organization by discovering and developing content for detection gaps. If you are scratching your head on how to adopt and align to the MITRE ATT&CK Framework, this is for you.
VECTR™ is the only free platform of its kind, and is taught in three SANS classes (that we’re aware of).
Forensics
We use indicators of compromise (IOC’s) and certified methods to help identify if there are malware artifacts present on your systems and perform forensic analyses to identity root causes.
Threat Hunts
We conduct Hunts to identify anomalies and suspicious events which may be indicative of compromise that may have eluded conventional detection rules.
We use data gathering and analysis tools to execute “campaigns”. Examples:
- Persistence: are there unusual programs in start-up and registry?
- Tampering: have settings been changed to hide activity?
- Escalation: have accounts elevated their privileges?
Subscribe to our Daily Threat Intelligence Bulletin
Our Threat Intelligence Gathering & Reporting (TIGR) team curates a daily brief, the TIGR Threat Watch, with information collected from several industry intel sources. Threat Bulletins include details on the CVE and recommendations for mitigation and remediation. The TIGR Threat Watch is accessible in real time via RSS. You will also receive critical vulnerability notifications as information develops.