A Better SOC

We see our CyberSOC as a strategic and differentiated capability. We bring attacker perspective to our defensive controls operations by using our world class Red Team to sharpen and test detection rules, and provide training and perspective to our CyberSOC operators. Our approach integrates cutting-edge Purple Teams techniques to improve MITRE ATT&CK alignment and identify visibility gaps.

People Forward Approach

Named Team

You co-source hard-to-staff-and-retain 24×7 talent with SRA that you don’t have to manage. Your team are certified cybersecurity Defenders, Engineers and Hunters.

Eyes on Glass

Good CSOC needs eyes on glass. We use automation where it works, but in 2020, people are still more important. Watch out! Your software resellers and large MSSPs will tell you otherwise.

Operate Your Environment

We operate your tools and document a lasting capability. We don’t believe in “send us your logs” because that method lacks change agility and rarely detects real attackers.

We do not describe our work or team members with traditional SOC Tiers. We find that it limits the inspiration and potential of our people, and we want them to be curious, energetic, and always leveling up.  We use the following roles:

Captain

Leads incident command bridges, communicates monthly updates and annual reviews.

Scientist

Creates new hunt and purple campaigns based on emerging attacks. Builds the CSOC lab.

Architect

Security architecture and instrumentation recommendations, and engineering oversight.

Engineer

Leads purple teams, creates “detection blueprints” and implements improvements.

Hunter

Executes threat hunt campaigns and documents repeatable runbooks. Expands on hunt scenarios.

Defender

Actively monitors networks for evil, follows runbooks for investigation, documents and completes tickets and “watch” handoffs

Our Unique SOC Model

Purple Teams

Quarterly threat simulations to improve visibility and trend your defense success metrics.

Threat Hunts

Monthly threat hunts to identify anomalies and suspicious events which may be indicative of compromise.

BEEP

White glove services for your executives: a mobile app to call for immediate CSOC response.

24x7 CyberSOC

H24 Strategy

This security framework can help to identify capability gaps and steps to mature your cyber program.

Forensics

Certified forensic examiner assistance to help identify the spread and cause of potential security incidents.

Engineering

Configuration and tuning of detection policies, rules, and alarms on an ongoing basis.

Our Unique SOC Model

24x7 CyberSOC

Monitoring, Notification, and Response using the tools in your environment. Threat Intelligence and Incident Triage.

7

Purple Teams

Quarterly threat simulations to improve visibility and trend your defense success metrics.

3

Threat Hunts

Monthly threat hunts to identify anomalies and suspicious events which may be indicative of compromise.

3

BEEP

White glove services for your executives: a mobile app to call for immediate CSOC response.

3

H24 Strategy

This security framework can help to identify capability gaps and steps to mature your cyber program.

3

Forensics

Certified forensic examiner assistance to help identify the spread and cause of potential security incidents.

3

Engineering

Configuration and tuning of detection policies, rules, and alarms on an ongoing basis.

24×7 Defense

Purple Teams with VECTR

Collaborate. Quantify. Improve.

Purple Teams through VECTR™ generates success defense metrics and helps align Red and Blue Teams towards the same mission: protecting the organization by discovering and developing content for detection gaps. If you are scratching your head on how to adopt and align to the MITRE ATT&CK Framework, this is for you.

VECTR™ is the only free platform of its kind, and is taught in three SANS classes (that we’re aware of).

H24 Strategy

We use our H24 Framework to lead an annual workshop and discuss your current maturity, with ideas for improvement for the coming year. We focus on the blue tiles but have content for all of them.

Measure Your Cybersecurity Maturity with H24

Security Risk Advisors maintains a capabilities maturity framework that helps organizations visualize, evaluate, and prioritize cybersecurity investments.

Forensics

We use indicators of compromise (IOC’s) and certified methods to help identify if there are malware artifacts present on your systems and perform forensic analyses to identity root causes.

Threat Hunts

We conduct Hunts to identify anomalies and suspicious events which may be indicative of compromise that may have eluded conventional detection rules.

We use data gathering and analysis tools to execute “campaigns”. Examples:

  • Persistence: are there unusual programs in start-up and registry?
  • Tampering: have settings been changed to hide activity?
  • Escalation: have accounts elevated their privileges?

BEEP Executive Protection

BEEP® is a one-touch cyber incident notification solution for executives that are more likely to be targeted by malicious actors because of their access to sensitive information.

If an executive feels as though they are affected by an incident, they simply open the BEEP® app and push the button. The button press initiates their custom incident response workflow.

Incident Response with the Push of a Button

This exclusive app creates a customized (per-executive) ticket for the CyberSOC to action at the highest level of priority.

Subscribe to our Weekly Threat Intelligence Bulletin

Our Threat Intelligence Gathering & Reporting (TIGR) team curates a weekly report with information collected from several industry intel sources. Threat Bulletins include details on the CVE and recommendations for mitigation and remediation.