A Better SOC
We see our CyberSOC as a strategic and differentiated capability. We bring attacker perspective to our defensive controls operations by using our world class Red Team to sharpen and test detection rules, and provide training and perspective to our CyberSOC operators. Our approach integrates cutting-edge Purple Teams techniques to improve MITRE ATT&CK alignment and identify visibility gaps.
Our SOC Models
|
|
|
|
Our SOC Models
Enterprise
| Description: | Our full SOC model including SIEM, Endpoint, your other tools, and ticketing in your platform. |
| Scope: | 24x7x365 |
| Monitoring & Response: | ☑ |
| Threat Intel & Hunts: | ☑ |
| Purple Teams w/ VECTR: | ☑ |
| Forensics: | Available |
| Engineering: | ☑ |
| Secrets & Presence: | ☑ |
| BEEP: | ☑ |
| UEBA: | Available |
| SOAR: | Available |
| Data Lake: | Available |
XDR
| Description: | We monitor SIEM alerts using Azure Sentinel and your cloud, respond to EDR, Email, and domain alerts. |
| Scope: | 24x7x365 |
| Monitoring & Response: | ☑ |
| Threat Intel & Hunts: | ☑ |
| Purple Teams w/ VECTR: | ☑ |
| Forensics: | Available |
| Engineering: | Available |
| Secrets & Presence: | Available |
| BEEP: | Available |
| UEBA: | ☑ |
| SOAR: | ☑ |
| Data Lake: | ☑ |
Tier 4
| Description: | We use purple teams to test, measure and benchmark your SOC’s defenses. |
| Scope: | Quarterly |
| Monitoring & Response: | – |
| Threat Intel & Hunts: | – |
| Purple Teams w/ VECTR: | ☑ |
| Forensics: | – |
| Engineering: | Available |
| Secrets & Presence: | Available |
| BEEP: | – |
| UEBA: | – |
| SOAR: | – |
| Data Lake: | – |
People Forward Approach
Named Team
You co-source hard-to-staff-and-retain 24×7 talent with SRA that you don’t have to manage. Your team are certified cybersecurity Defenders, Engineers and Hunters.
Eyes on Glass
Good CSOC needs eyes on glass. We use automation where it works, but in 2020, people are still more important. Watch out! Your software resellers and large MSSPs will tell you otherwise.
Operate Your Environment
We operate your tools and document a lasting capability. We don’t believe in “send us your logs” because that method lacks change agility and rarely detects real attackers.
We do not describe our work or team members with traditional SOC Tiers. We find that it limits the inspiration and potential of our people, and we want them to be curious, energetic, and always leveling up. We use the following roles:
Captain
Leads incident command bridges, communicates monthly updates and annual reviews.
Scientist
Creates new hunt and purple campaigns based on emerging attacks. Builds the CSOC lab.
Architect
Security architecture and instrumentation recommendations, and engineering oversight.
Engineer
Leads purple teams, creates “detection blueprints” and implements improvements.
Hunter
Executes threat hunt campaigns and documents repeatable runbooks. Expands on hunt scenarios.
Defender
Actively monitors networks for evil, follows runbooks for investigation, documents and completes tickets and “watch” handoffs
Our Unique SOC Framework
Purple Teams
Threat simulations to improve visibility and trend your defense success metrics.
Threat Hunts
Threat hunts to identify anomalies and suspicious events which may be indicative of compromise.
BEEP
White glove services for your executives: a mobile app to call for immediate CSOC response.
24x7 CyberSOC
H24 Strategy
This security framework can help to identify capability gaps and steps to mature your cyber program.
Forensics
Certified forensic examiner assistance to help identify the spread and cause of potential security incidents.
Engineering
Configuration and tuning of detection policies, rules, and alarms on an ongoing basis.
Our Unique SOC Framework
24x7 CyberSOC
Monitoring, Notification, and Response using the tools in your environment. Threat Intelligence and Incident Triage.
Purple Teams
Threat simulations to improve visibility and trend your defense success metrics.
Threat Hunts
Threat hunts to identify anomalies and suspicious events which may be indicative of compromise.
BEEP
White glove services for your executives: a mobile app to call for immediate CSOC response.
H24 Strategy
This security framework can help to identify capability gaps and steps to mature your cyber program.
Forensics
Certified forensic examiner assistance to help identify the spread and cause of potential security incidents.
Engineering
Configuration and tuning of detection policies, rules, and alarms on an ongoing basis.
24×7 Defense
Purple Teams with VECTR
Collaborate. Quantify. Improve.
Purple Teams through VECTR™ generates success defense metrics and helps align Red and Blue Teams towards the same mission: protecting the organization by discovering and developing content for detection gaps. If you are scratching your head on how to adopt and align to the MITRE ATT&CK Framework, this is for you.
VECTR™ is the only free platform of its kind, and is taught in three SANS classes (that we’re aware of).
H24 Strategy
We use our H24 Framework to lead an annual workshop and discuss your current maturity, with ideas for improvement for the coming year. We focus on the blue tiles but have content for all of them.
Measure Your Cybersecurity Maturity with H24
Security Risk Advisors maintains a capabilities maturity framework that helps organizations visualize, evaluate, and prioritize cybersecurity investments.
Forensics
We use indicators of compromise (IOC’s) and certified methods to help identify if there are malware artifacts present on your systems and perform forensic analyses to identity root causes.
Threat Hunts
We conduct Hunts to identify anomalies and suspicious events which may be indicative of compromise that may have eluded conventional detection rules.
We use data gathering and analysis tools to execute “campaigns”. Examples:
- Persistence: are there unusual programs in start-up and registry?
- Tampering: have settings been changed to hide activity?
- Escalation: have accounts elevated their privileges?
BEEP Executive Protection
BEEP® is a one-touch cyber incident notification solution for executives that are more likely to be targeted by malicious actors because of their access to sensitive information.
If an executive feels as though they are affected by an incident, they simply open the BEEP® app and push the button. The button press initiates their custom incident response workflow.
Incident Response with the Push of a Button
This exclusive app creates a customized (per-executive) ticket for the CyberSOC to action at the highest level of priority.
Subscribe to our Weekly Threat Intelligence Bulletin
Our Threat Intelligence Gathering & Reporting (TIGR) team curates a weekly report with information collected from several industry intel sources. Threat Bulletins include details on the CVE and recommendations for mitigation and remediation.