Features & Capabilities
Integrated Security Data Lake
- Reduced infrastructure costs through prioritized and optimized logs for triggering alerts (SIEM) versus logs needed for investigation (Data Lake)
- Security Data Lake can be tuned for any desired amount of storage retention or file type
- Consolidated and streamlined hunting and searching capabilities for analysts and support for critical investigation formats such as netflow or packet capture
- Sentinel SOAR capabilities allow us to create automated and semi-automated response capabilities with little to no coding (and that means they’re easier to maintain)
- SOAR integrations include SRA’s custom and curated playbooks, and access to the growing open-source community library
- Avoid buying expensive add-on SOAR tools since the platform is consumption-based
- SRA will monitor, manage, and tune the cloud-based EDR platform of your choice (BYO-EDR, we don’t want to be and you probably don’t need us to be a reseller)
- Ask us for a specific list of currently-supported EDR
- We improve EDR configurations, incorporate threat intel and validate detection and prevention capabilities
Threat Intel & Threat Hunts
- We conduct hunts to identify anomalies and suspicious events which may be indicative of compromise or that have eluded conventional detection rules.
- We use data gathering and analysis tools to execute “campaigns”. Examples:
- Persistence: are there unusual programs in start-up and registry?
- Tampering: have settings been changed to hide activity?
- Escalation: have accounts elevated their privileges?
- Link your Active Directory to your security logs to enable ML to identify suspicious behaviors and activity
- Analyzes users, IP addresses, hosts, applications, and more
- No on-premise hardware to purchase or deploy with negligible operational costs
Forensics & Engineering Retainer
- We perform certified forensic analysis on request to perform deeper investigations to help identity the root cause of an incident.
- We use the same retainer to meet custom engineering or threat intel requests, as requested
Purple Teams with VECTR™
- Purple team testing assesses, improves and measures your security tools’ effectiveness in detecting known threat actor activity.
- When adopted as a process, purple team testing yields trending Defense Success Metrics and validated MITRE ATT&CK alignment.
Subscribe to our Daily Threat Intelligence Bulletin
Our Threat Intelligence Gathering & Reporting (TIGR) team curates a daily brief, the TIGR Threat Watch, with information collected from several industry intel sources. Threat Bulletins include details on the CVE and recommendations for mitigation and remediation. The TIGR Threat Watch is accessible in real time via RSS. You will also receive critical vulnerability notifications as information develops.