XDR

The SRA XDR approach utilizes a security data lake architecture to minimize SIEM costs, maximize your ability to store security events, and accelerate search and hunting capabilities. Our XDR service is enhanced by our distinctive approach to semi-annual Purple Teams & Metrics.

Our XDR service uses modern cloud technologies to deliver a managed SIEM that introduces and builds lasting capabilities inside your environment and takes advantage of SRA’s scale and capabilities to consistently test, tune, and improve your prevention, detection, and response capabilities. All of the engineering and tuning that we do is delivered into your cloud environment, through a shared management model. SRA leads the deployment and architecture within your own Azure tenant, and delivers an integrated solution that includes a security data lake, SIEM, security orchestration / automation / response (SOAR), UEBA, and more.

Features & Capabilities

Integrated Security Data Lake

  • Reduced infrastructure costs through prioritized and optimized logs for triggering alerts (SIEM) versus logs needed for investigation (Data Lake)
  • Security Data Lake can be tuned for any desired amount of storage retention or file type
  • Consolidated and streamlined hunting and searching capabilities for analysts and support for critical investigation formats such as netflow or packet capture

SOAR

  • Sentinel SOAR capabilities allow us to create automated and semi-automated response capabilities with little to no coding (and that means they’re easier to maintain)
  • SOAR integrations include SRA’s custom and curated playbooks, and access to the growing open-source community library
  • Avoid buying expensive add-on SOAR tools since the platform is consumption-based

EDR Management

  • SRA will monitor, manage, and tune the cloud-based EDR platform of your choice (BYO-EDR, we don’t want to be and you probably don’t need us to be a reseller)
  • Ask us for a specific list of currently-supported EDR
  • We improve EDR configurations, incorporate threat intel and validate detection and prevention capabilities

Threat Intel & Threat Hunts

  • We conduct hunts to identify anomalies and suspicious events which may be indicative of compromise or that have eluded conventional detection rules.
  • We use data gathering and analysis tools to execute “campaigns”. Examples:
    • Persistence: are there unusual programs in start-up and registry?
    • Tampering: have settings been changed to hide activity?
    • Escalation: have accounts elevated their privileges?

Behavioral Analytics

  • Link your Active Directory to your security logs to enable ML to identify suspicious behaviors and activity
  • Analyzes users, IP addresses, hosts, applications, and more
  • No on-premise hardware to purchase or deploy with negligible operational costs

Forensics & Engineering Retainer

  • We perform certified forensic analysis on request to perform deeper investigations to help identity the root cause of an incident.
  • We use the same retainer to meet custom engineering or threat intel requests, as requested

Purple Teams with VECTR™

  • Purple team testing assesses, improves and measures your security tools’ effectiveness in detecting known threat actor activity.
  • When adopted as a process, purple team testing yields trending Defense Success Metrics and validated MITRE ATT&CK alignment.

Subscribe to our Daily Threat Intelligence Bulletin

Our Threat Intelligence Gathering & Reporting (TIGR) team curates a daily brief, the TIGR Threat Watch, with information collected from several industry intel sources. Threat Bulletins include details on the CVE and recommendations for mitigation and remediation. The TIGR Threat Watch is accessible in real time via RSS. You will also receive critical vulnerability notifications as information develops.