Continuous security monitoring, detection and response capabilities are now regarded as essential for organizations of all sizes. Preventive technologies such as firewalls and malware protection systems can and do fail, often due to mistakes people make or due to imperfections in the preventive technology itself. A sound security posture requires both proactive detection of security incidents and responding to them in a timely manner.
Ebryx provides several managed security services through our Security Operation Centers (SOCs), located around the world, for continuous monitoring, threat hunting, incident response and protection of data theft by insider or external threat actors.
Managed SOC Service
- 24×7 security monitoring and reporting
- SIEM troubleshooting and optimization
- Rapid threat detection & remediation advisory
- Custom data-source integration and rule writing
- Use-case development as per the business need – Weekly meetings and monthly threat reports
Co-Managed SOC (L2 as a Service)
Ebryx Level2-Analyst-as-a-Service offering is designed for organizations who prefer to get the basic SIEM monitoring done by their internal security/SOC team. The service augments the internal SOC setup by providing more complex analysis and troubleshooting services whenever required.
- Non-persistent connection to the client’s existing SIEM deployed on-prem or cloud
- Advanced offense investigation for the escalated cases from L1
- Custom data sources integration, parsing and correlation rule writing
- SIEM rule-set tuning, thresholding and suppression to reduce False Positives
- Advisory role for client’s internal L1 team with weekly meetings and monthly progress reports
- Quarterly SIEM/SOC effectiveness review
Threat Hunting Service
- Coverage of tactics and techniques based on MITRE ATT&CK framework
- Adversary focused hunt missions
- Advanced use-case development to detect TTPs of the region/industry-specific APT groups
- Enhanced OS telemetry for greater forensic visibility into the endpoints
- Monthly environment sweeps against the emerging threats
- Custom cross-correlation rule writing for disparate data-sources
- Malware Analysis and Reverse Engineering
- Continuous threat modeling to cater the dynamic threat landscape
Enterprise IT and cloud environments are changing rapidly with addition of servers, laptops, wireless devices, web applications and cloud services almost on a daily basis. Software vendors are continuously releasing new versions of software and patches. New types of attacks and vulnerabilities are being uncovered continuously. It is difficult to keep up with all of this and ensure that the network, devices and web and cloud applications are not vulnerable to costly security compromises.
We recommend continuous monitoring and vulnerability management through a service such as Ebryx Detection and Response Services as a best practice. However, organisations at times need a clearer picture of their current security posture before opting for a SOC service. We strongly advise such customers to start with security assessments to identify critical gaps and address them immediately.
Despite increased spending on security products and solutions, more and more organizations continue to suffer breaches, with hackers and cyber criminals using ever more sophisticated techniques to by-pass defenses. Advanced attacks involve compromising networks and covering tracks in an effort to remain ‘invisible’. Organizations need to stop being reactive and instead adopt a proactive approach. A key part of this is the ability to continuously monitor and respond to threats in real-time. With Ebryx Managed SOC service you get the capabilities of a modern day SOC at a fraction of the cost and without the significant overheads associated with setting up an inhouse SOC. We offer flexible commercial models and deployment options to deliver information security monitoring, threat detection, incident response and threat hunting. (…)
Managed Detection and Response
Our Managed Detection and Response (MDR) service provides 24/7 detection and incident response. For organizations with an existing Security Operations Center (SOC), the MDR service augments existing capabilities. For organizations that do not have a SOC, the MDR service combines SOC with detection and response, offering value that is not available in typical SOC models. The service leverages a machine learning based Big Data Analytics platform, the latest endpoint detection technology and a response automation framework. The MDR Service is ideal for organizations facing a significant level of risk and a need to mitigate against security compromises in the shortest possible time, or those wishing to decrease the high load on their own SOC, thus allowing internal resources to be deployed more effectively and improving overall efficiency. (…)