Security Operations

Security Operations

Having a monitoring and detection capability is possibly one of the most significant expenses a business can make, so getting the very best results is paramount to making it a success. Whether you have a managed service provider or your on inhouse SOC – we can help make sure you get the very best return on investment.

We can help optimize your SOC

MITRE ATT&CK™ COVERAGE

The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. We use MITRE to determine and assess appropriate coverage, for validating effectiveness and identifying gaps against adversarial TTP’s

LOG COLLECTION REVIEW

We help identify logs that are useful for collection or eliminate those which offer no real value for your SIEM. Keeping your SIEM healthy is essential for top performance. Reduce costs by only collecting logs which are really needed.

PLAYBOOK / RUNBOOK DEVELOPMENT

Build effective processes for investigation (Detection, Response, Containment, Eradication, Recovery) Increase productivity with automation and refine complex workflows.

PURPLE TEAM SETUP

Continually testing your security controls, people, process and technology is crucial to ensuring you are always improving and refining your security posture. Purple teams are the best of both worlds, combining both the red and blue (attack and defence) to work together transparently. Embedding this capability is essential for continual improvement.

THREAT INTELLIGENCE

Don’t just collect feeds/sources, apply intelligence that can be consumed and disseminated throughout the organisation that helps improve your organisations overall security posture. We can help you build an appropriate threat intelligence function for operational, tactical and strategic insights.

Handle Incidents With Confidence

ASSUMED BREACH ASSESSMENTS

Determine your organisations ability to detect compromises effectively. We help your organisation by simulating breach scenarios, we use a wide variety of tactics techniques and procedures (TTP’s) employed by various threat actors with the aim to identify gaps within your technical controls and security processes.

THREAT HUNTING

A reactive stance is no longer sufficient in todays world – Newer technologies are great at alerting your security staff to possible breaches but often attackers leave traces long before breaches actually occur. Adopting a more proactive approach, developing a threat hunting capability can give your security team an early indication something is not quite right.  We can help you business with building and developing your threat hunting program, determining detection, logging and data collection gaps and creating metrics.

INCIDENT RESPONSE PLAYBOOKS

Investigators need repeatable processes they can follow when investigating incidents, having these clearly documented for your analysts allows for consistency during investigations, not only this it allows your organisation to build a roadmap and automate where necessary speeding up the time it takes to investigate incidents.

 

Related Posts

Vulnerability Assessment

Vulnerability Assessments that help your business identify threats and reduce risk fast. We save your

Read More

AWS Cloud Security Review

Ensure you design, build and secure your aws environment from the outset.

Read More

Red Team Assessments

Test your organisations ability to detect, defend and recover from a real-world attack with a

Read More