Do you know what's happening in your IT environment? Building a detection capability is a daunting task for many organizations. Some of the typical questions that come up: What kind of logs should you keep? How long should you retain them? Should you deploy a SIEM? If so, what SIEM is best suited to your specific needs? Do you have the right people to detect security incidents as they occur? What kind of threat intelligence should you procure? If something happens, how do you respond?
Managed Detection & Response
In response to the challenges that many organizations are facing, NVISO has developed a managed detect & response service, where we combine our award-winning technology, our expertise & our intelligence! Instead of receiving raw alerts (& thus false positives), you receive clear incidents & cases that require further investigation & follow-up! NVISO's analysts will use their expertise to focus on the incidents that really matter! Furthermore, NVISO has a 24/7 Cyber Security Incident Response Team (CSIRT) that can be invoked to help you respond to incidents as well!
What does our service consist of?
In a typical setup, we will deploy our technology accross your environment, thereby focusing on typical areas of interest (e.g. your internet perimeter). If you are a heavy consumer of cloud services (& thus have a limited on-premise infrastructure), we will discuss what approach is best for you (e.g. deploying agents on your workstations & servers).
Our technology is continuously being developed to analyze & correlate the following types of information:
- Raw network traffic that is parsed by our NVISO Eagle Eye engine (which includes log generation, IDS, contextualization & capabilities);
- Logs of typical network devices (e.g. proxy logs, DNS logs, DHCP logs) and endpoints (e.g. Windows event logs, syslog, EDR logs, ...);
- Our engine is continuously connected to NVISO's threat intelligence platform, ensuring it can detect the latest known attack campaigns.
The NVISO Eagle Eye engine performs traditional signature-based detection for known attacks, but also includes anomaly & outlier detection algorithms. These algorithms are at the core of NVISO's R&D activities.
The results of our engine are visualized in our analysis dashboards, where your & our analysts will have access to. On a periodical basis (frequency can be tailored to your needs), our analysts will review the dashboards and analyze what's happening in your environment. Upon completing their analysis, they will report on their results. Reporting can be tailored to your needs (we can for example report in existing ticketing systems).
Should critical incidents be detected, you can rely on NVISO's 24/7 CSIRT team to immediately assist with incident response, digital forensics, or malware analysis!
As your organization further matures, we can adapt our service to ensure you receive maximum value. In several cases, we initially performed all analysis work ourselves, after which we educated our clients' analysts so they could take over a part of the analysis work themselves. This way, our analysts can focus on the more complex cases and provide better value!
Why NVISO ?
- In 2016, our Eagle Eye technology won the NATO NCIA Defence Innovation Award, an achievement we are very proud of!
- We offer a unique service model, combining technology, expertise & intelligence!
- We can hit the ground running, establishing an initial detection capability, after which we can further mature our service in the long term;
- We are a trusted European team, all of our analysts possess a security clearance "Secret" (Belgian, NATO & EU);
- We have a team of world-class experts that regularly share their knowledge while teaching for SANS or speaking at conferences. Furthermore, our experts have obtained most of the well-known certifications in the industry: GCFA, GCFE, GNFA, GCIA, GCIH, GREM, ...
- In case of incidents, our CSIRT is available 24/7 through a dedicated hotline.