Cyber Security logo

Cyber Security

Respond

When an incident has been detected, it is key to respond as fast and efficient as possible. Companies need to make sure that they develop and implement appropriate activities to act regarding a detected cybersecurity incident.

When using the right tool with built-in artificial intelligence, combined with dedicated people to investigate meaningful correlations and events, it is possible to contain the impact of a potential cybersecurity incident. Referring to the ‘Respond’ function in the attack cycle, we talk about response planning, analysis, and mitigation activities to ensure that the cybersecurity program is continuously improving.

Security Operations Center / Managed Detection & Response

­­When an incident has been detected, it is key to respond as fast and efficient as possible. Companies need to make sure that they develop and implement appropriate activities to act regarding a detected cybersecurity incident.

When using the right tool with built-in artificial intelligence, combined with dedicated people to investigate meaningful correlations and events, it is possible to contain the impact of a potential cybersecurity incident. Referring to the ‘Respond’ function in the attack cycle, we talk about response planning, analysis, and mitigation activities to ensure that the cybersecurity program is continuously improving.

The response phase of a cybersecurity incident is perhaps the least enjoyable part of being in IT. It feels like the whole world is on fire, and you’re the one responsible for putting it out. That’s why you need to establish a playbook for different types of scenarios before an incident occurs. You can’t plan for everything that may happen because no two incidents are the same. But, you can plan what needs to happen for specific types of incidents, and you can improve those plans based on your future experiences.

ESOC (Email Security Operations Center)

It is a fact that Email is by far the most important source of a security incident. The follow-up of logs and alerts generated by email security solutions is time consuming and not always a priority for IT teams.

For example, assume that you’ve detected an account takeover. The first thing you need to do is secure the account to contain the damage. Then, you need to analyse that account to identify emails sent after the takeover, documents that were shared or modified, and any other action that a cybercriminal could have taken while they had control of the account.

With our ESOC service, we can relieve you by daily checkups on suspicious sign-ins, suspicious inbox rules, phishing logs & incidents, user reported email, shared threat discovery and locally trending phishing emails. ESOC can be a standalone solution (service) or combined with Co-or Full-SOC.

Incident Response

More than 1000 customers that use the same SIEM tool, are feeding the intelligence to make it even more accurate. When an incident occurs, we can automatically:

  • Isolate/ un-isolate endpoints
  • Disable/ enable users in Active Directory
  • Create tickets (Jira/ Service Now)

Customers get full access to the SOC platform for visibility.

One of the greatest advantages compared with competitive offerings, is that Syntory Guardian Angel is Asset based instead of Volume based. So, no need to be selective in the logs you’re sending to the platform and missing valuable logs in the analysis.

Our Managed Detection and Response service is available in several flavours, depending on the customer needs:

  • CO-SOC: Teamwork Syntory SOC analysts (handling high & critical alerts) and customer (handling low and medium alerts.
  • FULL SOC: Syntory SOC analysts handle all alerts: low, medium, high and critical

Valuable detection methods to look at baseline behaviour/ traffic and potential abnormalities are User Behaviour Analytics, Attacker Behaviour Analytics, Network Traffic Analytics, Threat Intelligence Detections and Threat Hunting.

Despite all procedures and best-in-class technology, things that make a really bad day for you can happen… When a cyber attack occurs, we already have short communication lines with partners that are specialised in Blue/ White/ Red/ Purple teaming. These companies will immediately start with investigations to minimise the window of exposure.

Story

Noun

  1. Real people and events told for entertainment
  2. The commercial prospects or circumstances of a particular company

Synthesis

Noun

  1. The combination of components or elements to form a connected whole