Preventative security measures are important and can ward off many attacks. Resourceful attackers, however, can and do overcome many of these measures. In fact, practically all companies can expect to experience a cyber incident at some point, whether as the result of being a direct attack target, or because they become unfortunate collateral damage from a broad attack campaign. Cyber incidents can be challenging and costly to resolve, especially because the lead time between attack and discovery can be up to many months and it is during that time that criminals cause damage. Moreover, all too often, because the root causes of an attack are not understood properly, remediation actions are incorrectly oriented, leaving doors open for future attacks.
To protect your and your customers’ data efficiently, you must be able to detect such attacks proactively and be able to investigate them thoroughly when detected. We offer the following services for companies of any size and in any industry:
- Threat Hunting: a proactive search through your network with the aim to identify:
o Threats: evidence of attackers already present on your network
o Risks: indications of IT and security-related issues that can be exploited by attackers at some point
- Incident Response: once an attack(er) has been detected, or once an incident has occurred, our teams will investigate to establish answers to the following fundamental questions:
o What has happened and what did attackers do/ take/ affect?
o How did the attackers do what they did? Where was their point of entry?
o When did this happen? What was the timeline of the attack?
It is through these services that we help our customers arrive at a fact-based view on incidents and potential incidents, in order to take effective decisions and actions. Our work results in highly action-oriented insights, so that companies can move quickly and confidently through the remediation phase.
Additionally, we offer our proprietary Incident Response and Threat Hunting platform, which our own teams use to do deliver our services, as a Cloud service, to companies that have their own cyber specialists, analysts and consultants. Our platform, called Chronos, has a distinct value proposition because of its:
- Speed: we reduce hunting and investigative processes from weeks to days and from days to hours
- Scalability: we can scale from single machines to networks of thousands
- Depth and correctness: we collect and process a very rich set of data inputs and users are able to draw conclusions confidently because of the analysis methodologies
- Non-invasiveness: we do not leave anything on the network, unlike most solutions which remain deployed and, therefore, become a potential source of vulnerabilities
- User-friendliness: easy access through a portal and investigator interface
We look forward to meeting you at it-sa 2018. To get a free entry ticket and set up an appointment please send us an email at firstname.lastname@example.org.