Do you know what's happening in your IT environment? Building a detection capability is a daunting task for many organizations. Some of the typical questions that come up: What kind of logs should you keep? How long should you retain them? Should you deploy a SIEM? If so, what SIEM is best suited to your specific needs? How about an Endpoint Detection & Response (EDR) tool? Do you have the right people to detect security incidents as they occur? What kind of threat intelligence should you procure? If something happens, how do you respond?
Managed Detect & Respond (MDR)
In response to the challenges that many organizations are facing, we have developed a managed detect & response service, where we combine best-of-breed technology products with our people and know-how! Instead of receiving raw alerts that require in-depth analysis, our technology and analysts will do the heavy lifting. Once analysed, triaged incidents are provided to you through our client portal, with clear actions and recommendations for you to implement.
We can even take it a step further: By leveraging our Security Orchestration and Automated Response (SOAR) platform, we can automate responsive actions for a full end-to-end service. The level of automation is only limited by your imagination and comfort level (although we do typically implement approval steps before automated actions are taken).
Our MDR service can either be offered during European business hours or on a 24/7 basis. Should we identify any high-severity incidents that require emergency response, NVISO can deploy its 24/7 Cyber Security Incident Response Team (CSIRT), which can be provide deep-dive technical services (e.g. malware analysis or digital forensics) or on-site crisis management support.
Our Technology Stack
We have selected a number of best-of-breed technology products that we can leverage as part of our MDR service offering. Note that the below list is not exhaustive, but it shows the main technology components:
SIEM / Log Management
The central system in which logs are collected and correlated. NVISO supports both Elastic SIEM (on-premise or cloud) and Microsoft Sentinel (cloud) as SIEM platforms.The exact log ingestion and retention configuration will be decided together with you.
Endpoint Detection & Response (EDR)
In line with our ambition to select best-of-breed technology and offer flexibilty to our clients, we support both CrowdStrike Falcon and Microsoft Defender ATP as EDR tools. Both are considered Leaders in the Gartner Magic Quadrant and provide in-depth detection and responsive capabilities.
Security Orchestration and Automated Response (SOAR)
Often provided as an optional component in managed services, our SOAR platform is at the core of our MDR service offering. We will leverage Palo Alto Cortex XSOAR in order to provide consistent playbooks for incident handling and automated responses using community and NVISO playbooks.
NVISO Technology Differentiators
Any reseller can resell products, we however add a number of key differentiators on top of these best-of-breed products:
- SIEM / Log Management: Next to the built-in use cases of the supported products, we will leverage our own unique collection of community and self-developed use cases. The NVISO-developed uses cases were built throughout multiple years of security research, monitoring and incident response. Use cases are written in the SIGMA language and are mapped to MITRE ATT&CK.
- Endpoint Detection & Response (EDR): Next to the commercial EDR tool, NVISO will assist in the configuration of security log best practices for your infrastructure, thereby tremendously increasing the detection capability of the service.
SOAR: On top of all available integrations and playbooks in Palo Alto Cortex XSOAR, we have heavily invested in creating automated playbooks for incident analysis / enrichnment and response. As a client of our MDR service, you will immediately leverage this, thereby hitting the ground running.
When comparing ourselves with our competitors, we often find that they do not provide a great level of detail on the actual people that work in the SOC. This is often because traditional managed service providers attempt to generate margins by leveraging people in lower cost countries to operate (parts of) the SOC. This is hardly a differentiator and is thus usually not highlighted in commercial offerings to potential customers.
At NVISO, we believe in doing things differently: Next to best-of-breed technology and solid processes, a SOC requires world-class people! Efficiency gains should not be made by lowering the average cost per SOC analyst. Instead, they should be made by a relentless focus on automation and smart working, which also improves efficiency on your end of the service and prevent SOC analyst "alert fatigue”. Our SOAR platform plays a vital role in this and is thus an essential part of our SOC service.
The experience and expertise of our analysts is unrivalled! Our team of analysts consists of a selection of experts with excellent subject matter expertise: SANS Instructors, Conference Speakers, Internet Storm Center Handlers, developers of globally used forensics tools,...
Why NVISO ?
- We are a trusted European team, all of our analysts possess a security clearance "Secret" (NATO / EU level)
- We have a team of world-class experts that regularly share their knowledge while teaching for SANS or speaking at conferences. Furthermore, our experts have obtained most of the well-known certifications in the industry: GDAT, GCFA, GCFE, GNFA, GCIA, GMON, GCIH, GREM,...
- We leverage best-of-breed technology products and strongly focus on efficiency and automation through our built-in SOAR platform
- We provide an end-to-end service, inlcluding a 24/7 CSIRT team that can help you respond to emergency incidents