Get pros in your corner!
Cybercrime - A Trillion-Euro Per Year Business
Today, cybercrime has grown into a trillion-euro per year business and companies in all industries, of all sizes, have become potential targets. It is no longer a question of whether your business will be attacked, but when and how often. Modern organizations rely on IT to enable production and store digital assets. In most cases, daily operation is completely dependent on IT. A successful cyberbreach can generate huge revenue losses and bring an entire organization to its knees. Breaches happen quickly but can go undetected for weeks or even months.
Truesec has developed a state-of-the-art capacity to protect you and your company’s assets. The success is based on a combination of:
- Experience in investigating major cyber incidents worldwide
- A skillful team of cybersecurity experts
- The most advanced tools on the market
- Understanding the specifics of our clients’ IT environments
Managed EDR and SIEM (XDR) – Detect and Disarm Service
The capability to monitor, detect and respond to attacks is a cornerstone in modern cyber defence. All preventive security measures must go hand in hand with continuous security monitoring and incident response. This will provide your organization with the best protection against cyber threats.
The central technology used in our service is Endpoint Detection and Response, EDR. EDR software is at the moment the best way of detecting and investigating suspicious activities. Our Managed Detect and Disarm Service gives your organization the capability to stop cyberattacks before they become cyberbreaches.
You will instantly have the capability to detect malicious threat actor activities along with a rapid response and forensics capability to investigate any cyber incident no matter how sophisticated.
The service offers 24/7/365 detection, threat hunting, incident response readiness, and a dedicated cyber hotline. As a customer, you also receive direct access to leading Truesec cyber experts as an extension of your own team.
Security Operations Center (SOC)
The Detect and Disarm managed service utilizes our Security Operations Center (SOC) to monitor, analyze, and maintain our customers’ information security and digital assets. It provides 24/7/365 monitoring, detection, and disarm capabilities. Through real-time observations, the SOC is able to identify, prioritize, and respond to potential threats. SOC operations are handled by an expert team in three tiers.
All personnel in the SOC go through a security screening conducted by a third-party screening company before they are allowed to work in the SOC. The SOC is located in central Stockholm and is equipped with camera surveillance and an alarm system connected directly to the police.
How Our Managed Detect and Disarm Service Works
Monitoring and Detection – Block, Detect, Analyse and Contain
Endpoint detection is the fundamental capacity for detecting and responding to malicious cyber activities and therefore the basic tooling offering in our solution. The operational process includes active monitoring and detection 24/7/365. A detected activity that can potentially be a part of a malicious threat actor activity is examined and if malicious, is logged, graded by severity, and reported together with a recommended action. If the activity requires any action, the affected endpoint will be disarmed and isolated to contain and minimize the damage.
By default, the client decides if they want the malicious activity to be handled by Truesec, by themselves, or ignored. Action contracts can also be defined so that specific malicious activities can be automatically handled by Truesec as part of the Rapid Response service.
A core capacity of the Detect and Disarm service is to use much of our knowledge and resources to analyze and qualify alerts and only forward what is required to our customers. In the end, this means that even if we receive and analyze many alerts, the number of forwarded incidents becomes very low and easier to manage.
As part of the goal to improve our customers’ security stance, security recommendations are provided quarterly or after any larger forensic investigation or rapid response activity. The main purpose of these recommendations is to ensure the ability to act on new security issues or threats.
Response and Forensics – Contain, Investigate and Eradicate
Rapid Response is based on SLA and is an optional module that ensures the client has access to Truesec rapid response specialists at a predefined hourly rate. Rapid Response includes identifying threat actor activities, planning and executing a kick-out process, and assisting recovery with the goal of returning to a steady state as fast as possible.
The Rapid Response can be initiated either after malicious activity is detected by Truesec or by the client by using the cyber emergency hotline. The client always authorizes any response activities, either on a case-by-case basis or by an authorized action contract.
Forensics investigation is SLA-based and ensures that the client has access to Truesec forensics investigation specialists at a predefined hourly rate. Truesec Forensic investigations include identifying threat actor activities, identifying technical impact, production of breach reports and data to support mandatory reporting to GDPR and other applicable laws related to region or sector. The forensics can be initiated either after malicious activity is detected by Truesec or by the client by using the cyber emergency hotline. The client always authorizes any response activities, either on a case-by-case basis or by an authorized action contract.
Strategic Recommendations – Continuous Improvement
As part of the continuous improvement of the service, strategic recommendations are provided monthly or after any larger forensic investigation or Rapid Response activity.
The strategic recommendations provide information on how to improve the client’s capacity to prevent, detect, and disarm any threat actor activity. The recommendations are provided by our leading cybersecurity experts and will be based on knowledge gathered during threat-hunting by continuously monitoring the environment and lessons learned from active investigations.