Get pros in your corner!
Cybercrime - A trillion-euro business
Today, cybercrime has grown into a trillion-euro business and companies in all industries and of all sizes have become potential targets. It is not a question about whether your business will be attacked but rather how often. Modern organizations rely on IT to enable production and store digital assets. In most cases the daily operation is completely dependent on IT. A successful cyberbreach can generate huge revenue loss and bring an entire organization to its knees. Breaches happen fast, but can go undetected for weeks or even months.
Truesec have developed a state-of-the-art capacity to protect you and your company’s assets. The success is based on a combination of:
- Experience of investing major cyber incidents worldwide
- Skilful team of cyber security experts
- The most advanced tools on the market
- Understanding the specifics of our client’s IT environments
Managed EDR & SIEM (XDR) – Detect & Disarm Service
The capability to monitor, detect and respond to attacks is a cornerstone in a modern cyber defence. All preventive security measures must go hand in hand with continuous security monitoring and incident response. This will give your organization the best protection against cyberthreats.
The central technology used in our service is Endpoint Detection and Response, EDR. EDR software is at the moment the best way of detecting and investigating suspicious activities. Our Managed Detect & Disarm Service gives your organization the capability to stop cyberattacks before they become cyberbreaches.
You will instantly get a capability to detect malicious threat actor activities along with a rapid response & forensics capability to investigate any cyber incident no matter how sophisticated.
The service offers 24/7/365 detection, threat hunting, incident response readiness and a dedicated cyber hotline. As a customer, you also get direct access to leading Truesec cyber experts as an extension of your own team.
Security Operations Center (SOC)
The Detect & Disarm managed service utilizes our Security Operations Center (SOC) to monitor, analyse and maintain our customers information security and digital assets. It provides 24/7/365 monitoring, detection and disarm capabilities. Through real time observations, the SOC is able to identify, prioritize and respond to potential threats. SOC operations are handled by an expert team in three tiers.
All personnel in the SOC goes through a security screening by a third party screening company before they are allowed to work in the SOC. The SOC is located in central Stockholm and is equipped with camera surveillance and an alarm system connected directly to the police.
This is how our Managed Detect & Disarm Service works
Monitoring & Detection – Block, Detect, analyse & contain
Endpoint detection is the fundamental capacity for detecting and responding to malicious cyber activities and therefore the basic tooling offering in our solution. The operational process includes active monitoring and detection 24/7/365. A detected activity that can potentially be a part of a malicious threat actor activity is examined and if malicious, it gets logged, graded by severity, and reported together with a recommended action. If the activity requires any action, the affected endpoint will be disarmed and isolated to contain and minimize the damage.
By default, the client decides if they want the malicious activity to be handled by TrueSec, by themselves or ignored. Action contracts can also be defined so that specific malicious activities can be automatically handled by TrueSec as part of the rapid response service.
A core capacity of the Detect & Disarm service is to use much of our knowledge and resources to analyse and qualify alerts and only forward what is required to our customers. In the end, this means that even if we receive and analyse many alerts, the number of forwarded incidents becomes very low and easier to manage.
As part of the goal to improve our customer’s security stance, security recommendations are provided quarterly or after any larger forensic investigation or rapid response activity. The main purpose of these recommendations is to ensure the ability to act on new security issues or threats.
Response & Forensics- Contain, investigate & eradicate
Rapid Response is based on SLA and is an optional module that ensures the client has access to Truesec rapid response specialists at a predefined hourly rate. Rapid response includes identifying threat actor activities, planning and executing a kick-out process and assisting recovery with the goal of returning to a steady state as fast as possible.
The rapid response can be initiated either after malicious activity is detected by TrueSec or by the client by using the cyber emergency hotline. The client always authorizes any response activities, either by on a case-by-case basis or by an authorized action contract.
Forensics investigation is SLA based and ensures that the client has access to Truesec forensics investigation specialists at a predefined hourly rate. TrueSec Forensic investigations includes identifying threat actor activities, identifying technical impact, production of breach reports and data to support mandatory reporting to GDPR and other applicable laws related to region or sector. The forensics can be initiated either after malicious activity is detected by TrueSec or by the client by using the cyber emergency hotline. The client always authorizes any response activities, either by on a case-by-case basis or by an authorized action contract.
Strategic Recommendations – continuous improvement
As part of the continuous improvement of the service, strategic recommendations are provided monthly or after any larger forensic investigation or rapid response activity.
The strategic recommendations provide information on how to improve the client’s capacity to prevent, detect and disarm any threat actor activity
The recommendations are given by our leading cyber security experts and will be based on knowledge gathered during threat-hunting, by continuously monitoring the environment and lessons learned from active investigations.