- Memory and Disk acquisition – perform memory and disk acquisition based on best practices in a manner that does not tamper with the data or the proof of authenticity;
- Timeline buildup – create a timeline of the events that happened on the system/environment as to provide a clear picture of the incident from start to end, thus setting up the stage of understanding the chain of events and next action items as to avoid future, similar incidents;
- Log Analysis – perform log analysis in order to identify initial infection method, intrusion vector, persistence mechanisms, indicators of compromise and any other intelligence data point that can be leveraged either in court or for lessons learned.
- Network Traffic Analysis – perform analysis as to understand the data that was exfiltrated and extract indicators that can help in identifying the full extent of a compromise.
- Perform scenario-based threat hunting exercises that can unravel unknown infections, weak points in the network or simple exploitation models that have not been considered in the current security architecture;
- Reconaissance – build up reports based of OSINT and present the current threat landscape with a focus on industry/vertical specifics;
- Threat Intelligence – provide and extract IOCs either from past incidents or from OSINT data as to allow for easier identification of potential similar threats.
- Threat Modelling – create threat models for products and for procedures as to identify weak points and potential ways of compromise;
- Incident Response – assist in Incident Response efforts inside the company.
- Best-practices – share knowledge regarding industry best-practices when choosing and implementing a SIEM;
- Implementation – assist in the SIEM onboarding efforts;
- Architecture/Design – assist in the SIEM implementation phase from the early stages – architecture and design;
- Evaluation – evaluate that the current SIEM is performing as expected, that it is providing the data sets that it should be and that it is worth the money/effort spent on it; this includes Correlation Search build up/evaluation and update, where necessary;
- Log Validation – evaluate and confirm that logs are flowing in the expected manner, that the current load is in the expected levels and assist in creating rules/changes that can make your SIEM the swiss-army knife it should be;
- CIM Compliance – Verify that the current sourcetypes are following the CIM Compliance model and assist in the efforts that raise from trying to reach higher levels of compliance, that ultimately can lead to cost savings and more efficient tools at the disposal of your teams;
- SOC Infrastructure – assist in the efforts to create a SOC, provide industry best-practice solutions for starting up a SOC;
- Scripting – a SOC cannot survive in an efficient manner without scripting; based on this idea – we provide scripting services that can assist in building up several tools that can help your analysts in their day-to-day, but also in critical moments where time is of the essence;
- Automation and Integration – assist in the efforts to build automation for your SOC; with automation the SOC can have the time needed for training, keep up with latest industry trend, perform other activities such as threat hunting and discover unknown attacks;
- Internal and external – perform penetration testing exercises both inside and outside of the network to ensure a higher security posture;
- Web Application Testing – perform standard penetration tests against web applications built in-house;
- Vulnerability Scanning: perform vulnerability scan exercises as to identify key crucial points that can significantly improve the overall security posture with limited effort;
- Malware Analysis: perform analysis on samples as to extract IOCs that can then be leveraged to identify the full extent of a compromise and be able to protect against similar future attacks;
- Policy write-up, updating, evaluation: policy services refer to providing industry standard documents that apply to your environment and that represent the founding stone of a good security program;
- Procedure write-up, updating, evaluation – procedures dictate the way the work is done on the operational level and that’s why it is crucial that all the activities are documented in a proper manner; not having procedures or not having them updated can represent a significant issue especially in the moment when new analysts are onboarded;
- Security Training – provide security training to future SOC members as to ensure that your new analysts are capable to handle the large majority of events that are reaching their queue; this kind of training can make the difference between an incident raised from a incorrectly triaged event and the normal operational flow of your enterprise;
- Security Awareness Trainings – create a platform that provides the best tools for your users to protect your enterprise – bring up the most common attack methods and how they can protect themselves so that they can protect you;
- System Hardening Assessment against CIS Benchmarks;
- Physical Security – Evaluate and implement the needs of security controls – videocameras/card readers/etc.