Datasheet Cyber Operations & Intelligence (COI) Our MSS Offering The cornerstone of Encode’s Managed Security Service (MSS) is our Cyber Operations & Intelligence (COI) services consisting of the following service modules: 24x7 Real Time Threat Management (RTTM) This our core Security Intelligence driven Security Incident and Event Management (SIEM) solution- configured with Encodes 14 years of Red Team offensive cyber expertise. Our SIEM capability is delivered with Encode’s OEM version of IBM QRadar, Enorasys SIEM - rated in the top-most Gartner quadrant for being the best and most advanced SIEM technology. 24 x7 Cyber Security Analytics (CSA) This is a highly advanced Data Analytics capability calibrated to detect Cyber Attack Logic behavior for which there is no known attack signatures – i.e. the attack and exploit vectors are unique to the target. This capability is delivered with our Enorasys Security Analytics technology product – engineered to detect previously unknown combinations of attack and exploit vectors. Incident Response Orchestration The ability to respond rapidly in a controlled, targeted manner is essential to combat a breach before it can progress to inflict significant damage. Having real-time visibility of a single (or multiple) breach event, technical footprint and event management are key to successful breach defense. Our Enorasys SOCstreams technology product provides an automated and/or guided response capability as well as a user-friendly event status console- a single view of all events. Advanced Targeted Response (ATR) Through the Incident Response Orchestration Service module, our Cyber-SOC team can deploy an Endpoint Visibility and Control (EVC) sensor to a targeted endpoint in order to increase situational awareness in the event of a suspected breach. Also, for any event, using pre-deployed Network Activity Visibility (NAV) sensors, on-demand activation and acquisition of network session recordings can be made. This enables us to initiate (through ATR EVC sensors or other network security gateways) endpoint isolation from the network or blocking of offending IPs/Domains.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.