Managed Detection and Response from NCC Group · to your systems. MDR provides a cost-effective solution to the cyber security skills gap – with a team of external specialists filling

On the front foot of cyber securityManaged Detection and Response from NCC Group

www.nccgroup.trust/uk/mdr

02

Hunt. Detect. Respond.In the modern world, there’s a greater threat landscape than ever before. And with threat actors becoming more skilled, the time it takes for new attack methods to filter down through the ranks (from nation state adversaries to script kiddies) is faster than ever.

This means traditional defences are no longer enough. If your first line of defence is your only line of defence, you’re in trouble. Managed Detection and Response (MDR) is a specialist security solution that combines multiple services to keep your systems and critical data safe from attack.

At NCC Group, we’re threat hunters at heart; led by humans, not technology. Our experts understand how successful compromises are conducted by all kinds of threat actors, from the highest to the lowest levels of experience. They’re experts in every aspect of MDR, from threat intelligence right through to initial response – having created three solid foundations of defence in one dynamic service.

Our MDR service combines an important human-led approach to hunt, detect and respond to threats affecting modern businesses. Through intelligence, monitoring and response, it ensures your business is always on the front foot when it comes to protecting and defending your networks and systems.

Threat intelligence

24/7 monitoring

Incident response

Plus our detection and response capability is world class.

So from prediction to protection, we’re able to rapidly detect threats – with 95% of detected cyber threats resolved within two hours.

35%+of threats detected come directly from our own threat intelligence

1,000+cyber security experts with decades of cyber security experience to uncover your infrastructure weaknesses before cyber criminals do

95%of detected cyber threats resolved within two hours

NCC Group by the numbers

03

We’re specialists in hunting threats. We utilise findings from across the global group to understand and monitor the latest tactics, techniques and procedures (TTPs) commonly used by threat actors.

If an attacker manages to compromise a system, we want to know how and why to create a persona of the threat. By combining automated threat intelligence with input from our expert cyber security consultants, we spot patterns of unusual behaviour to investigate further – after all, technology is important, but a human experienced eye is necessary to see patterns that machines simply can’t.

Once a pattern is identified, we plug into elements of artificial intelligence to help pick out these patterns in wider material. 35% of threats that NCC Group identify come from intelligence garnered by our security analysts.

01

Spotting threats early

Threat Intelligence

04

We were supporting a large insurance and pension fund who realised the need for a pro-active review of their defence posture.

Our threat intelligence monitoring repeatedly found evidence of newly registered typo squat domains indicating phishing campaigns were being set up to target the clients customers. With our help, the client was able to warn its customers and take down the domains. These pro-active measures mitigated the threat before customers were impacted.

24/7 analysis and investigationDedicated cyber security analysts spot threats early from our global Security Operations Centres

1,400 alerts managed every day 250 enterprise businesses trust us to detect, monitor and respond

75 security operation centre analystsactively hunt for new and emerging threats. Expertise across threat intelligence, malware reverse engineering, bug bounty hunting, penetration testing and vulnerability scanning services

Intelligence

75

05

Spotting threats:A case in point

02

Alert and ready for action

24/7 Monitoring

Our experts constantly refine the detection engine using our threat intelligence knowledge to triage alerts and filter out false positives. You’ll get a tailored view of your threat landscape, enhancing remediation and improved escalation of threats as a result.

We offer a consistent level of care, with our SOC analysts rapidly responding to all incidents affecting our clients within 15 minutes of the highest severity attacks. Clients are then alerted in the event of a true positive: a genuine and actionable threat.

They’re able to investigate incidents and offer remediation and root cause analysis, often avoiding the need for on-site and costly incident response investigations.

06

24/7 monitoringYou’re better equipped to deal with the advancement of cyber-attacks and cyber incidents

75 security operation centre analysts work as an extension of your team providing the extra support and peace of mind

Monitoring

07

During monitoring, our Security Operations Centre analysts identified command and control behaviour within a client’s network - an indicator of threat actor activity. Examination of the network traffic identified a compromised host, and a pivot using endpoint detection technology uncovered the entire attacker foothold. Analysts worked with the client to remove all trace of the threat and reverse engineered the attack techniques, fuelling the creation of new detection logic to enhance future threat intelligence capabilities.

Ready for action:A case in point

75

03

Threat response.Breach investigation.

Incident Response

Our local Incident Response team are on hand to react to and investigate any threat. Whether remotely, or via boots on the ground, we’ll explore and mitigate any breach of your system, all while preserving the right evidence for the appropriate follow up.

With one of the largest incident response teams in the world, we’re equipped to reduce the likelihood of a breach becoming a greater problem than it ought to be. Our experts have the experience and technical capability to deal with any incident, from attacks that are state sponsored attacks through to those less sophisticated but which still bypass traditional network defences.

Any information our incident response teams find when investigating a breach will then be fed right back to our security consultants, who log the intelligence and utilise the findings to prevent similar breaches in future. It provides a continuous cycle of intelligence that helps to combat even the most up-to-date methods of attack.

08

An extra £150,000 per yearin electrical power consumption was avoided by responding to a malware infection on an estate of 10,000 systems

From £15,000 to £3m+ We help customers spot and respond to financial fraud behaviours in transactions of all sizes

Europe, Australia and the USWe’re trusted to maintain public services by leading infrastructure organisations across the globe, when caught by cyber attack

Response

09

£We responded to a large enterprise who had identified malware on their systems. We rapidly identified a significant infection from a strain of malware. Through rapid response, we traced the infection to a supplier and stopped it from spreading. During the response and investigation stage we identified three separate, overlapping infections of advanced malware that were leveraging the supplier’s resources as stepping stones to pivot into customer networks. Our engagement saw both customer and supplier gain visibility of the infection and create a clear path of remediation to cleanse their systems.

Threat response:A case in point

Three lines of defence. One dedicated partner.

We deal with initial threats within 15 minutes, with 95% of detected cyber threats resolved within two hours.

Three lines of defence

It’s more important than ever to ensure you have an expert team on hand to combat any threats to your systems. MDR provides a cost-effective solution to the cyber security skills gap – with a team of external specialists filling the need for a niche team that are often expensive and hard to find.

As your trusted partner providing Managed Detection and Response, you’ll gain:

Confidence in running your business operations – With three lines of defence keeping you on the front foot when it comes to your cyber security.

More time and money for other priorities – MDR offers an affordable alternative to a costly and time consuming in-house solution.

Confidence and peace of mind – Knowing you have a dedicated team supporting you, you can concentrate on other priorities.

Real people helping you – Threat actors are human, just like us. Our cyber security consultants think like they do, utilising their knowledge of how they get in to pre-empt potential attacks.

Experts always by your side – With our global Security Operation Centres, our cyber security analysts monitor and respond to threats. We deal with initial threats within 15 minutes, with 95% of detected cyber threats resolved within two hours.

10

11

Ready for the next step?If you want to get on the front foot with your cyber security, speak to us. Call us on +44 (0)161 826 9779 for an initial conversation or visit www.nccgroup.trust/uk/mdr

About NCC Group

In today’s threat landscape, getting a clear picture of the risks your organisation and customers are exposed to is more important than ever. Understanding the impact and how you can make your organisation more resilient is key to protecting brand, reputation and sensitive customer information. NCC Group is a global expert in cyber security and risk mitigation, working with organisations the world over to protect their businesses against the ever-evolving threat landscape. Through an unrivalled suite of services, we provide companies with confidence that their most important assets are protected, available and operating as they should be at all times.

Headquartered in Manchester, UK, with over 34 offices across the world, NCC Group employs more than 1,800 people and is a trusted advisor to 15,000 clients worldwide.

www.nccgroup.trust