INCIDENT RESPONSE
Stay one step ahead of cyber criminals with real-time threat detection and rapid Incident Response.
THE RACE AGAINST TIME TO CONTAIN THE INCIDENT
Whether its ransomware encrypting your data, info-stealing malware in your network or data breaches containing sensitive data, you need to receive the precise details of the attack to be able to take the right course of action. The clock is ticking and you need to contain the threat, scope the incident, assess the damage and remediate. It’s a race to get back to business as quickly as possible. You need dedicated help that provides you with speedy answers and also ensures that your systems will be kept secure after the incident.
INCIDENT RESPONSE THAT COMBINES EXPERIENCE AND DEDICATED TECHNOLOGY
Stealth-ISS Incident Response (IR) service combines deep security analysis experience together with world-class proprietary investigative and security technology. The combination first and foremost means that you achieve the fastest and most accurate results. Stealth-ISS proactive 24/7 security team acts as your extended team, leading any required analysis, ensuring that nothing is overlooked and generating the results you need. Moreover, you can decide to keep our service installed post-resolution to protect your systems against future attacks.
KEY BENEFITS
Best of Breed IR Tech
Stealth-ISS SOCaaS’s proprietary IR tech means that we look at alerts and information coming from all endpoints, users, and networks. This gives us the necessary visibility for IR and since every thing is automated – to get to it quickly.
IR Setup That's Fast and Scalable
No need to involve open source or manual tools. Our tech is easy to deploy, allowing for speed and scale across endpoints.
IR That's Transparent
You get a dedicated IR project manager and point of contact, keeping you in touch at least daily and typically every few hours.
Reports That You Need
Ranging from executive summaries to detailed loCs that can be exported to CSV for consump tion by other systems, or to manually update systems across the environment.
Security Post-Resolution
At the end of the IR process. you have the option to keep Stealth-ISS SOCaaS 360 to secure your systems against future breaches.
THE STEALTH-ISS
SOCaaS METHODOLOGY
Triage
Deployment
Policies Creation
Mitigation
Reporting
Triage
Human interaction is key and our first step sets the groundwork for engagement. Each company has a different background and needs so we first clearly define expectations, process stakeholders, known incident details and IT systems. Stealth-ISS SOCaaS then builds and shares the IR setup and game plan details. While this is the initial step, it follows us throughout the whole process, collaborating with your team, as well as any required third party, in order to reach an effective, transparent, and speedy resolution.
Deployment
To get accurate results, the Stealth-ISS SOCaaS 360 Autonomous Breach Detection Platform is deployed on your endpoints. This is a lightweight XOR agent that seamlessly integrates Next-Generation AV (NGAV), Endpoint Detection and Response (EDR), User Behavioral Analytics Rules (UBA Rules), Network Detection and Response (NOR) and Deception. Stealth-ISS SOCaaS deploys up to 5000 endpoints in less than an hour.
Policy Creation
Stealth-ISS SOCaaS investigators create a customized policy within the Stealth-ISS SOCaaS platform, beyond the provided alerts and remediation on hosts, files, users and network. This customized detection and remediation are based on the information gathered in triage and data gathered in the initial deployment and deployed across the IT environment. For instance, the Stealth-ISS SOCaaS team may find it relevant to alert a suspicious port to a malicious IP or on a malicious file based on its file properties.
Recommendations and Mitigation
Based on the Indicators of Attack (IOAs), Stealth-ISS SOCaaS provides recommendations and mitigations on the endpoint, as well as across the IT and security environment. For instance, Stealth-ISS SOCaaS may block traffic to/from a revealed malicious IP. Revealed malicious IPs can also be fed to other systems such as to your third party firewall. Other mitigations may include isolating the machine from the network or disabling a user.
Summary and Malware Analysis Reports
We provide you with all the reports you need, including an executive-level summary report with an overview of any malware analysis performed. Companies typically serve this report to their C-board and legal teams and some companies further share this report with their cyber-insurance company. Stealth-ISS SOCaaS provides additional, detailed technical reports that your security and IT teams can use to bolster your company’s protections.