Advanced Threat Detection

Remote Remote detection and response of threats within the shortest possible time.

  • EDR Technology (Endpoint Detection & Response)
  • Identification and rapid response of attacks
  • Extraction of complete forensic data
  • Additional layer of protection against threats 24/7
  • NTA tools for detect anomalies in network traffic
  • Deception & Counter-Intelligence Services
  • UEBA (User Entity Behaviour Analysis)

What can we do for your cyber security?

Remote removal of threats in the shortest possible time

The nature of advanced threats requires enterprises to reevaluate their cyber security approach, placing more focus on early identification of attacks and rapid response.

It is vital to get a clear understanding of the low-level activity occurring within both our EndPoints and networks in order to enhance automated threat prevention and blocking, whilst identifying evidence of intrusion and boosting rapid incident response.

Advanced Threat Detection allows to starts the containment and eradication of contextual data.


Evaluate the main EDR, NTA, UEBA and Deception & Counter Intelligence technologies to understand main differentiating features, strengths and weaknesses, and provide clients with a technology that best fits their needs.

EndPoint Detection & Response (EDR)

This is where the organization’s most sensitive information is stored, and it is also the weakest link that allows attackers to gain a foothold in a victim’s network. Endpoints are easily exploitable (email, web, programmes, USB stick, local network, etc.), and they are outside the control of a company’s IT team (employee mobility, connections to unreliable networks, personal use, BYOD, etc.).

Most companies still rely on traditional antivirus software to protect their EndPoints, but these systems cannot keep up with the complex scenario of sophisticated attacks that have evolved into what we face today.

This is where the new generation of EndPoint Protection comes in, known as EDR solutions.

EDR technology (Endpoint Detection & Response) provides:

  • Complete visibility
    Visibility of EndPoint and network activity, including processes, services, memory, registry, and files, etc.
  • Advanced pre-execution and post-execution detection
    Capabilities for unknown malware and exploits based on behavioral analysis, machine learning, latest IoCs and advanced sandboxing.
  • Extraction of complete forensic data
    Ability to analyse incidents, including manual and automatic response actions (endpoint isolation, killing processes/services, extracting a file or memory from the EndPoint, patching programmes, etc.).
  • A Additional layer of protection against threats for our clients
    We offer advanced EDR managed services by leveraging our expert SOC teams, specialized in threat intel and advanced malware analysis.
  • Contextualization of comprehensive threat investigations
    clients can benefit from threat investigations and recommendations to implement the necessary countermeasures in order to contain, resolve and rapidly recover from any threats.

Target group

  • For organizations that already have an EDR and want to take this a step further.
  • For organizations that cannot viably use the EDR approach, we offer NTA tools as a complementary or alternative solution.

NTA solutions collect and analyse network packets in real-time, in order to detect anomalies in network traffic and connections. They leverage sandbox techniques, behaviour analysis, signature databases and IoCs correlation. Their ability to record and retrieve network traffic history enables advanced retro-hunting of new threats, as well as in-depth investigations and advanced forensic analysis.

Along with our partners we provide our clients with the best-in-class NTA solutions and managed services on top. Those clients with sufficient capabilities to internally manage these solutions will benefit from ElevenPaths’s MDR Lab and bespoke consulting services to select the best fit for their needs. On the other hand, clients who wish to outsource NTA deployment, implementation and exploitation will find a full offering within our MDR portfolio.

Increasing sophistication of cyber threats means that traditional Security Solutions don’t detect threats and APT's quick enough, mostly because they are based on signatures and rules, while UEBA is a self-learning, entity based solution with algorithms (Machine learning, Bayesian inference, Graph Algorithms).

UEBA look for deviations from normal patterns of behavior over a long period of historical baselines. UEBA uses entities like Devices, Apps, Servers, Users, IP Addresses in order to model the behavior and relationships among them.

ElevenPaths offers companies looking to expand their “Detection” & “Hunting Capabilities” with:

  • MDR LAB: Consulting service to asset and evaluate UEBA technologies to identify their strengths and weaknesses to ultimately provide a clear and agnostic view of the UEBA market.
  • Consultancy Services: Deployment and fine tuning.
  • Managed UEBA as a service within our MDR service.

UEBA helps defend against:

  • Account compromise.
  • Insider threats.
  • Brute force attacks.
  • External attacks & lateral movements.
  • Detect changes in permissions and creation of super users.

Proactive deception and counterintelligence capabilities enable organizations to deploy authentic—but fake—assets across their networks in a synthetic environment. Our deception service creates a highly credible environment that mimics the organization’s existing network, systems, and naming conventions. External adversaries and malicious insiders cannot tell the difference between real and false data. When they engage with false information, fake systems, and decoy identities, they trigger immediate, genuine alerts.

Cyber Deception services monitor the threat activity and correlate the data in real time with known IOCs and TTPs. This enables security and threat hunting teams to observe, analyze, and stop attackers.

Our Deception & Counterintelligence service offers:

  • Cost-effective, proactive defense with the design, deployment, monitoring, analysis, and maintenance of deception operations.
  • Protection from external and insider threats.
  • Interoperability and integration with organizations’ existing systems without any modification or disruption.
  • Control over response, including the data to stop an attacker, gather additional intelligence, or integrate data into the client’s security ecosystem.
  • Detailed, documented telemetry data with intuitive reports for compliance purposes.
  • MITRE ATT&CK Matrix Mapping, to identify and tag malicious activity against known IOCs & TTPs.

ElevenPaths trust in CounterCraft to offer Deception and Counter-Intelligence services

Cyber Deception and Counterintelligence enable proactive and earlier threat detection, enhanced threat hunting and attack investigation, and highly personalized threat intelligence with real-time active response and zero false positives.



Threat Intelligence Services

Transforming data into business-relevant information.

4 services


Digital Forensics & Incident Response

Personalized analysis, follow-up and generation of specialized reports from our SOCs 24/7.

3 services