Managed Detection & Response
Remote removal of threats in the shortest possible time
The nature of advanced threats requires enterprises to reevaluate their cybersecurity approach, placing more focus on early identification of attacks and rapid response. It is vital to get a clear understanding of the low-level activity occurring within both our endpoints and networks in order to enhance automated threat prevention and blocking, whilst identifying evidence of intrusion and boosting rapid incident response through the analysis of rich contextual data and remote containment and eradication.
There is no better starting point than the endpoint to solve the gaps in visibility that most existing SOCs have. This is where the organization’s most sensitive information is stored, and it is also the weakest link that allows attackers to gain a foothold in a victim’s network. Endpoints are easily exploitable (email, web, programs, USB stick, local network, etc.), and they are outside the control of a company’s IT team (employee mobility, connections to unreliable networks, personal use, BYOD, etc.).
Currently, most companies still rely on traditional antivirus software to protect their endpoints, but these systems cannot keep up with the complex scenario of sophisticated attacks that have evolved into what we face today. This is where the new generation of endpoint protection comes in, known as EDR solutions.
EDR technology (Endpoint Detection & Response) provides:
- Complete visibility
Visibility of endpoint and network activity, including processes, services, memory, registry, and files etc.
- Advanced pre-execution and post-execution detection
Capabilities for unknown malware and exploits based on behavioral analysis, machine learning, latest IoCs and advanced sandboxing.
- Extraction of complete forensic data
Ability to analyze incidents, including manual and automatic response actions (endpoint isolation, killing processes/services, extracting a file or memory from the endpoint, patching programs, etc.).
- A Additional layer of protection against threats for our customers
We offer advanced EDR managed services by leveraging our expert SOC teams, specialized in threat intel and advanced malware analysis.
- Contextualization of comprehensive threat investigations
Customers can benefit from threat investigations and recommendations to implement the necessary countermeasures in order to contain, resolve and rapidly recover from any threats.
- For organizations that already have an EDR and want to take this a step further.
- For organizations that cannot viably use the EDR approach, we offer NTA tools as a complementary or alternative solution.
NTA solutions collect and analyze network packets in real-time, in order to detect anomalies in network traffic and connections. They leverage sandbox techniques, behaviour analysis, signature databases and IoCs correlation. Their ability to record and retrieve network traffic history enables advanced retro-hunting of new threats, as well as in-depth investigations and advanced forensic analysis.
Along with our partners we provide our customers with the best-in-class NTA solutions and managed services on top. Those customers with sufficient capabilities to internally manage these solutions will benefit from ElevenPaths’s MDR Lab and bespoke consulting services to select the best fit for their needs. On the other hand, customers who wish to outsource NTA deployment, implementation and exploitation will find a full offering within our MDR portfolio.
What if our infrastructure were set up with false systems containing apparently critical information in order to lure attackers into setting off a silent alarm? This is a new method of detecting attacks. With our start-up CounterCraft at ElevenPaths we design, deploy and manage highly-convincing synthetic environments for a unique protection against advanced and targeted attacks.