Managed Detection & Response

 

Remote removal of threats in the shortest possible time

The nature of advanced threats requires enterprises to reevaluate their cybersecurity approach, placing more focus on early identification of attacks and rapid response. It is vital to get a clear understanding of the low-level activity occurring within both our endpoints and networks in order to enhance automated threat prevention and blocking, whilst identifying evidence of intrusion and boosting rapid incident response through the analysis of rich contextual data and remote containment and eradication.


ElevenPaths’ MDR Lab (Managed Detection & Response) has evaluated the main EDR (Endpoint Detection & Response), NTA (Network Traffic Analysis) and Deception & Counter Intelligence technologies to understand main differentiating features, strengths and weaknesses, and provide customers with a technology that best fits their needs.

There is no better starting point than the endpoint to solve the gaps in visibility that most existing SOCs have. This is where the organization’s most sensitive information is stored, and it is also the weakest link that allows attackers to gain a foothold in a victim’s network. Endpoints are easily exploitable (email, web, programs, USB stick, local network, etc.), and they are outside the control of a company’s IT team (employee mobility, connections to unreliable networks, personal use, BYOD, etc.).

Currently, most companies still rely on traditional antivirus software to protect their endpoints, but these systems cannot keep up with the complex scenario of sophisticated attacks that have evolved into what we face today. This is where the new generation of endpoint protection comes in, known as EDR solutions.

EDR technology (Endpoint Detection & Response) provides:

  • Complete visibility
    Visibility of endpoint and network activity, including processes, services, memory, registry, and files etc.
  • Advanced pre-execution and post-execution detection
    Capabilities for unknown malware and exploits based on behavioral analysis, machine learning, latest IoCs and advanced sandboxing.
  • Extraction of complete forensic data
    Ability to analyze incidents, including manual and automatic response actions (endpoint isolation, killing processes/services, extracting a file or memory from the endpoint, patching programs, etc.).
  • A Additional layer of protection against threats for our customers
    We offer advanced EDR managed services by leveraging our expert SOC teams, specialized in threat intel and advanced malware analysis.
  • Contextualization of comprehensive threat investigations
    Customers can benefit from threat investigations and recommendations to implement the necessary countermeasures in order to contain, resolve and rapidly recover from any threats.

Target group

  • For organizations that already have an EDR and want to take this a step further.
  • For organizations that cannot viably use the EDR approach, we offer NTA tools as a complementary or alternative solution.

NTA solutions collect and analyze network packets in real-time, in order to detect anomalies in network traffic and connections. They leverage sandbox techniques, behaviour analysis, signature databases and IoCs correlation. Their ability to record and retrieve network traffic history enables advanced retro-hunting of new threats, as well as in-depth investigations and advanced forensic analysis.

Along with our partners we provide our customers with the best-in-class NTA solutions and managed services on top. Those customers with sufficient capabilities to internally manage these solutions will benefit from ElevenPaths’s MDR Lab and bespoke consulting services to select the best fit for their needs. On the other hand, customers who wish to outsource NTA deployment, implementation and exploitation will find a full offering within our MDR portfolio.

Organizations must assume that attackers will breach their defenses—or are already in their networks. Once in, they conduct reconnaissance and steadily move towards valuable organizational assets. Undetected, they operate as long as necessary to achieve their goals.

Proactive deception and counterintelligence capabilities enable organizations to deploy authentic—but fake—assets across their networks in a synthetic environment. Our deception service creates a highly credible environment that mimics the organization’s existing network, systems, and naming conventions. External adversaries and malicious insiders cannot tell the difference between real and false data. When they engage with false information, fake systems, and decoy identities, they trigger immediate, genuine alerts.

Cyber Deception services monitor the threat activity and correlate the data in real time with known IOCs and TTPs. This enables security and threat hunting teams to observe, analyze, and stop attackers.

Our Deception & Counterintelligence service offers:

  • Cost-effective, proactive defense with the design, deployment, monitoring, analysis, and maintenance of deception operations.
  • Protection from external and insider threats
  • Real-time monitoring, analysis, and alerting down to the operating system level
  • Control over response, including the data to stop an attacker, gather additional intelligence, or integrate data into the client’s security ecosystem
  • Detailed, documented telemetry data with intuitive reports for compliance purposes
  • MITRE ATT&CK Matrix Mapping, to identify and tag malicious activity against known IOCs & TTPs.
  • Interoperability and integration with organizations’ existing systems without any modification or disruption

Through our partner CounterCraft, ElevenPaths provides an innovative Cyber Deception and Counterintelligence platform that gives organizations a significant cyber advantage. Cyber Deception and Counterintelligence enable proactive threat detection, threat hunting and personalized threat intelligence with real-time active response and zero false positives.