Managed Detection & Response Services

The likelihood of an organisation experiencing some form of data breach continues to grow on a daily basis.

With an increasing number of interconnected devices, and through more sophisticated spear phishing campaigns, threat actors have a much larger attack surface to pursue.

Looking for cyber incident response services?

The days of installing a logging or SIEM appliance in a rack are long gone. Unless an organisation is using threat analytics, combined with network anomaly detection and end point monitoring, it is likely that they will only have visibility of a small subset of the potential threat landscape. In addition, the monitoring of log, network and end-point devices is neither a trivial or part time requirement. It needs to be delivered around the clock, and be a full time role if it is really going to help an organisation manage its risk profile.

Through Nettitude’s dedicated Security Operations Centre (SOC) and through our Cyber Incident Response Team (N-CIRT) we are able to provide round the clock, managed detection and response services to our clients.

We are able to deliver the following services:

Map out an organisations attack surface, including people, process and technology

Determine strategic vantage points for capturing network traffic

Determine log collection strategy, and event correlation approach

Conduct a business intelligence workshop to determine key assets and their placement

Determine baselines for normal activity

Determine key points for the deployment of honey traps

Define incident handling procedures

Once these elements have been identified, Nettitude can build a managed incident detection and response plan that is uniquely tailored to each of our client’s requirements.

What are the benefits of using a managed service for incident detection and response?

Many organisations have historically signed retainers for incident response services. Although this may have value, it does leave the onus of detection with the end-client. Detecting a sophisticated threat actor that has compromised your environment is no trivial task. It requires significant amounts of data and devices to be monitored and it will almost certainly require an organisation to have a detection strategy, as opposed to conducting piecemeal detection across ad-hoc devices.

Once devices and resources are configured to generate logs and alert based upon anomalies, it requires some form of human intervention. To deliver real value, it requires a team of dedicated analysts that are highly skilled at identifying attacks. This team will be faced with significant amounts of data that needs to be mined and consequently they will effectively be tasked with looking for ‘needles within multiple haystacks’.

This requires skills, it requires expertise and it requires tenacity. Through continued training and development all of our detection and response analysts are able to deliver these types of services around the clock.

Nettitude’s SOC and CIRT have extensive skills and experience in detecting sophisticated attacks. Our award winning penetration testing practice delivers monthly red teaming exercises against our SOC and CIRT to enhance its detection and response capabilities. This means that we are constantly able to stay abreast of emerging threats and attacks vectors.

Why use a managed detection and response service?

•  Nettitude has developed significant capability in identifying sophisticated threat actors and advanced cyber attacks
•  Our red team is constantly training and developing our blue team (SOC and CIRT services)
•  Our services provide increased assurance compared to point solutions of logging or SIEM.
•  Logs, alerts and anomalies are responded to within defined SLAs
•  We provide you with monthly intelligence around the detection and response to cyber attacks
•  We are able to offer a managed service at a greatly reduced cost compared to delivering an equivalent solution in house

ROI calculator

Nettitude’s managed detection and response service delivers much stronger return on investment when compared to traditional in-house solutions.

To deliver a round the clock service in house, organisations would typically be tasked with sourcing the following:

• Network intrusion detection appliances
• Anomaly detection appliances
• SIEM and logging appliances
• File Integrity Monitoring (FIM) and end-point device monitoring
• Threat intelligence feeds
• 24×7 capability, requiring five members of staff working on rotation, to cover 24 hours per day, seven days per week

An in-house team that delivers this levels of service typically costs in excess of $400,000 per year.

Intelligent Cyber Security and Risk Management   0345 5200 085