Endpoint Threat Detection

The Endpoint Threat Detection is a service designed to identify threats bypassing the preventive security controls. The service detects malware and toolkits used by advaned threat actors, that has not been removed by the existing anti-virus, investigates how it has entered the systems and how long it has been active. Secu relies on Netwitness Endpoint from RSA for this service. Our service will reduce the time it takes to detect and remediate compromised machines.

We do not recommend delivering this purely as a product, as very few organizations have the necessary focus to keep getting value from the solution following the initial deployment.

We offer the following deliverables within this service:

  • Managed Services: fully managed threat detection service
  • Solutions: best of breed products integrated to for your demands

 

Services

Hotline

When things get complicated, we will support you and provide direct access to the vendor support.

Hotline is available via email, phone and the customer portal.

Response time is defined by the SLA you attach to the agreement:

  • 8 x 5 x 4
  • 24 x 7 x 4

Professional

Analysis & Design
Years of experiences reviewing existing infrastructures and providing an optimized network design.

Implement & Configure
If you buy the solution, we can do more than a simple Rack & Stack. We will support throughout the deployment and deliver a detailed set of system documentation.

Deployments are always performed by combining best practices from the vendor with our own experiences. Typically we can estimate deployments beforehand and are delivered using fixed pricing.

We have the following deployment options available:

  • Small: 15 hours
  • Medium: 50 hours
  • Large: 100 hours

Managed

Managed Threat Detection
No hardware or software needed. Simply deploy the agent and obtain immediate threat detection capabilities. We deliver managed services either on-presmises or deliveres as a cloud service.

Key Benefits:

  • Discover the systems that are compromised, and why
  • Increased visibility of endpoint activity
  • Fast and reliable analysis
  • Reduced incident investigation time
  • Scans automatically when unknown files load
     

Key Features:

  • Unique signature-less approach
  • Uncover the full extent of a compromise
  • Monitoring and alerts in real-time
  • Identifiy unknown malware and compromises that other solutions miss
     

Technical capabilities:

  • Rapidly score and flag suspicious endpoint activity and behavior for further investigation. Utilizing an intelligent risk scoring algorithm that combines advanced machine-learning techniques with a wide array of behavioral indicators of attack for malware, live memory attacks and exploits, PowerShell and “file-less” attacks, and even user-initiated suspicious behaviors along with aggregated threat intelligence
  • Drastically reduce incident white noise by comparing the current endpoint to a defined “gold image” and leveraging powerful aggregated reputation and whitelisting capabilities delivered by Reversing Labs.
  • Conduct multiple checks of file legitimacy to determine if a file is malicious, including checking file certificates and hashes as well as employing OPSWAT Metascan to scan against multiple antivirus and antimalware engines.
  • Provide aggregated intelligence from the security experts at RSA Research and other trusted intelligence sources to help security teams understand and investigate more efficiently
  • Leverage RSA Live Connect for crowdsourced, RSA-community-based threat intelligence and hash reputation from peers to aid security analysts in identifying and responding to threats more efficiently.
    • Retrieve copies of executable files from the endpoint – both automatically and on an ad hoc basis – for additional analysis.
  • Easily incorporate YARA rules, import STIX data, create RSA NetWitness Endpoint rules, and permit security analysts to customize any of the 300+ behavioral indicators provided by RSA out-of-the-box to deliver the most customizable experience.
  • Easily pivot back and forth with RSA NetWitness Logs and Packets to empower security analysts to dive deeper into all data sources across endpoints, networks, and the cloud and, ultimately, better understand the full scope of an attack.
     

Service capabilities:

  • Detailed incident report including a forensic analysis
  • Monthly reporting
  • Email alerting
  • Customer portal access
     

On-Prem RSA Netwitness Endpoint:

Same as above.

Technologies

RSA

RSA NetWitness Endpoint is an endpoint detection and response solution that employs a combination of live memory analysis, continuous behavioral monitoring, and advanced machine learning to detect known, new, unknown, and non-malware threats that other solutions miss entirely.

RSA NetWitness Endpoint helps focus investigations amid thousands of alerts and offers 3X the impact for security teams by considerably reducing attacker dwelltime and accelerating threat response.

SentinelOne

SentinelOne is the only platform that defends every endpoint against every type of attack, at every stage in the threat lifecycle. Cloud based with low TCO, restore your endpoint within seconds if infected by ransomware. 

SentinelOne Deep Visibility extends the SentinelOne Endpoint Protection Platform (EPP) to provide full visibility into endpoint data. It’s patented kernel-based monitoring allows a near real-time search across endpoints for all indicators of compromise (IOC) to empower security teams to augment real-time threat detection capabilities with a powerful tool that enables threat hunting. 

SentinelOne Ransomware Protection – Guaranteed. SentinelOne believes that your next-generation endpoint protection solution should give you complete confidence that your sensitive data is protected against ransomware and other sophisticated attacks.


Watch a demo showing Fortinet integration with SentinelOne and how to share threat information here.

Gain more knowledge about SentinelOne in their datasheets here.