Security Analytics& Response Orchestration

Industry News:

Cyber Ops & Intelligence

Encode’s Cyber Operations and Intelligence services are designed around the assumption that the IT environment will eventually be compromised and focuses on providing early warning and targeted incident response. Our Cyber Operations and Intelligence services have been developed to be able to detect and offer timely response to attacks and security breaches against mission-critical and Internet-facing systems and ICT infrastructures from any type of adversary.

Contact Encode

Solutions	APT / Targeted Attacks Insider Threat Critical Services Protection Partner / Supply Chain Control Secure Cloud

Use Cases	Client-side Attacks Advanced Malware Network / Application Attacks Access Escalation Lateral Data Leakage / Exfiltration Unauthorized Resource Access / Use Policy Violations
Managed Security Services	Proactive Hunting & Targeted Response 24/7 Security Monitoring & Operations
Cyber SOC Platform & Operations	Security Architecs Threat Labs CIRT Cyber SOC Operations Cyber-born Early Warning And Containment System
Visibility	Specialised Sensors / Probes Existing Security Controls & IT Systems

This is accomplished by a combination of Encode’s state of the art Cyber-born Early Warning and Containment System (CEWACS) managed security services platform and a leading Cyber Operations team with unique offensive and defensive expertise.

Our 24x7 Cyber Operations & Intelligence capabilities enable us to be our clients’ vigilant security partner and to provide immediate and on-the-spot response to their security needs,

which is more than crucial to effectively address the ever-changing cyber security threats. Furthermore, the provision of our services through a Cyber-SOC that is ISO 27001 certified and which employs a series of physical and IT security controls and process, ensures both uninterrupted operations and maximum protection of our clients’ data and operations.

Benefits

Address the human factor problem

Complement our cutting-edge Security Analytics & Response Orchestration platform and address the fact that technology makes up just one-third of an effective cyber threat management program; processes and people comprise the rest of the essential security balance.

Augment cyber defense capabilities

Advanced cyber threats are designed, instrumented and operated by humans and not a “mindless” peace of code, as common malware. This makes the battle with traditional (or less traditional) “automated technical controls” totally uneven and in favor of the attacker.

Our Cyber Operations & Intelligence services “even up the score” and by fusing together cutting-edge technology with best of breed cyber security services and talent ensures that our clients will never get caught unprepared while minimizing their security management investment.

Beyond Security Monitoring

Our approach is designed around “User-Cases” and by leveraging our advanced security analytics technology and proactive threat hunting processes, goes far beyond traditional security monitoring, allowing the detection of cyber threats as they occur and before they have an impact on our clients’ business.

The Platform

Our Cyber-born Early Warning And Containment System (CEWACS) platform is the corner stone of our offering. CEWACS platform combines our proprietary predictive security analytics and response orchestration systems with leading real time security intelligence and best of breed third-party security sensors.

This creates a state-of-the-art Early Warning & Adaptive Response platform, empowering our Cyber Operation team to detect and timely respond to sophisticated, hard-to-spot attacks, which are missed by other approaches in the “noise” of millions of low-value events.

Service Modules

24x7 Real Time Threat Management

Expert security monitoring across the entire environment
Even with the best security infrastructure and most effective policies in place, the human view of a security expert is irreplaceable. Encode’s 24x7 Real Time Threat Management (RTTM) services provide exactly that, by going far beyond traditional security monitoring services to the provision of a full managed SIEM, designed and build around your specific use cases. Our service module uses our Enorasys SIEM system to provide log management and real-time event management, along with continuous security monitoring. In the event of an incident, our response assistance provides all necessary information and insight around a verified incident, as well as guidelines and recommendations on its handling. Encode’s advantage is based on our ability to provide all the critical elements and relevant components encapsulating within a set of rules and policies combined with our extensive security experience and expertise.

24x7 Cyber Security Analytics

Proactively hunting for threats
In the context of 24x7 Cyber Security Analytics services our Cyber Operations team use our Enorasys Security Analytics platform to proactively hunt for signs of sophisticated, targeted cyber-attacks as they unfold within our clients’ environments. We call this process “Proactive Hunting”, since we don’t simply rely on monitoring and correlation of events to alerts, but rather our teams uses our Security Analytics system to proactively pinpoint suspicious activity, which when identified is surgically investigated and handled through our Response Orchestration system.

By continuous profiling of relevant user and node activity through the use of advanced statistical analysis methods and machine learning algorithms, we are better able to detect sophisticated, hard-to-spot attacks, which are missed by other approaches in the “noise” of millions of low-value events.

24x7 Adaptive Threat Response

Intelligently and swiftly deal with threats
With 24x7 Adaptive Threat Response services we take incident response one step further. Our Cyber Operations team utilises our Response Orchestration system (SOCStreams) and Adaptive Threat Response (ATR) engine to perform extensive remote incident investigation and response actions immediately upon detection, minimizing the extent of a potential compromise. In the course of the specific process and upon the identification of a security incident our Cyber Operations team can instruct the ad-hoc deployment of a specialized Endpoint Visibility and Control (EVC) sensor onto the targeted endpoint. This is further enhanced by on-demand activation and acquisition of network session recordings for specific network sessions, through integration with pre-deployed Network Activity Visibility (NAV) sensors. In this way our analysts get the situational awareness required for incident investigation. Moreover and upon client authorization, our analysts can instruct through ATR EVC sensors or other integrated network security gateways to take containment actions such as isolating the endpoint from the network or blocking of offending IPs/Domains amongst a range of counter measures.

Key Features

Designed around Use Cases

We don’t just monitor a set of devices, but rather address specific threat use cases. Our Use Cases leverage our unique expertise in both cyber threats and corresponding security technologies and are designed in order to cover all main threat areas and corresponding attack scenarios. Furthermore, we customize our use cases with the Client, in order to address any custom security and compliance requirements.

Based on and provide True Visibility

Visibility is an absolute requirement for an effective threat management service. Although there is a wealth of information in logs and events produced from the systems of the monitored IT environment, this information is sometimes not enough. For this reason and for specific use cases, we deploy a set of specialized security sensors that will provide the level of visibility required and enhance the level of coverage of the corresponding use cases.

Encapsulate Security Talent & Expertise

A key factor of our offering is that all our use cases and corresponding rules and analytics encapsulate our extensive expertise in cyber-insider threats; knowledge build through thousands of successful engagements, ranging from Extrusion Testing™ (APT Simulation Testing) engagements for high-end customers, and digital forensic investigation to end-to-end SOC implementations for major organizations around the world.

Operate in Context

Our seasoned Security Architects and Service Delivery Managers are engaged in every engagement, in order to make sure that our services will be provided “in-context”.

Based on and generate Security Intelligence

Our services leverages threat intelligence from detected incidents by our Cyber Operation team, as well as threat intelligence feeds from multiple sources. But most importantly, through our security analytics technology and proactive hunting services, they provide the security intelligence that matters…the one that relates to your unique environment

Streamline and automate Incident Response functions

Our Cyber Operations team armed with our Response Orchestration system can surgically investigate suspicious activity and timely respond to security incidents, through a well-structured process.

Flexible delivery options

Leveraging the flexibility and scalability of our platform and our services model, we can adapt our service offering to the specific needs of our clients.

Downloads

Datasheet - Managed Security Services

Whitepaper - Defending against sophisticated cyber attacks
The growing sophistication of cyber-attacks makes the protection of an organization’s assets a demanding and urgent task.

Whitepaper - Security As The New Service Tower
In context of today’s Cyber Threat Landscape, the importance of a SOC that can Detect, Respond and Contain Cyber breaches early on in the Cyber Kill Chain cannot be over stated.

Whitepaper - Why MSS is the future of cyber security.
Of all the things 2015 will be remembered for in the years to come, one of the biggest trends from an enterprise IT perspective was the huge increase in cyber attacks seen over the year