Managed Security Services

Let us manage your security while you focus on your business

Cyber Security is becoming a significant tenet of corporate operational risk management. While it is not difficult to ascertain threats and security breaches, it is often difficult to contain it without the right tools, capabilities, and adequate capacity.

Our tailor-made Manage Security Solutions can help your organization:

  • Increase visibility into threats while expediting a thorough security response
  • Scale up security
  • Utilize the best security solution that fits your requirement
  • Protect your critical IT assets with the help of skilled security experts

Our Services

Security Incident Response and Management – 24×7 Managed SOC

MIT ESP’S SOC is primarily focused on detecting potential threats within corporate networks, ranging from hackers and malware to employees who intentionally seek access to unauthorized confidential information.
Our expertise lies in collecting, analyzing and correlating log data from a broad spectrum of systems including networked solutions, security solutions, servers, hosts, operating systems and applications with provision for extensive threat monitoring and timely responses to security breaches.

 

Managed Detection and Response (MDR)

A security analytics solution designed to deliver early detection by understanding the “attack logic” and exploitation path. This is accomplished through “focused” threat intelligence analytics techniques and offensive and defensive expertise.
Our team of Security Analysts continuously analyze and model relevant activity through a unique analytics approach that combines pattern detection with activity profiling and external or environment-specific context.

 

Digital Forensic and Threat Intelligence

Using incident response and digital and malware analysis, our Threat Analysts and Assurance Consultants, collect and generate a wealth of security intelligence and knowledge which forms the basis of:

  • Researching new threats and developing new exploitation/evasion techniques
  • Producing new rules and analytics for the CSI platform, which are being configured, tested and optimized by our SOC engineers.

 

Network Analysis & Forensics

We deploy specialized network security probes in monitoring mode in specific areas of the internal network for monitoring and analyzing traffic for malicious activity. This is done remotely using a secure VPN connection provided by your business.

Depending on the scope of the incident, we monitor the following network points:

  • Internet Egress Point (Outbound/Inbound Access)
  • DMZ segments
  • Internal Network/Or specific segments

Additionally, we also collect relevant logs from network security devices and analyze them off-premises in our labs.

 

Endpoint Analysis & Forensics

This phase covers an in-depth investigation of suspicious endpoints identified during the Network Forensics phase. The analysis is performed through a combination of endpoint analysis probes and reviews of corresponding logs of the target endpoints.

Tasks performed during this phase include the following:

  • Local Log/Disk Analysis (workstation, server etc.)
  • Malware Analysis
    • Basic Static Techniques
    • Malware Analysis
    • Basic Dynamic Analysis
    • Malware Behaviour
    • Covert Malware Launching
    • Data Encoding
    • Network Signatures
    • Anti-Virtual Machines/AV techniques
  • Extent of Compromise
    • Internal Attack Escalation
    • Analysis of created user accounts
    • Privileges obtained (Local Admin, Domain Admin, etc.)
    • Machines accessed from suspicious accounts/endpoints/sources
    • Persistence techniques
    • Other tools/backdoors used by the attacker

We also have specialized partnerships with digital forensic experts to provide advanced services depending on your requirement.

 

Service Management & Optimization

Our service management team overlooks the entire operation to ensure the quality of our services and resources allocated for the project and are trained on ITIL Service Management best practices.

Ongoing service optimization and tune-up included in our 24×7 MSOC service offering covers:

  • Use case management (creation of new use cases and/or optimization of existing ones in line with the current threat landscape)
  • Fine tuning of log/event sources, audit policies and infrastructure components
  • Recommendations for further enhancing security visibility in the corporate environment (e.g. identifying blind spots, new possible log sources etc.)

We also develop Solution Architecture & Configuration Documents as part of our service management scope, covering all the necessary documents and standard operating procedures such as:

  • Solution description & characteristics
  • Solution benefits for the Customer
  • Solution architecture & components (integration with existing IT infrastructure)
  • Solution configuration (network configuration, user interfaces, system roles, logging etc.)
  • User access roles/profiles
  • Defined event sources & collectors
  • Custom log parsers configuration/code
  • Use Cases
  • Automated & custom reports
  • Notification & alerts

 

Managed VAPT and Remediation Support

Our Managed VAPT Service delivers next generation Vulnerability and Penetration Testing (VAPT) for your organization. Our cyber security experts will determine the ideal assessments for your organization, ensuring the most appropriate scope and detailing to conduct the VAPT and provide remediation support in the form of confirmation testing for fixed vulnerabilities.

We provide:

  • Comprehensive vulnerability assessment and penetration testing
  • Continued vulnerability scanning at an agreed frequency
  • On-demand penetration testing using a comprehensive & easy to use scoping model
  • Strategic remediation advice to improve on security of your networks and software
  • On-demand remediation support in the form of confirmation testing

 

Advanced Threat Hunting & Compromise Assessment

MIT ESP SOC offers threat hunting services in identifying advanced persistent threats (APTs) within the organization. The hunting is based on hypothesis or Intel based (IOCs/IOAs) to identify the Tactics, Techniques and Procedures (TTPs) used by adversaries which is mapped to MITRE framework and Cyber Kill Chain to identify potential attacks/adversary activities.

Our Cyber Threat Hunting is an essential exercise to proactively investigate potential compromises, detect advanced threats, and improve cyber defenses. It also:

  • Determines if your environment has been compromised by a sophisticated attacker
  • Increases your confidence in system integrity and data confidentiality
  • Helps you understand the impact of any discovered breach
  • Provides recommendations on security architecture, instrumentation, and controls to make your environment more resilient

Our threat Detection Team provides 24/7 threat monitoring by analyzing networks and user behavior while you receive alerts and reports of critical observations, in addition to actionable security intelligence.