Most Security Operations Centres (SOCs) focus on known threats, which means as threats evolve, incidents can go undetected and unmitigated for months (and even years) allowing attackers to get comfortable within an environment and to wreak havoc.
During the initial 30 days of your service, you will work collaboratively with Cythera to ensure the successful deployment of your service. Combined with regular monitoring and hunting, this enables the team to detect and respond to threats quicker. You will meet with a threat Assessment Manager monthly to ensure your security plan is evolving with your needs, and if we do find something, our team has a one-hour SLA for notifying you. Reports produced are robust and have input from expert analysts.
We’re ready to pivot, so you’re ready to respond.
Great incident detection and response is more than what you know—it’s knowing what you don’t know, too. Unlike other SOCs and managed services, Managed Detection and Response incorporates four distinct threat detection methodologies to detect the unknown:
These methodologies make it possible to validate threats before they’re reported with a nearly zero percent false positive rate.
The Cythera MDR Platform provides incident detection and response on applications, endpoints, and assets within your organisation, including those in the cloud. With Managed Detection and Response, you’re always prepared to deal with cyber-threats. If there is an incident, such as a breach, the team is ready to switch from detection mode to respond and act, and they will work closely with you to create a remediation plan tailored to your organisation. You will also be provided with a report containing an executive summary and in-depth analysis of the issue to make sure your organisation understands the incident. Additionally, this information is analysed to help fuel threat intelligence to increase speed in detection and response in the future.
In addition to containment and remediation recommendations included in Findings Reports, the MDR platform provides your business with two uncapped Incident Response escalations per year for critical incidents. Should we spot attacker activity within your environment, your Customer Advisor will immediately request escalation authorisation and, as per your contract, initiate our Incident Response (IR) team to fully scope, remediate, and mitigate the compromise.
Once you’ve transitioned to an IR escalation, our SOC and IR analysts will lead the technical analysis and triage the incident to identify the scope of the compromise, including: affected systems and user accounts, attacker command and control channels, malware, and any other artefacts related to the incident. The MDR team will use the information to determine the best course of action and begin IR activities, and continue to work with you and your team to collect forensic data and address the threat.
Contact us today . Be protected for tomorrow.