gradient-shade
logo-outline

BLUE TEAM SUPPORT

Blue Team Support is a specialized security operations function designed to bolster Obrela Resilience Operations Centers (ROCs) on a global scale. Our blue teams collaborate with ROC teams worldwide to enhance their defensive capabilities, ensure efficient incident response, and maintain a robust security posture across the organization.

OVERVIEW

Blue-Team Support aims to ensure that incidents can be adequately comprehended escalated and mitigated until responsibility can be handed over to them to continue their threat monitoring and incident response procedures autonomously.

Obrela’s senior analysts assist the local global ROCs and regional teams on the ground to prepare detecting attacks against their organization, searching for attackers in logs, network traffic and how to identify threats to a specific IT, Cloud, OT environment or on the endpoints. Obrela’s Blue Team Support provides a range of service capabilities to enhance the security operations of their clients.

SERVICE CAPABILITIES

Blue Team Support offers specialized assistance to ROC teams in terms of content development and Service Level Agreement (SLA) management. We understand the criticality of efficient content and well-defined SLAs in maintaining a robust security operations framework.

  • Content management·
    • Hardcore Content Activation
    • Use case management
    • Incident Case Management
    • Creation of customized dashboards, searches, views, etc.
    • Design and Implementation of playbooks
    • Fine-tuning of log sources, audit policies, and infrastructure components
    • On-boarding of new systems/log sources
  • Service Level Management
    • SLA/KPIs monitoring
    • Reporting

Provide an overview of the organization’s internal and external security posture as well as an assessment of its capability to manage its defenses and its ability to react as the situation changes based on Obrela’s Cyber Security Posture framework. Provide recommendations for further enhancing security visibility in the corporate environment (e.g. identify blind spots, identify new possible log sources etc.)

Quarterly internal and/or external Automated Vulnerability Scans against systems within service scope, aiming to identify known software flaws and misconfigurations exposed to the public Internet. Automated tools are used to perform the vulnerability scanning and to generate the deliverable report with the Vulnerabilities found (i.e. findings). Automated Vulnerability Scans include the following:

  • Build Standards Assessment
  • Validation of the patch management process
  • Identification of common system misconfigurations
  • Best practices recommendations
  • Focus on scope breadth coverage

It should be noted that the Vulnerability Scan by definition, as opposed to a Penetration Test.

As part of this service offering and in order to properly manage and facilitate the entire Vulnerability Management process, Obrela’s SWORDFISH Exposure Management Console (EMC) will be offered, integrating with the Quarterly Automated Vulnerability Scans and used as a service enabler.

By offering a web-based user interface, SWORDFISH EMC provides Information Security Officers with several capabilities such as:

Vulnerability ManagementMitigation PlanningReporting
  • Full Vulnerability Lifecycle Monitoring
  • Instant Vulnerability Reporting
  • Mitigation Status Transparency
  • Vulnerability Search Filtering defined by user-defined criteria
  • Custom Workflow based on organization structure and processes
  • Automatic Vulnerability Delegation to corresponding key users
  • Organize and plan mitigation actions for each exposure gap that has been identified.
  • Follow up mitigation actions and enforce deadlines for each working package.
  • Graphical and Dynamic Statistics Representation
  • Common Format Exporting (MS Word, MS Excel etc.)
  • Dynamic Dashboards based on embedded Versatile Reporting Engine

On top of the HardCore which is applied to the Client’s monitored environment Obrela provides to the Client with the ability to create additional custom use cases tailored at their needs.

Specifically, apart from the out-of-the-box delivered use cases, Obrela’s Blue Team will work with the customer’s staff in order to identify and create additional custom use cases that meet the specific needs of the monitored environment.

A Use-Case driven approach ensures that the MDR Products will be able to identify cyber threats as they occur and before they have an impact on the client’s business. OBRELA continuously maps all corresponding rules to MITRE ATT&CK™ framework, along with others, such as the Cyber Kill-Chain, and leverages SWORDFISH CyberOps for taking advantage of this mapping in alert triage, incident case management and reporting.

Blue team Support services deliver a vast library of optimized correlation rules and behavior analysis/profiling use cases including:

  • Out of the box rules
  • Correlation rules
  • Industry/Infrastructure Specific Rules
  • Intelligence Services Rules
  • Client-Based Rules

Blue Team Support is able to quickly support proprietary applications using custom connectors that allows clients to add their own devices

  • Integrate with out-of-the-box supported components.
  • Integrate with custom/proprietary log sources
  • Ongoing configuration and tuning

 

Obrela provides video-based or instructor-led training to customer users following a standard training curriculum which includes the following packages at a minimum:

  • Introduction to Swordfish (CyberOPS, SRM, EMC) consoles
  • Incident Escalation Procedure walkthrough
  • Access to the consoles and main features of the MDR products which are part of the service (e.g., event search, report generation, etc.).
Gradient Shade
Logo Outline

BLUE TEAM DATASHEET

Access the datasheet and learn more

Download
Book a Demo