BLUE TEAM SUPPORT

Blue Team Support offers specialized assistance to ROC teams in terms of content development and Service Level Agreement (SLA) management. We understand the criticality of efficient content and well-defined SLAs in maintaining a robust security operations framework.

• Content management·
  • Hardcore Content Activation
  • Use case management
  • Incident Case Management
  • Creation of customized dashboards, searches, views, etc.
  • Design and Implementation of playbooks
  • Fine-tuning of log sources, audit policies, and infrastructure components
  • On-boarding of new systems/log sources
• Service Level Management
  • SLA/KPIs monitoring
  • Reporting

Provide an overview of the organization’s internal and external security posture as well as an assessment of its capability to manage its defenses and its ability to react as the situation changes based on Obrela’s Cyber Security Posture framework. Provide recommendations for further enhancing security visibility in the corporate environment (e.g. identify blind spots, identify new possible log sources etc.)

Quarterly internal and/or external Automated Vulnerability Scans against systems within service scope, aiming to identify known software flaws and misconfigurations exposed to the public Internet. Automated tools are used to perform the vulnerability scanning and to generate the deliverable report with the Vulnerabilities found (i.e. findings). Automated Vulnerability Scans include the following:

• Build Standards Assessment
• Validation of the patch management process
• Identification of common system misconfigurations
• Best practices recommendations
• Focus on scope breadth coverage

It should be noted that the Vulnerability Scan by definition, as opposed to a Penetration Test.

As part of this service offering and in order to properly manage and facilitate the entire Vulnerability Management process, Obrela’s SWORDFISH Exposure Management Console (EMC) will be offered, integrating with the Quarterly Automated Vulnerability Scans and used as a service enabler.

By offering a web-based user interface, SWORDFISH EMC provides Information Security Officers with several capabilities such as:

On top of the HardCore which is applied to the Client’s monitored environment Obrela provides to the Client with the ability to create additional custom use cases tailored at their needs.

Specifically, apart from the out-of-the-box delivered use cases, Obrela’s Blue Team will work with the customer’s staff in order to identify and create additional custom use cases that meet the specific needs of the monitored environment.

A Use-Case driven approach ensures that the MDR Products will be able to identify cyber threats as they occur and before they have an impact on the client’s business. OBRELA continuously maps all corresponding rules to MITRE ATT&CK™ framework, along with others, such as the Cyber Kill-Chain, and leverages SWORDFISH CyberOps for taking advantage of this mapping in alert triage, incident case management and reporting.

Blue team Support services deliver a vast library of optimized correlation rules and behavior analysis/profiling use cases including:

• Out of the box rules
• Correlation rules
• Industry/Infrastructure Specific Rules
• Intelligence Services Rules
• Client-Based Rules

Blue Team Support is able to quickly support proprietary applications using custom connectors that allows clients to add their own devices

• Integrate with out-of-the-box supported components.
• Integrate with custom/proprietary log sources
• Ongoing configuration and tuning

Obrela provides video-based or instructor-led training to customer users following a standard training curriculum which includes the following packages at a minimum:

• Introduction to Swordfish (CyberOPS, SRM, EMC) consoles
• Incident Escalation Procedure walkthrough
• Access to the consoles and main features of the MDR products which are part of the service (e.g., event search, report generation, etc.).