Blue Team

The Service is provided on a 24 x 7 x 365 basis covering customer’s integrated log sources in the scope of IT, Cloud, OT, User monitoring (or a hybrid scenario between them).

It includes Security Incident Response (Tier-3) provided remotely to the customer (or partner)’s analysts (“local SOC”) by OBRELA’s Cyber Defense Centers.

In a typical scenario, when a security incident is identified by the Local SOC analysts which requires further investigation or Local SOC does not fully comprehend, our Cyber Defense Centers will provide ongoing support and advise to analyze and comprehend the incident and will provide the recommended response strategy and the necessary technical guidance to mitigate the threat.

Benefits

Blue-Team Support aims to support local SOC resources in order to ensure that incidents can be adequately comprehended escalated and mitigated until responsibility can be handed over to them to continue their threat monitoring and incident response procedures autonomously. OBRELA’s senior analysts assist the local SOCs to prepare detecting attacks against their organization, searching for attackers in logs, network traffic and how to identify threats to a specific IT, Cloud, OT environment or on the endpoints. OBRELA’s senior analysts with history of Blue-team support projects in different enterprise domains empowers the escalation of customer’s incident investigation requests to our team. As soon as a threat is validated, the team provides to the customers recommendations for fast and effective security incident response.

Key Features

Customer (or partner)’s main objective is to monitor and manage incidents/events triggered by security technologies and other log sources which are onboarded and validated with their selected MDR technologies.  Local SOC teams will need to analyze security events in real-time, detect incidents, identify the root causes and evaluate the risk associated with each of them. OBRELA’s Blue Team Support service involves providing remote assistance support to the local SOC analysts, when a security incident is identified by them.

OBRELA’s Blue Team support service coverage is 24x7x365 meaning that any time a local SOC Analysts consider necessary, they can submit such service requests via OBRELA’s Ticketing System.  OBRELA Analysts will assist the local team to comprehend the security incident and provide support and advise for the incident mitigation.

In a nutshell,

• OBRELA’s SOCaaS can enhance, complement or even replace a local SOC. SOCaaS can also function as an excellence and blue team support center (Tier-2, Tier-3) to the clients’ SOC.
• Supervision of the client Local SOCs and quality assurance lies within OBRELA’s responsibilities. This ensures that no real security incidents go unnoticed and unattended. This ensures end-customer satisfaction and provides time to the local SOC to build maturity and capabilities, i.e. until the client SOCs recruit resources with the right skills who should then become familiar with procedures and technology.
• Security Incident Response (Tier-3) is provided remotely to customer’s analysts by OBRELA’s Cyber Defense Centers. In this regard, when an attack takes place and is identified by the local SOCs analysts, OBRELA’s senior analysts will provide ongoing support and advise for the best response strategy and the necessary technical guidelines to mitigate the threat on the end-user side.
• Progressively the local SOC of the customer or partner becomes autonomous and self-sustainable.

Obrela factor

OBRELA’s Cyber Defense Centers are staffed by certified security analysts with monitoring and incident response expertise on different domains (IT, Cloud, OT, Endpoints, Vessels, etc). The team’s expertise on exploitation, common attack vectors and techniques, active directory attacks, phishing or malware campaigns, detection of communication with C&C, lateral movement, and persistent threats, empowers customer’s local SOCs to comprehend and handle complex incidents in the Cyber kill Chain. 24×7 OBRELA’s Blue-Team Support services are governed by SLAs and tracked through our ticketing system.

If you are interested in a quote please email or give us a call at +44 (0) 203 397 8723