fbpx

This website uses cookies to ensure you get the best experience. More Information

Blue Team

Learn More ➤

The Service is provided on a 24 x 7 x 365 basis covering customer’s integrated log sources in the scope of IT, Cloud, OT, User monitoring (or a hybrid scenario between them).

It includes Security Incident Response (Tier-3) provided remotely to the customer (or partner)’s analysts (“local SOC”) by OBRELA’s Cyber Defense Centers.

In a typical scenario, when a security incident is identified by the Local SOC analysts which requires further investigation or Local SOC does not fully comprehend, our Cyber Defense Centers will provide ongoing support and advise to analyze and comprehend the incident and will provide the recommended response strategy and the necessary technical guidance to mitigate the threat.

 

Benefits

Blue-Team Support aims to support local SOC resources in order to ensure that incidents can be adequately comprehended escalated and mitigated until responsibility can be handed over to them to continue their threat monitoring and incident response procedures autonomously. OBRELA’s senior analysts assist the local SOCs to prepare detecting attacks against their organization, searching for attackers in logs, network traffic and how to identify threats to a specific IT, Cloud, OT environment or on the endpoints. OBRELA’s senior analysts with history of Blue-team support projects in different enterprise domains empowers the escalation of customer’s incident investigation requests to our team. As soon as a threat is validated, the team provides to the customers recommendations for fast and effective security incident response.

 

Key Features

Customer (or partner)’s main objective is to monitor and manage incidents/events triggered by security technologies and other log sources which are onboarded and validated with their selected MDR technologies.  Local SOC teams will need to analyze security events in real-time, detect incidents, identify the root causes and evaluate the risk associated with each of them. OBRELA’s Blue Team Support service involves providing remote assistance support to the local SOC analysts, when a security incident is identified by them.

OBRELA’s Blue Team support service coverage is 24x7x365 meaning that any time a local SOC Analysts consider necessary, they can submit such service requests via OBRELA’s Ticketing System.  OBRELA Analysts will assist the local team to comprehend the security incident and provide support and advise for the incident mitigation.

In a nutshell,

  • OBRELA’s SOCaaS can enhance, complement or even replace a local SOC. SOCaaS can also function as an excellence and blue team support center (Tier-2, Tier-3) to the clients’ SOC.
  • Supervision of the client Local SOCs and quality assurance lies within OBRELA’s responsibilities. This ensures that no real security incidents go unnoticed and unattended. This ensures end-customer satisfaction and provides time to the local SOC to build maturity and capabilities, i.e. until the client SOCs recruit resources with the right skills who should then become familiar with procedures and technology.
  • Security Incident Response (Tier-3) is provided remotely to customer’s analysts by OBRELA’s Cyber Defense Centers. In this regard, when an attack takes place and is identified by the local SOCs analysts, OBRELA’s senior analysts will provide ongoing support and advise for the best response strategy and the necessary technical guidelines to mitigate the threat on the end-user side.
  • Progressively the local SOC of the customer or partner becomes autonomous and self-sustainable.

 

Obrela factor

OBRELA’s Cyber Defense Centers are staffed by certified security analysts with monitoring and incident response expertise on different domains (IT, Cloud, OT, Endpoints, Vessels, etc). The team’s expertise on exploitation, common attack vectors and techniques, active directory attacks, phishing or malware campaigns, detection of communication with C&C, lateral movement, and persistent threats, empowers customer’s local SOCs to comprehend and handle complex incidents in the Cyber kill Chain. 24×7 OBRELA’s Blue-Team Support services are governed by SLAs and tracked through our ticketing system.

 

If you are interested in a quote please email or give us a call at +44 (0) 203 397 8723

Get a Quote!

    LATEST UPDATES

    Obrela Digital Universe Study: Q3 2021

    Obrela Digital Universe Study: Q3 2021

    20 October 2021 - by Obrela SOC
    Cybersecurity Recommendations for Healthcare

    Cybersecurity Recommendations for Healthcare

    19 October 2021 - by Obrela SOC
    OBRELA establishes Central European branch in Frankfurt

    OBRELA establishes Central European branch in Frankfurt

    11 October 2021
    CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Actively Exploited

    CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Actively Exploited

    6 October 2021 - by Obrela SOC
    Obrela appoints Steve Katz, world’s first CISO, to Advisory Board

    Obrela appoints Steve Katz, world’s first CISO, to Advisory Board

    5 October 2021 - by John Alexiou
    Critical vCenter Server Vulnerability Advisory - CVE-2021-22005

    Critical vCenter Server Vulnerability Advisory - CVE-2021-22005

    22 September 2021 - by Obrela SOC
    Obrela joins Microsoft Intelligence Security Association (MISA)

    Obrela joins Microsoft Intelligence Security Association (MISA)

    21 September 2021
    Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)

    Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)

    8 September 2021 - by Obrela SOC
    Security Updates for Confluence Server and Data Center

    Security Updates for Confluence Server and Data Center

    6 September 2021 - by Obrela SOC
    Security updates Advisory for multiple products

    Security updates Advisory for multiple products

    27 August 2021 - by Obrela SOC