Enterprises at any scale are seeking more and more sophisticated solutions in the decision-making process of where and when to protect critical assets. Although statistical and analytical prediction models and technical security tools are deployed across the multiple layers of the enterprise architecture, such as firewalls, DoS, IDS/IPS (network perimeter), EDR or end point protection software (endpoint or host level), identity management or multi-level authentication controls (user level) etc, these controls are not always successful in predicting, detecting or preventing multi-faceted threat behavior. Adversaries keep evolving their tactics and techniques orchestrating reconnaissance or phishing attacks with malware execution (e.g. ransomware attacks), exploitation of vulnerabilities and lateral movements causing data breach, downtime of production systems, and several other risks. Real time detection and prevention of threats and risks related to cybercrime activity, insider threats or inadvertent actions remains a foundational step for many enterprises today.
Conventional IT security approaches have limitations in terms of scale, network-wide monitoring and resources for analyzing millions of data on daily basis. On the other hand, threat analytics and big data technologies combined with threat intelligence are able to identify the source of the attack at the beginning of the adversary action, perform user and system profiling for detecting unusual behavior, baselining of network traffic to identify irregularities, vulnerabilities management and more. The identification and prevention of such risks requires high detection speed, accuracy and adaptation to different attack intensities. Yet, enterprises may not always afford the investment cost to 24×7 on-premise monitoring of their infrastructure or to hire threat analysts with incident response skills. Obrela’s Managed Detection and Response (MDR) service can instead support real-time monitoring and analysis of security event data correlated to non-transactional data of core IT applications, systems and networks empowering a multi-layer security intelligence approach. Obrela’s IT Monitoring solution integrated with our MDR service provides enterprises with a turnkey threat detection and response service that significantly reduces the mean time to detect and respond to attacks in their IT and network infrastructure.
Obrela’s Managed Detection & Response (MDR) service combines collective intelligence practices and methods with leading edge security analytics and sophisticated risk management technology to identify, analyze, predict and prevent cyber-security threats in real time. Thread detection analytics, an integral part of the MDR service, collect and analyze structured and unstructured security related data from multiple systems, network devices and other critical assets, generating valuable intelligence for new, emerging and advanced security threats. Obrela’s SOC, also an integral part of the MDR service, staffed by threat analysts with IT monitoring expertise provides 24×7 monitoring, incident escalation as soon as a threat is validated providing to the customers MITRE-like recommendations for fast and effective security incident response.
Obrela’s IT monitoring capabilities include:
Obrela’s Threat Detection Analytics enable advanced and in-depth analysis of large amounts of log data from multiple system and network log sources leveraging threat intelligence, expert rules and advance security analytics algorithms to reveal abnormal or suspicious behavior and patterns. Alert management capabilities enhance 24×7 monitoring to detect threats as soon as possible triggering meaningful alerts and security response procedures.
Our clients are offered the advantage of fast integration to Obrela’s Managed Detection & Response (MDR) service and day one visibility of security threats in their enterprise environment. Clients can build on top customized processes and procedures for risk compliance and incident response plans.