It includes Security Incident Response (Tier-3) provided remotely to the customer (or partner)’s analysts (“local SOC”) by OBRELA’s Cyber Defense Centers.
In a typical scenario, when a security incident is identified by the Local SOC analysts which requires further investigation or Local SOC does not fully comprehend, our Cyber Defense Centers will provide ongoing support and advise to analyze and comprehend the incident and will provide the recommended response strategy and the necessary technical guidance to mitigate the threat.
Blue-Team Support aims to support local SOC resources in order to ensure that incidents can be adequately comprehended escalated and mitigated until responsibility can be handed over to them to continue their threat monitoring and incident response procedures autonomously. OBRELA’s senior analysts assist the local SOCs to prepare detecting attacks against their organization, searching for attackers in logs, network traffic and how to identify threats to a specific IT, Cloud, OT environment or on the endpoints. OBRELA’s senior analysts with history of Blue-team support projects in different enterprise domains empowers the escalation of customer’s incident investigation requests to our team. As soon as a threat is validated, the team provides to the customers recommendations for fast and effective security incident response.
Customer (or partner)’s main objective is to monitor and manage incidents/events triggered by security technologies and other log sources which are onboarded and validated with their selected MDR technologies. Local SOC teams will need to analyze security events in real-time, detect incidents, identify the root causes and evaluate the risk associated with each of them. OBRELA’s Blue Team Support service involves providing remote assistance support to the local SOC analysts, when a security incident is identified by them.
In a nutshell,
OBRELA’s Cyber Defense Centers are staffed by certified security analysts with monitoring and incident response expertise on different domains (IT, Cloud, OT, Endpoints, Vessels, etc). The team’s expertise on exploitation, common attack vectors and techniques, active directory attacks, phishing or malware campaigns, detection of communication with C&C, lateral movement, and persistent threats, empowers customer’s local SOCs to comprehend and handle complex incidents in the Cyber kill Chain. 24×7 OBRELA’s Blue-Team Support services are governed by SLAs and tracked through our ticketing system.