Blue-Team Support aims to ensure that incidents can be adequately comprehended escalated and mitigated until responsibility can be handed over to them to continue their threat monitoring and incident response procedures autonomously.
Obrela’s senior analysts assist the local global ROCs and regional teams on the ground to prepare detecting attacks against their organization, searching for attackers in logs, network traffic and how to identify threats to a specific IT, Cloud, OT environment or on the endpoints. Obrela’s Blue Team Support provides a range of service capabilities to enhance the security operations of their clients.
Blue Team Support offers specialized assistance to ROC teams in terms of content development and Service Level Agreement (SLA) management. We understand the criticality of efficient content and well-defined SLAs in maintaining a robust security operations framework.
- Content management·
- Hardcore Content Activation
- Use case management
- Incident Case Management
- Creation of customized dashboards, searches, views, etc.
- Design and Implementation of playbooks
- Fine-tuning of log sources, audit policies, and infrastructure components
- On-boarding of new systems/log sources
- Service Level Management
- SLA/KPIs monitoring
Provide an overview of the organization’s internal and external security posture as well as an assessment of its capability to manage its defenses and its ability to react as the situation changes based on Obrela’s Cyber Security Posture framework. Provide recommendations for further enhancing security visibility in the corporate environment (e.g. identify blind spots, identify new possible log sources etc.)
Quarterly internal and/or external Automated Vulnerability Scans against systems within service scope, aiming to identify known software flaws and misconfigurations exposed to the public Internet. Automated tools are used to perform the vulnerability scanning and to generate the deliverable report with the Vulnerabilities found (i.e. findings). Automated Vulnerability Scans include the following:
- Build Standards Assessment
- Validation of the patch management process
- Identification of common system misconfigurations
- Best practices recommendations
- Focus on scope breadth coverage
It should be noted that the Vulnerability Scan by definition, as opposed to a Penetration Test.
As part of this service offering and in order to properly manage and facilitate the entire Vulnerability Management process, Obrela’s SWORDFISH Exposure Management Console (EMC) will be offered, integrating with the Quarterly Automated Vulnerability Scans and used as a service enabler.
By offering a web-based user interface, SWORDFISH EMC provides Information Security Officers with several capabilities such as:
|Vulnerability Management||Mitigation Planning||Reporting|
On top of the HardCore which is applied to the Client’s monitored environment Obrela provides to the Client with the ability to create additional custom use cases tailored at their needs.
Specifically, apart from the out-of-the-box delivered use cases, Obrela’s Blue Team will work with the customer’s staff in order to identify and create additional custom use cases that meet the specific needs of the monitored environment.
A Use-Case driven approach ensures that the MDR Products will be able to identify cyber threats as they occur and before they have an impact on the client’s business. OBRELA continuously maps all corresponding rules to MITRE ATT&CK™ framework, along with others, such as the Cyber Kill-Chain, and leverages SWORDFISH CyberOps for taking advantage of this mapping in alert triage, incident case management and reporting.
Blue team Support services deliver a vast library of optimized correlation rules and behavior analysis/profiling use cases including:
- Out of the box rules
- Correlation rules
- Industry/Infrastructure Specific Rules
- Intelligence Services Rules
- Client-Based Rules
Blue Team Support is able to quickly support proprietary applications using custom connectors that allows clients to add their own devices
- Integrate with out-of-the-box supported components.
- Integrate with custom/proprietary log sources
- Ongoing configuration and tuning
Obrela provides video-based or instructor-led training to customer users following a standard training curriculum which includes the following packages at a minimum:
- Introduction to Swordfish (CyberOPS, SRM, EMC) consoles
- Incident Escalation Procedure walkthrough
- Access to the consoles and main features of the MDR products which are part of the service (e.g., event search, report generation, etc.).
MANAGED DETECTION & RESPONSE
Turnkey threat detection and response service that helps our clients manage operational risk and significantly reduce the mean time to detect and respond to cyberattacks.Learn More
MANAGED CYBER DEFENSE
Obrela offers a suite of managed security services that are designed to help organizations strengthen their cybersecurity posture. These services range from Managed NG Firewall, Managed WAF, Managed Database Protection and Audit Control, to Managed Identity Access, with a focus on comprehensive protection and scalability,Learn More
Obrela's portfolio includes a wide range of Advisory Services, led by a team of highly skilled and certified cybersecurity experts. These services are designed to enhance an organization's resilience to cyber threats, leveraging our global expertise and a strong focus on business objectives.Learn More