Completeness
We achieve true completeness of monitoring – not only do issues get detected and analysed, reports are complete with all supporting data for every reported incident, you also get full support for your compliance efforts.
There is a strong focus on completeness across all areas of the MDR service delivery – for example there is completeness in incident closure as it goes through its workflow stages.
Incomplete MDR is as ineffective as not having any system at all. Our focus is to infuse “completeness” in all aspects of detecting and responding to incidents.
For example, incidents are triggered only after correlation with other data gathered from within and outside of your organization. We ensure completeness across data to response.
Representation Source List
SAMPLE EVENT SOURCES
DNS Resolution (Route 53)
Load Balancing Infra (ELB/ALB/CLB)
Base Computing Resource (EC2)
VPC (Network Level Events)
Queue Systems (Redis)
Databases (Oracle DB, Mongo DB, MySQL)
Container Management (Kubernetes)
Analytics Infra (Dynamo DB)
Storage and Content (S3 Bucket)
Endpoint Protection Logs
Windows / Linux / *NIX
Application Logs
Certificate Infra Logs
TYPE OF EVENT/LOGS
Query Logs
Access Logs
OS Logs (Host & Malware Logs)
Flow Logs
Metrics
Database Audit Logs/ Query, Error, Slow Query, General Logs
Container Logs and Container Management System Log
Metrics
Bucket Level Operations
IDS/IPS/AV/DLP Events and Alerts
Sys Logs, Win Event Logs
Customer Logs of Applications in Enterprise
Certificate Authority Logs from Enterprise
Dark Web Intel
As defences develop, offensive strategies change – the dark web is teeming with new exploits and threat intelligence. Our darkWATCH strength helps us anticipate and quickly develop capabilities to detect new threats and exploit strategies.
Threat Intel
Static rules, both for detection of anomalies and data correlation, make no sense. We are daily building new analysis rules and modifying others based on changes in the threat landscape. The same data can (and does) return different results even after one day!
Strong Follow Up
Your team will rarely need to contact us – instead our analysts and account managers will be after you to respond to identified risks – ensuring that the Response in MDR is completed. There is strong system and people support to take things to closure!