EDR Validation & Hardening
SERVICE DESCRIPTION
The End Point Detection Policy Validation and Hardening Service measures the readiness of EDR solutions by utilising a curated library of real-world threats and attack scenarios. When gaps are identified, customers of this service are provided with the vendor-specific* detection content that needs to be deployed.
WHY IS THIS SERVICE IMPORTANT?
Contrary to common belief, EDR solutions are not simple turnkey solutions that can be deployed and left to manage themselves. If detection rules are missing, too narrow in scope, or poorly written, alerts will not be generated as required, and malicious activities may go undetected, creating a critical level of cyber risk. On the other hand, if the scope of detection rules is too broad without precise intent, the number of false positives will increase, leading to alert fatigue.
The End Point Detection Policy Validation and Hardening Service addresses these challenges by establishing proactive detection validation and ensuring that EDR configurations are diligently updated to address new threats.
FEATURES
-
Powered by cutting edge technologies, the Cynode Ultima platform ensures easy deployment and safe operation in production environments.
-
Assessments can be scheduled or performed on-demand, using a curated library of real-world malicious techniques.
-
The service offers a wide range of reporting options with actionable insights.
-
Threat and mitigation updates are provided both routinely and in response to specific situations.
BENEFITS
-
Ensuring the Right Rules Are Implemented.
-
Maintaining High Standards in Rule Development.
-
Addressing Vulnerabilities Before Attacks.
-
Minimising Delays Between Events and Alerts.
-
Maximising Return and Minimising Risk
-
Achieving Quantifiable Enhancements.
TYPE OF ATTACKS
-
Real-world TTPs mapped to MITRE ATT&CK
WHO SHOULD USE IT
SUPPORTED SOLUTIONS
-
All vendors are supported
-
Carbon Black, Sigma
DELIVERY AND MODE OF USE
-
based on attack types, threat blocking changes (unblocked or unblocked to blocked) and efficiency tracking
-
Consistent and regular EDR policy updates
-
Instant policy update communication for urgent threat update requirements and sudden blocking rate drops due to internal failures (licensing, hardware or human errors).
-
Email, SOAR and service management communication for policy updates.
-
Ransomware Assessment & Mitigation
Our Ransomware Assessment Service provides organisations with risk assessments of their IT infrastructure and systems. This helps identify the current security posture with regards to ransomware threats. The service utilises various security tools and techniques to evaluate the ability of existing controls to detect and block ransomware as it enters the environment or lands on a machine.
-
SIEM Validation & Hardening
The SIEM Efficiency Validation and Hardening Service measures the efficiency of security event log structure and rules in detecting advanced threats by applying comprehensive attack simulations. When shortcomings are identified, customers of this service are provided with suggestions and detection rules developed for particular threats or threat groups.