Download Whitepaper: Achieving SIEM Efficiency Through Proactive Validation

SERVICE DESCRIPTION

The Endpoint Detection Policy Validation and Hardening Service measures the readiness of  EDR solutions by utilising a curated library of real-world threats and attack scenarios.  When gaps are identified, customers of this service are provided with the vendor-specific* detection content that needs to be deployed.

WHY IS THIS SERVICE IMPORTANT?

Contrary to common belief, EDR solutions are not simple turnkey solutions that can be deployed and left to manage themselves. If detection rules are missing, too narrow in scope, or poorly written, alerts will not be generated as required, and malicious activities may go undetected, creating a critical level of cyber risk. On the other hand, if the scope of detection rules is too broad without precise intent, the number of false positives will increase, leading to alert fatigue.

The End Point Detection Policy Validation and Hardening Service addresses these challenges by establishing proactive detection validation and ensuring that EDR configurations are diligently updated to address new threats.

EDR Validation and Hardening data sheet
FEATURES
  • Powered by cutting edge technologies, the Cynode Ultima platform ensures easy deployment and safe operation in production environments.

  • Assessments can be scheduled or performed on-demand, using a curated library of real-world malicious techniques.

  • The service offers a wide range of reporting options with actionable insights.

  • Threat and mitigation updates are provided both routinely and in response to specific situations.

BENEFITS
  • Ensuring the Right Rules Are Implemented.

  • Maintaining High Standards in Rule Development.

  •  Addressing Vulnerabilities Before Attacks.

  • Minimising Delays Between Events and Alerts.

  • Maximising Return and Minimising Risk

  • Achieving Quantifiable Enhancements.

TYPE OF ATTACKS
  • Real-world TTPs mapped to MITRE ATT&CK

WHO SHOULD USE IT
  • CISOs need to understand the current state of the EDR platform, it's efficacy and be aware of any gaps in it's policy

  • Security Managers need to understand how effective their security operations team are

SUPPORTED SOLUTIONS
  • Crowdstrike 

    Carbon Black

    Microsoft Defender

    Symantec 

    Sentinel One

    Trellix

    Trend Micro

  • Carbon Black

    Microsoft Defender

DELIVERY AND MODE OF USE
  • based on attack types, threat blocking changes (unblocked or unblocked to blocked) and efficiency tracking

  • Consistent and regular EDR policy updates

  • Instant policy update communication for urgent threat update requirements and sudden blocking rate drops due to internal failures (licensing, hardware or human errors).

  • Email, SOAR and service management communication for policy updates.

Sign up here to register your interest in a free trial

Update cookies preferences