Threat Detection

• Deep integration with next-generation firewalls, endpoint detection, sandboxes and secure access service edge (SASE) with multiple supported vendors and technologies. This enables the collection of evidence data and contextual information well beyond standard syslog outputs.
• Event-driven threat hunting by security analysts for a range of vendor technologies to gain full insight into client-monitored sources.
• Responsive actions to ensure any compromises will be contained and not spread further into your IT environment. Remote incident response and network blocking enable you to experience the full benefits of our Threat Detection Services.

As part of the enhanced services, suspicious activities and all relevant contextual information are passed to a skilled security analyst who verifies the threat and its impact. You then receive a detailed security incident report, with a comprehensive description of the incident and specific, actionable response recommendations. This enables you to significantly reduce the time required to take informed response measures.

Our security analyst will provide updates on the incident report and support your remediation activities until the incident can be closed. Furthermore, to reduce security incident response time and to prevent the spread of an infection, they can optionally take responsive actions to isolate compromised hosts.

The Enhanced service plan provides vendor integration including evidence collection. A deep integration with multiple supported vendors and technologies enables the collection of evidence data and contextual information beyond standard device outputs.

Security analysts perform event-driven threat hunting for a range of vendor technologies as part of the Enhanced service. Using sophisticated proprietary toolsets, skilled security analysts gain full insight into client-monitored sources combined with machine learning, visualization, contextual information and evidence data. This approach allows the analyst to proactively uncover threats or malicious behaviors before they cause significant issues.

Threat Detection Standard:

• Automated reporting: a sophisticated, automated service for clients seeking entry-level threat detection.
• Tailored notifications: notification confidence levels can be tailored and set depending on the specific severity level.