In the event of a security incident, our Rapid Response Force is available 24/7. 

Expertise and operational support

Our expertise and operational support in Operational Security (SecOp) enables us to provide our customers with highly experienced resources in the fields of detection, incident response, vulnerability management and threat intelligence.
Our consultants provide technical support to our customers’ SOC & CERT teams

Contact us

Good to know!

The increasing reuse of open-source and commercial tools (e.g. Cobalt Strike), and the emergence of alternatives to these generic tools, complicates the detection of malicious activity. It is therefore crucial to call on expert resources for alert detection and response to cyber incidents.

Source: ANSSI Cyberthreat Panorama 2022

Day-to-day support for your SOC & CERT operational teams

Our consultants can support your SOC / CERT teams, particularly in the following areas:

  • Implementation and use of detection solutions (SIEM, EDR, NDR and SOAR in particular)
  • Continuous improvement of detection activities (analysis of SOC service coverage, implementation of new detection rules, integration of new log sources)
  • Incident response support (qualification, investigation and remediation)
  • Continuous improvement of incident response activities (definition of a process for responding to critical cybersecurity incidents, definition of reflex sheets and technical playbooks).
  • Support in detecting vulnerabilities, qualifying their severity in the company’s context, prioritizing them and monitoring their correction.
  • Participation in cybersecurity threat monitoring (CTI), with a particular focus on threats specific to the company’s sector of activity.
  • Support for management of SOC / CERT activities (team coordination, definition of dashboards for incidents encountered, monitoring of KPIs, etc.).

We provide you with operational support for detection, incident response, vulnerability management and threat intelligence.

Detecting suspicious events

We monitor alerts raised by detection tools such as SIEM, EDR and NDR. We qualify these alerts, carry out a first-level investigation, report incidents, and mobilize our response teams. At the same time, we update detection rules to facilitate the detection of future similar incidents.

Responding to security incidents

We carry out detailed investigations (forensic) to determine the malicious actions and their impact on the company’s infrastructures and business activities. We set up an organizational response mechanism, ensuring communication with the CISO and the business units. We apply remediation measures such as containment and eradication of the threat. Finally, we provide feedback following the incident.

Vulnerability management

Our experts identify the vulnerabilities impacting the technical solutions deployed within your company. They qualify the criticality of these vulnerabilities based on CVSS scores, as well as on the processes, applications and data potentially impacted within the company. We inform your IT teams of new vulnerabilities and prioritize and monitor corrective actions.

Directly operational support for your SecOp teams

Integrating our consultants into your teams

Our consultants are integrated into your operational teams to reinforce their capacity to intervene in the detection and response to cybersecurity incidents.

Information sharing between our consultants

Our teams regularly exchange information with each other to capitalize on the lessons learned from our various customers and accelerate their skills development.
In this way, they can give you the benefit of feedback from our many SOC & CERT assignments.

Very good knowledge of detection and response tools and best practices

Our consultants are trained in the various detection and response tools on the market (Splunk, Sentinel, ELK, Crowdstrike, Defender, Cortex, Darktrace…).
They also have a thorough knowledge of reference standards and best practices in the field of security incident response (ISO 27035…).

Our customer references

  • Processing of cybersecurity alerts from various detection products
  • Qualification of reported events (criticality assessment),
  • investigations)
  • Analysis of compromised information systems
  • Search for indicators of compromise.
  • Proposal of mitigation actions
  • Proposal of a remediation plan
  • Continuous business improvement

Support for SOC management, KPI measurement, dashboard production, continuous improvement, internal coordination.

Definition of security requirements, baselines, and controls, both for the existing environment and for new IT infrastructure developments, to increase the SOC’s visibility, efficiency and ability to respond to incidents.

Incident analysis and investigation in the SIEM tool

Impact analysis of vulnerabilities on IT and OT infrastructures

Steering and monitoring of remediation tasks in collaboration with the in-house teams

FAQ

How can I get the right resources to strengthen my SOC / CERT teams?

We provide you with skilled and experienced resources who will be integrated into your teams to strengthen your detection and response capabilities in the very short term.

How can I quickly develop my vulnerability management skills?

Our experience in implementing and reinforcing vulnerability management at our customers (structuring a dedicated unit, training teams, contextualizing and monitoring patches) will enable us to accelerate the implementation of these activities in your context.

How can I quickly develop my CTI capabilities?

Our consultants are trained in cyberthreat monitoring activities (identifying new indicators of compromise, tracking the most frequently used attacks, understanding the threat in your sector of activity) and will thus participate in the development of a CTI activity in your organization.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!

Contact us