In the event of a security incident, our Rapid Response Force is available 24/7.
Our expertise and operational support in Operational Security (SecOp) enables us to provide our customers with highly experienced resources in the fields of detection, incident response, vulnerability management and threat intelligence.
Our consultants provide technical support to our customers’ SOC & CERT teams
Good to know!
The increasing reuse of open-source and commercial tools (e.g. Cobalt Strike), and the emergence of alternatives to these generic tools, complicates the detection of malicious activity. It is therefore crucial to call on expert resources for alert detection and response to cyber incidents.
Source: ANSSI Cyberthreat Panorama 2022
Our consultants can support your SOC / CERT teams, particularly in the following areas:
Detecting suspicious events
We monitor alerts raised by detection tools such as SIEM, EDR and NDR. We qualify these alerts, carry out a first-level investigation, report incidents, and mobilize our response teams. At the same time, we update detection rules to facilitate the detection of future similar incidents.
Responding to security incidents
We carry out detailed investigations (forensic) to determine the malicious actions and their impact on the company’s infrastructures and business activities. We set up an organizational response mechanism, ensuring communication with the CISO and the business units. We apply remediation measures such as containment and eradication of the threat. Finally, we provide feedback following the incident.
Vulnerability management
Our experts identify the vulnerabilities impacting the technical solutions deployed within your company. They qualify the criticality of these vulnerabilities based on CVSS scores, as well as on the processes, applications and data potentially impacted within the company. We inform your IT teams of new vulnerabilities and prioritize and monitor corrective actions.
Directly operational support for your SecOp teams
Our consultants are integrated into your operational teams to reinforce their capacity to intervene in the detection and response to cybersecurity incidents.
Our teams regularly exchange information with each other to capitalize on the lessons learned from our various customers and accelerate their skills development.
In this way, they can give you the benefit of feedback from our many SOC & CERT assignments.
Our consultants are trained in the various detection and response tools on the market (Splunk, Sentinel, ELK, Crowdstrike, Defender, Cortex, Darktrace…).
They also have a thorough knowledge of reference standards and best practices in the field of security incident response (ISO 27035…).
How can I get the right resources to strengthen my SOC / CERT teams?
We provide you with skilled and experienced resources who will be integrated into your teams to strengthen your detection and response capabilities in the very short term.
How can I quickly develop my vulnerability management skills?
Our experience in implementing and reinforcing vulnerability management at our customers (structuring a dedicated unit, training teams, contextualizing and monitoring patches) will enable us to accelerate the implementation of these activities in your context.
How can I quickly develop my CTI capabilities?
Our consultants are trained in cyberthreat monitoring activities (identifying new indicators of compromise, tracking the most frequently used attacks, understanding the threat in your sector of activity) and will thus participate in the development of a CTI activity in your organization.
Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!