Home > Expertise > Operational Safety > Solution deployment

Deploy detection and response solutions

Solutions combining detection and response have revolutionized operational security. They combine the efficiency of an expert editor with responses in a matter of seconds. Formind has consolidated its expertise to help you deploy them in the best possible way.

71 %

of attacks are no longer based on malware, and 30% of them impact the information system in less than 30 minutes
Crowdstrike 2023

Implement next-generation detection systems tailored to your context

Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) analyze attacker behavior rather than signatures. This innovative approach enables the detection of vulnerability exploits, surpassing the capabilities of traditional antivirus software. Moreover, in the event of a cybersecurity incident, automations can be used to isolate a compromised workstation, block network flows or reset passwords. Such deployments require change management and tool configuration expertise; their operation requires fine-tuning based on the corporate context, and filtering of false alarms after analysis.

These technologies can be coupled with SIEM (Security Information and Event Management) or XDR (eXtended Detection and Response) to collect and analyze your application traces and benefit from a 360° view of your alerts.

The solution deployed with our experts is installed in total transparency, and we help you to familiarize yourself with it, minimizing the workload on your security officers (or managing them with the Formind SOC). A dedicated support team, expert in your environment, assists you throughout the life of your solution.

From consulting to integration and configuration of EDR/NDR/SIEM solutions in your Information System

Advice on the most suitable tool

Our teams will help you choose the protection mode (endpoint, network, logs) and software vendor best suited to your needs among our partners, based on the criterion available.

Supervision architecture design

Our system and network architects work with you to design the right strategy: what capture points? The impact, the availability of the solution, the choice of Cloud provider, the risks to be covered… From small to large, each infrastructure and project is adapted.

Tool deployment and configuration

Certified experts, integrating our partner solutions daily, deploy cybersecurity solutions with minimal impact on the business, and train your teams for a seamless transition.

Incident assistance

In the RUN phase, in the short term (to get you up and running) or long term (with a managed service), Formind helps and assists you by bringing your tool to life and helping you analyze and respond to the most critical security incidents with a dedicated team available 24/7.

Our technical experts make the difference.

They are certified.

We have a team of experts, architects and analysts certified by our partners to secure deployments

Their experience is their strength.

Architects, analysts and consultants have many years of experience in the field of cybersecurity and can provide you with feedback from their previous missions.

They are supported by a network of partners.

At Formind, our partners are more than just a line on paper. We maintain strong contacts, have a dedicated and exclusive support and keep up to date with their latest developments.

They are part of internal centers of excellence.

We base our excellence on mutual support, through internal workgroups of technology and tools experts (Cloud, SOC…), so you can benefit from indirect support from many other experts on a given topic.

They’re consultants

Our integrators carry out operational security consulting missions alongside their own activities, broadening the spectrum of possible solutions they can offer you. They have a real capacity to help you achieve your objectives.

They go beyond the publisher’s expertise.

Our integrators have experience with multiple vendors on the same technology. This helps them to offer you an integration and consulting advice that go beyond any tool or methodological limitations, providing you with a genuine additional expertise

Our customer references

Following a compromise of their Information System on which Formind’s Fast Intervention Response Taskforce was called in, our integrators deployed the Harfanglab EDR to monitor the systems, providing an aggressive but non-blocking detection to spot traces of the attacker. The company was able to secure its systems and extended the EDR to its entire fleet of several thousand machines with the help of Formind’s SOC.

The company has chosen to rely on the full range of Microsoft technologies (E5) and NDR Darktrace to monitor its Information System.

Through a series of workshops, Formind designed the configuration target to be reached to harden the Microsoft 365 Defender environment and its EDR, as well as securing the identity protection, cloud protection, DLP, Microsoft 365 tools. By adopting a project-based approach and advising the CISO on the best change methods available with minimum impact, the company now has a high level of maturity in terms of protection and detection.

The company’s IT department suspected a potential persistence of attackers following a previous cyber-attack but had no accurate mapping of its network assets. What was needed was a thorough view of the incident, on all the infrastructure.

Formind therefore deployed the Darktrace NDR on the central network hub and on AWS, enabling a 100% view of the network flows from a single point, with no impact on production. Our approach to filtering and sorting false positives enabled us to confirm the attacker’s persistence in tandem with the customer’s SecOps teams.

FAQ

What are the advantages of deploying detection and response solutions in our security infrastructure?

Deploying these solutions strengthen the security posture by detecting incidents earlier, enabling a proactive response and thus reducing the risk of compromise

How do you choose between NDR/EDR/SIEM? And among all the publishers on the market?

A first approach, quickly deployed and with a fixed initial budget, is the managed EDR. It can cover a large part of your systems if it is managed by the IT department. If this is not the case, a NDR provides a global view, enabling the detection of hidden flows and shadow IT.
To improve security further, a SIEM can be deployed to oversight and monitor your systems (applications, emails servers…). Formind deploys a SIEM by default on all its EDR and security integration projects.
Choosing a partner can be difficult. Contact us to find out about our test benches and advises on the tool best suited to your needs.

How long does it usually take to deploy these solutions in our environment?

Deployment time depends on the size and complexity of your infrastructure. Our approach aims to achieve an initial result as quickly as possible, often within 1 or 2 months (unlike traditional SOC projects which take 6-8 months). We then work with you to extend the service according to your priorities.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!