Managed Endpoint Detection and Response
Monitoring and Operations
We operate your Endpoint Detection and Response (EDR) platform to detect and respond to threats identified through the EDR console or SIEM integration. We monitor and maintain the health and availability of the EDR platform by troubleshooting technical issues, and ensure the platform is functioning as expected.
We provide incident response subject matter expertise and use the EDR tool to help identify the scope of a potential incident. Ongoing remediation involves socializing Incident Reports, coordinating with Security and IT teams to action their remediation procedures, while monitoring and reporting on the current compromises and action plans.
We create customized EDR search rules to identify anomalies and suspicious events that may indicate compromised systems. Threat Hunting is done collaboratively with you and typically focuses on high risk user groups, attacker techniques defined through EDR, and custom risk scenarios to provide additional protection on top of your native or supplemental threat intelligence feeds.
Event Source Tuning
We collaboratively improve EDR configuration to achieve better detection of threat actor and malware events.