Techsden Managed Detection & Response (MDR) services combine collective intelligence practices and methods with leading edge security analytics and sophisticated risk management technology to identify, analyze, predict, and prevent cyber-security threats in real time. Going beyond the limits of a SIEM technology, we collect and analyze structured and unstructured security related data and telemetry from all systems, networks, and applications, generating valuable intelligence for new, emerging and advanced security threats and giving our clients a unique advantage in predictability, preparation and response.

We proactively monitors network systems endpoints and applications traffic, looking for suspicious activity and notifying when security events require additional analysis, investigation, or action. Leveraging advanced real-time correlation and event management technology, AI, Intelligence, and advanced threat analytics techniques the relevance of any given event is identified by placing it within context of who, what, where, when and why that event occurred, in order to derive its impact on business risk terms. Event correlation is performed with asset prioritization and vulnerability, user activity, and threat history to deliver accurate and automated classification of security risks and compliance violations, processing millions of log entries and narrowing them down to the very few critical events which matter and require attention

• What it covers?
  • Service Onboarding
  • HARDCORE Content Module
  • Threat Analytics
  • Threat Intelligence
  • SOCaaS and Incident Management
  • Endpoint Detection and Response (EDR)
  • Quarterly Automated Vulnerability Scans
  • SWORDFISH EMC Module

The SOCaaS is a SOC subscription-based service that ensures real-time monitoring and analysis of security events, proactive incident management and compliance with regulations. The SOCaaS approach provides a unique solution for clients wanting to outsource their information security operations to attain reliable, transparent, and efficient security and privacy. The service level includes real-time security monitoring and response by the Security Incident Response Team (SIRT) including analysis and validation of the alerts, their interpretation to meaningful and actionable information, escalation based on mutually agreed RoE and guidance throughout the lifecycle of security incidents until their mitigation and recovery.

We do evaluate and update security procedures including but not limited to SIRT, case management and change management. The procedures development methodologies help integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes and a point of reference for appraising current processes. Our SOCaaS design is based on security governance and defense in depth models and complements our cloud services.

The SWORDFISH Workflow Ticketing application is leveraged and maintained by professional analysts to track incidents while employing automatic incident escalation features. For High and Critical security incidents, there is direct communication with the authorized, Single Points of Contract (SPOC) within the client’s organization.

Our offering is including:

• SIEM management, configuration, and customization
• 24x7x365 continuous monitoring and analysis
• Unlimited remote security incident response to critical security incidents
• Advanced protection against both perimeter and insider threats
• Easy-to-use SOCaaS service portal
• Compliance reporting and log retention for PCI, HIPAA, NERC, GDPR.

Analyzing, planning, and maintaining an optimal SIEM installation based on the security requirements of each client on a long-term basis. Indicatively, TECHSDEN is in position to:

• Maintain SIEM solutions for complex and critical environments.
• Develop content like correlation rules and reports, tailored to special characteristics of each infrastructure and each client individually.
• Administer and maintain the SIEM technology on a 24/7 basis.
• Develop tailored procedures and methodologies compliant with the requirements of the client.
• Provide technical training seminars for specialized personnel (such as administrator groups, monitoring groups, groups responsible for security events responsiveness)
• Develop customized connectors from custom systems or applications.