Effective, automated, and economical threat detection and response
Many large organizations have learned the hard way that efficient detection and response to cybersecurity incidents should have been one of the key pillars in their risk management strategies.However, building such a capacity is extremely difficult: technological and process integration is complex, and organizations typically lack people and/or skills for designing, deploying, and eventually operating cost-effective Security Operations Centers (Managed Detection and Response – MDR).
We help you build your MDR and upskill your people
For organizations that want to deploy their internal MDR or offer it as a service (MDRaaS) on the market, NIL can help choose the right MDR technology platform and design and deploy it as well as provide skills enablement, a road map, and even joint operations.
Choosing NIL as your partner in MDR building provides you with the following benefits:
- Cost-efficiency and leaner operations: Our approach to MDR building is based on modern security processing and workflow automation. As a result, MDR operations are significantly less time and resource consuming.
- Accurate, fast threat detection and response: Automation also speeds up the incident detection and response times, thereby resulting in faster remediation and a lower risk of business-critical damage.
- Overcome complexity and avoid pitfalls: NIL is extremely flexible in terms of technology choice and integration options, even in the largest environments. In most environments, the way to MDR contains many potential pitfalls, where we can use our expertise, vendor-agnostic attitude as well as experience to avoid them.
- Field-proven approach and successful references: NIL has been engaged in CSIRT/MDR design for more than 20 years. We run our MDRaaS and have a proven track of record of other MDRs we have designed and/or built, including state-level MDRs.
Field-proven technologies, processes, and enablement
NIL provides a customized set of services that will help you establish efficient and affordable threat detection and response capabilities:
- A deep analysis of your current risk, technology, and human environment to clearly understand your requirements.
- The design of governance goals, processes, and the organizational fit/structure of the MDR service.
- The design of the MDR service catalog.
- Design of the MDR organization, governance, and processes that enable human workload balancing and leverage automation as much as possible.
- Design of human resource onboarding processes to scale the MDR team in a flexible and timely fashion.
- Design of the MDR technology platform that uses security automation to yield the highest time savings for your experts.
- The design of operational processes (case management, roles, shifts, escalations, incident management, etc.) within the MDR.
- The design and implementation of manual and automated analysis and incident response playbooks to allow fully deterministic handling of incidents.
- The design and implementation of MDR KPIs for both MDR users and stakeholders/managers.
NIL MDR is the one for Delavska hranilnica
Delavska hranilnica savings bank is pursuing a strategic approach to cybersecurity in its continuing push to go digital and offer advanced digital products. This makes it crucial to effectively detect and respond to potential cyber threats, a feat made possible by the NIL Security Operations Centre (MDR), which is considered by the bank as the most comprehensive MDR service on the market.
Power to the people
The solution also provides the key aspects of MDR team and skills building to allow you to quickly start using/offering MDR as well as give you the ability to scale the MDR services for future workloads. We provide:
- A clear organizational structure of the MDR with defined roles based on the MDR service catalog (analysts, incident responders, threat hunters, forensic specialists).
- A list of the required skills for each MDR team role and a road map (shadowing, mentoring, trainings, certifications) on how to achieve them.
- The design of the onboarding process for new team members.
If you are unable to provide or ramp up the required human resources, NIL can provide an on-site or remote MDR team temporarily, either for faster time-to-market, or in a tiered architecture to provide for missing local skills.
Support for different platforms and frameworks
We are flexible in the choice of technology to support a wide range of MDR platform tools and frameworks. We typically base our MDR platform around the following key framework components:
- A high-assurance compute-network-storage environment in which the MDR technology platform executes (secure analyst room, secure platforms, secure infrastructure, privileged identity management, high-assurance authentication, transmission protection, separation of duty, etc.)
- A Security Automation and Orchestration (SAO) solution as the core automation and eyes-on-the-glass component of the MDR.
- One or multiple Security Information and Event Management (SIEM) systems for event consolidation, normalization, and short-term correlation.
- The integration of internal and external Threat Intelligence (TI) sources, and automatic correlation of TI with the local context.
- Information sources from multiple endpoint technologies, such as EDR agents, application and OS logs, HIPS/anti-malware systems, DLP systems, vulnerability assessment and management tools, etc.
- Information sources from multiple network technologies, such as NGFW/NGIPS/WAF appliances, network anomaly detection, NetFlow accounting, etc.
- Information sources from specific, user- or data-focused security technologies, such as UEBA, or database monitoring/firewalling.
- Deception technologies, such as honeypots, honeytokens, tarpits, and network sinkholes.
- Data management tools for retention, fast searching, etc.
Our goal is to support the majority of critical information sources in customer environments as well as to provide easy-to-replace framework components that eliminate long-term lock-in to specific vendors.