G’Secure labs follows a methodology to offer a service that’s most relevant to the size, state and security maturity of the customer with advanced protection with an engagement model to get the most possible value for the customer.
Understand security maturity to position services appropriate to the customer
Setup an engagement and governance model for regular reviews, escalations, and day to day working.
Remote or onsite deployment of lightweight (vent on endpoints for G’Shield, and deploy SIEM + connector for G'Recon.
Involves collection, analysis, response and remedi-oton of security risks arid threats during the service delivery phase
Understand security maturity to position services appropriate to the customer.How is it done:
Mostly online questionnaire followed by a discussionOutcome:
If customer has high or medium security maturity, then initiate MDR services If customer has low maturity then
To setup an engagement and governance model for regular reviews, escalations and day to day working.
To deploy MDR technology for protection in customer endpoints for G’Shield
To deploy SIEM in customer network (and connector in endpoints) for monitoring and analytics at our CSOC for G'ReconHow is it done:
Deployable remotely by G'Securelabs or onsite by CustomerOutcome:
To monitor and protect customer endpoints from threats and inform (and assist to address) important issues to customer in G'Shield
To coordinate with customer to remediate issues in G'Recon.How is it done:
With combination of our MDR technology and security envangelists in G'Shield offering we Collect endpoint traffic, Monitor endpoint data in near real time, Analyze data to spot threats, Respond to automatically block threats and clean infections wherever possible, Raise alerts and inform customer and provide assistance to address the threat. With G'Recon we additionally collect data in SIEM to monitor and analyze it to spot suspicious activity, respond by raising an alert and coordinate with customer to remediate it.
|MDR Offering||Brief Description||How we do it|
|AI-driven and ML-based Threat Protection|| || |
|Threat Anticipation||Includes anticipating the threats and determine threats that might occur|| |
|Response Orchestration (Auto-resolution, Auto-quarantine threats)||Orchestrating response as security administrator would do to detect and address attacks automatically or manually|| |
|Threat Hunting||Security Analytics is used for security, user and IT data to enable and detect unknown and hidden threats which otherwise can be very hard or impossible to detect.||Specialized hunting team analyses data from endpoint and network activity, risk assessment, vulnerability analysis to detect threats that may have bypassed other security controls|
|Security Monitoring||This includes detection of threats through application with rules to logs and security events |
Monitor traffic and endpoint-user-network activity to identify and analyze patterns, trends, outliers that pose risk for the organization. Operationalizing available SIEM technologies can be hard utilizing more time without desired possible outcomes.
|Alert Response||This bridges alert notifications to incident response plan and activation|| |
|Coordinated Remediation and Consultation||Guidance and coordinated action to remediate issues||Coordinate with customer and guide to remediate issues on identifying security threats identified during alert validation or security monitoring or forensic analysis. E.g. isolate infected hosts to contain risk|
|Forensic Analysis||Includes finding root cause of threats or attacks||Find root-cause using manual and automated methods with help of log data / meta data, analysis tools, monitoring, expert skills and sandboxing|
|Threat Modelling and Security Maturity Model Consulting||Includes standards driven Threat Modeling & Security Architecture Design Review||Keeping in mind business goals, important data, access and entry points, conduct risk assessment, vulnerability analysis, analyse data and provide guidance and consultation to be aware of security risks, incident response play books, and improve maturity with time..|
|Support & Reports||Provide customer support and regular reports|| |