Each client, each company, each environment has different needs, concerns and challenges, which is why each statement of work and managed service solution is customized for every client.
- Highly customized services tailored to help organizations realize their security goals
- Customer-driven Service Level Agreements (SLAs)
- Flexible contracts and pricing
CipherTechs’ approach has been developed to maximize value for its clients by ensuring the lifecycle of both technology and process have been considered. CipherTechs understands that during the life of the service contract, its clients face multiple changes in personnel, process, and technology, and that each plays a major factor in the risk considerations for the overall security program.
In order to provide the highest level of cyber security visibility possible, CipherTechs has built the following Quality Management System (QMS) framework to quantify the service efforts. This framework is used to hold CipherTechs and the client accountable to the agreed upon deliverables and ensures all security incidents are actioned in an appropriate manner. Furthermore, by tracking these categories CipherTechs’ MSSP team can quantify efforts with each client to describe where their time and efforts have been focused.
Below are the descriptions of each QMS category CipherTechs provides in its MSSP service:
Application Management: CipherTechs assumes day to day responsibility of the security control(s) identified as in scope, ensuring those systems are functional and available during the length of the contract. Tasks would include (but aren’t limited to): Troubleshooting, Availability Monitoring, Liaison with Vendor Support, backup configuration/testing, Upgrading/Patching/Hot Fixing, Health Checks, Configuration Auditing, System integrations and more.
Policy Governance: CipherTechs will ensure continuous improvement for the security application(s) under management. Any changes related to policy or rule modifications, including tuning, and creating new policy to improve efficacy and accuracy of the tool are labeled as a policy governance task. CipherTechs ensures proactive measures by requiring its team to hunt for and build new policy/rules when false positives are identified, but also has a monthly minimum of policy governance actions built into its support service. Clients can request as many changes to the in-scope system as they’d like in order to maintain a high security.
Incident Response (Full Spectrum Analysis): CipherTechs will ingest and triage security events from the tools identified in the monitoring contracts and/or analyze events from the systems in scope, performing “Full Spectrum Analysis”.
- Contextual Information Gathering: Analysts collect items such as the; who, what, where, when, why, and how. They also gather timeline information and peripheral tool information as available to build a narrative of the event.
- Validation: Analysts then determine the reason for the suspect activity or malicious trigger and take any available IOCs or IOAs from the event to perform a cross reference search with both subscribed and open source threat intelligence. This provides further information and could lead to supplemental detections and/or deem the event a false positive.
- Intent Statement & Recommendation: The resulting data from validation typically will be turned into an actionable recommendation on how to best mitigate the event to prevent any future compromise. All investigations aim to determine the intent of the individual or group associated with the trigger event. Determining the indicator of attack or indicator of compromise is what our analysts aim to spell out to clients, so they can use that information for next steps.
Reporting & Metrics: CipherTechs will provide the client with service KPIs and Security Trending data from the tools under contract. Our goal as an MSSP is to provide the best security possible while allowing our clients to focus on more strategic initiatives for the business they perform. Our security reports provide actionable intelligence to the client to make strategic security decisions pertaining to the overall cyber risk of the organization. Furthermore, any ad hoc compliance and regulatory reporting requests will be provided as needed or scheduled for automatic delivery.
Quality Assurance: This QMS category is a way to ensure that the MSSP team is meeting client expectations and holding themselves accountable for the contract deliverables. CipherTechs names multiple resources to ensure the service is delivered successfully, including a Project Manager, SOC Program Manager, and Technical Lead(s). Tasks for QA are built into the service to build a detailed playbook, inclusive of SOPs, Escalation Workflows, RAACI Matrix, and perform audits of support cases. Weekly meetings and case reviews are also performed with the client to ensure service delivery expectations are being met.
These five categories make up CipherTechs’ QMS framework and every task or action performed by the MSSP team will be marked in the support portal as one of these buckets. We strongly feel as an MSSP provider that defining our approach and using analytics to visualize our service provides a stronger connection to our clients, allowing for clear communication in both normal operations and high-fidelity security engagements.
Our highly qualified engineers:
- Have a deep and wide array of experience that can act as a knowledge resource for your organization and we respond 24/7 to critical emergencies
- Have over 100 years of combined experience
- Are certified in each product we sell
- CipherTechs does not sell any technology that was not first vetted and approved by our engineering team. We take pride in being a full service, engineer-driven solutions provider – offering the highest level of partnership at the best price.
- Security-focused support and engineering staff
- Direct access to full complement of CipherTechs resources
- Ongoing communication on status and risks to client’s environment
- Management, upgrades, analysis, forensics, and security recommendations
- Daily, weekly, monthly or quarterly tasks
- Configurations, implementations, reporting, monitoring, upgrades
- Vendor agnostic approach utilizing layered technology solutions – (there is no one solution)
- CipherTechs integrates security solutions with your existing network and finds the best products for your best solution
- Leveraging collective security expertise with on-demand resources
- CipherTechs can be your Incident Response team, identifying and containing security incidents as well as providing a full digital forensics review