service

Monitoring Detection & Response

CipherTechs protects corporate assets through visibility and rapid response to security related events occurring within your environment.

CipherTechs MDR service is designed to monitor, detect, and respond to security events within the corporate network, cloud, and endpoint environments. Our approach to this service is to collect security related event information from a client’s infrastructure to discover anomalous or malicious activity. These events are collected and processed either through a client owned SIEM platform or through a CipherTechs’ provided infrastructure that integrates into our internal SIEM system. The logs and alerts are then reviewed and analyzed by our SOC analysts on a 24/7/365 basis.

Response to the relevant security events are defined within one of the following three service tiers:

Tier 1 - Essential Detection and Response

Event monitoring, notification of detections, no direct access to client security stack for context or remediation actions.

Tier 2 - Augmented Detection and Response

Event monitoring with limited access to client controls, ability to respond where access is permitted. Ability to tune controls and SIEM detections to increase detection capabilities and reduce noise. Assist client teams with containment actions.

Tier 3 - Complete Detection and Response

Monitoring with full access to client controls, ability to respond and contain and security events based on established playbooks and eradicate malicious activity. Assist clients in tuning and recommend opportunities for configuration changes to increase security and effectiveness of detection.