Datasheet
Cyber Operations & Intelligence (COI)Our MSS Offering
The cornerstone of Encode’s Managed Security Service (MSS) is our Cyber Operations &
Intelligence (COI) services consisting of the following service modules:
24x7 Real Time Threat Management (RTTM)
This our core Security Intelligence driven Security Incident and Event Management (SIEM) solution-
configured with Encodes 14 years of Red Team offensive cyber expertise. Our SIEM capability is
delivered with Encode’s OEM version of IBM QRadar, Enorasys SIEM - rated in the top-most Gartner
quadrant for being the best and most advanced SIEM technology.
24 x7 Cyber Security Analytics (CSA)
This is a highly advanced Data Analytics capability calibrated to detect Cyber Attack Logic
behavior for which there is no known attack signatures – i.e. the attack and exploit vectors are
unique to the target. This capability is delivered with our Enorasys Security Analytics technology
product – engineered to detect previously unknown combinations of attack and exploit vectors.
Incident Response Orchestration
The ability to respond rapidly in a controlled, targeted manner is essential to combat a breach
before it can progress to inflict significant damage. Having real-time visibility of a single (or
multiple) breach event, technical footprint and event management are key to successful breach
defense. Our Enorasys SOCstreams technology product provides an automated and/or guided
response capability as well as a user-friendly event status console- a single view of all events.
Advanced Targeted Response (ATR)
Through the Incident Response Orchestration Service module, our Cyber-SOC team can deploy
an Endpoint Visibility and Control (EVC) sensor to a targeted endpoint in order to increase
situational awareness in the event of a suspected breach. Also, for any event, using pre-deployed
Network Activity Visibility (NAV) sensors, on-demand activation and acquisition of network session
recordings can be made. This enables us to initiate (through ATR EVC sensors or other network
security gateways) endpoint isolation from the network or blocking of offending IPs/Domains.
encodegroup.com [email protected] ©2001-2017 Encode. All rights reserved. Confidential, do not distribute
Cyber Operations & Intelligence (COI)
COI Service Architecture
The foundation of our COI Services is Encode’s Cyber-borne Early Warning and Containment
System (CEWACS) – a next generation managed security services platform operated by a Cyber
Operations team possessing unique offensive and defensive expertise.
CEWACS is implemented using our Enorasys Technology stack- Enorasys SIEM, Enorasys
SOCStreams (Incident Response Orchestration) and Enorasys Security Analytics
100% Security is a myth - you will be breached
There is no such thing as a 100% secure perimeter. Encode’s COI services are designed around
the assumption that an IT environment will eventually be compromised. COI focuses on
providing early warning and targeted response: Stopping a breach before it begins to have
significant impact.
Visibility – Situational Awareness is key to early breach detection
24x7 visibility across your environment is critical to ensure all round situational awareness and therefore
early breach detection and response. Our COI Services provide the situational awareness needed
to detect attacks against mission-critical, corporate and Internet-facing systems from any type of
adversary - nation-state or state-sponsored teams, hacktivists, cyber-criminals and insiders alike.
Security Intelligence - Signature based detection
Encode’s COI services deliver a next generation Security Intelligence driven breach Detect, Respond
and Contain capability decoupled from the monitored IT environment. The COI service consumes
global Threat Intelligence feeds to update our extensive threat management database used to
support 24x7 Real Time Threat Monitoring (RTTM).
Cyber Operations & Intelligence – why it’s needed today
encodegroup.com [email protected] ©2001-2017 Encode. All rights reserved. Confidential, do not distribute
Our MSS Offering
Security Analytics - Signatureless breach detection
Advanced Persistent Threat (APT) based targeted attacks, characterised by their ability to evade
perimeter security using attack and exploit vectors unique to the target, represent the greatest threat
to digital businesses. It’s therefore unlikely signature based detection will pick up such attacks. Encode’s
COI Service uses our Enorasys Security Analytics technology to detect anomalous environment
behavior (against a baseline) and identify patterns of behavior that may be consistent with Cyber Kill
Chain phases. This is our Signatureless based breach detection capability.
Embracing Complexity - Business as Usual, IT Transformation and/or Transition states
Encodes’COI services are designed to embrace IT complexity at any scale, provide deep insight into
IT environment activities and alert on breach Indicators of Compromise (IoC). Our ability to embrace
IT estate complexity at whatever scale and still provide unimpaired breach early warning is a key
strength, advantage and assurance for Encode clients.
Our Cyber-SOC: Working in partnership with our clients
We work in partnership with clients to effectively address the ever-changing cyber security threat
landscape. We deliver our MSS from our Cyber-SOC that is certified to and exceeds ISO 27001. Our
processes and controls both physical and IT security, ensure uninterrupted operations and maximum
protection of our clients’ data and IT operations.
Supporting Agility, Change and the Human Factor
Businesses are always in some state of change- whether intrinsic or deliberate. Deliberate change
can range from increasing agility (e.g. liberalizing electronic access channels and allowing
employees to bring their own devices) to ongoing IT Transformation to fix security gaps and/or
compliance issues.
Benefits
encodegroup.com [email protected] ©2001-2017 Encode. All rights reserved. Confidential, do not distribute
Cyber Operations & Intelligence (COI)
Change represents complexity and therefore increased (or exposed) attack surface and/
or elevated risk of successful (i.e. undetected) cyber breaches. The human factor (i.e. users)
exacerbates this further. The last line of defence is real-time 24x7 visibility of the IT environment, in
any change state that is able to detect, respond and contain breaches early enough to minimize
damage. Our COI service is change agnostic- i.e. we can observe, monitor, detect, respond and
contain a breach regardless of IT environment complexity at any change state.
Augments cyber defense capabilities
Advanced cyber threats are designed, instrumented and operated by humans and not a
“mindless” peace of code such as common malware. This makes the battle with traditional (or less
traditional) “automated technical controls”totally uneven and in favor of the attacker.
Our COI services ‘evens up the score’ with next generation signature and signatureless breach
detection to augment existing Cyber defences needed in today’s Cyber Threat Landscape.
Goes beyond Security Monitoring
Our approach is designed around ‘Use-Cases’ and, by leveraging our advanced security analytics
technology and proactive threat hunting processes, goes beyond traditional security monitoring. We
can detect cyber threats as they occur and before they have an impact on our clients’ business.
Your security partner
Our 24x7 Cyber Operations & Intelligence capabilities enable us to be our clients’ vigilant security
partner to provide immediate and on-the-spot response to their security needs.
Our service modules can be deployed in a number of modes to meet client requirements. The
table below illustrates the possible COI solution deployment available.
Benefits
COI Services – Deployment modes
Managed CloudSoftware as a Service (SaaS)
Managed on Premise On Premise
24 x7 RTTM (Enorasys SIEM)
24x7 Cyber Security Analytics(Enorasys Security Analytics)
Incident Response Orchestration
(Enorasys SOCStreams)
Advanced Targeted Response
Top Related