Managed Services
CDC Operational Services
Inside the Cyber Defense Center’s Operations are included all the activities related to the implementation and review of security policy and all the activities needed for the monitoring of security events. Provide the Customer with a Report of the findings and recommendations.
In the event that the Customer lacks the resources or capabilities to manage the CDC, Cyberm offers CDC Operational Services. This Residency Service enables the Customer to (partially or completely) outsource this function to seasoned experts, customized to meet the SLA agreed. Residency Services are flexible offerings that support routine, critical, or executive-level activities and are designed to augment existing staff with onsite consultants. These experienced consultants provide expertise and support in the form of knowledge transfer, establishment of best practices, and dedicated, full-time management of the solution.
CDC Resident Services:
1. CDC Manager
A CDC Manager should be capable of leading 24x7x365 Customer Cyber Defense Center team and taking responsibility for providing overall leadership, guidance, and direction for a 24x7x365 team of security operations analysts and engineers. A CDC Manager ensures service SLAs, and manages a team that gathers and reports on cyber threats. Also, a CDC Manager provides a thoughtful response to ensure the uninterrupted and consistent delivery of business and information technology services.
2. Service Delivery Manager
The Service Delivery Manager will be responsible to liaise and interact with the relevant application owners, project teams and resources, required to perform the scoped activities of the Operation Phase effectively, monitor tasks execution and manage issues, risks, deliverables and expectations. Manage the interaction between the team and any other external entity that need to use or receive some of the output of the activities performed by the CDC team.
3. Level 1 Analyst
A Level 1 Analyst participates in 24 x 7 x 365 coverage for event monitoring and incident detection and also supports preliminary incident response where appropriate.
Level 1 Analyst analyzes output from various technologies in order to effectively identify anomalous events and investigative security incidents. Also, a Level 1 Analyst must be able to analyze event logs/system logs (both independently and within a SIEM) from Windows Operating Systems and Unix/Linux Operating Systems
Level 1 Analyst analyzes output from various technologies in order to effectively identify anomalous events and investigative security incidents. Also, a Level 1 Analyst must be able to analyze event logs/system logs (both independently and within a SIEM) from Windows Operating Systems and Unix/Linux Operating Systems
4. Level 2 Analyst
A Level 2 Analyst participates in an 8×5 operation that supports monitoring and is directly responsible for responding to security events. He provides a technical escalation point during Security Incidents, establishing extent of threat, business impacts and then advising and performing the most suitable course of action to contain and remedy the incident.
A Level 2 Analyst maintains a good knowledge of the threat landscape and helps enhance current techniques and provides support in the identification of new methods of detecting threats. He performs detailed analysis of security events, using analytical skills and advanced knowledge of IT security and network threats.
5. Level 3: Malware and Forensic Analyst
A Malware Analyst works in the field of computer and network security performing advanced research, analysis, and development of capabilities related to malicious software, such as bots, worms, and Trojans to understand the nature of their cyber threats. Malware Analyst is responsible for the enumeration of malware functionality and artifacts, identify vulnerabilities of computer, mobile and applications and how they may be exploited, perform research related to zero day threats (APT) and identify obfuscation and encryption techniques.
6. CDC Engineer (Content Engineer)
A CDC Engineer is responsible mainly for fine tuning/update of use cases, alerts, technology rules signature and indicators. New data content authentication and validation is part of their responsibility. The role is required to be a decision-maker on parser tuning and maintenance for Information security threats.
7. Threat Intel Analyst (TIA)
A TIA performs cyber intelligence threat analysis and works with engineers and analysts on matters relating to the execution of the CDC’s cyber intelligence threat assessment activities.
TIA conducts research and develop/deliver timely protective and predictive cyber intelligence threat assessments. Perform intelligence analysis of cyber activities to attribute entities of interest; their tactics, techniques, procedures, motives, and capabilities; determine malicious behavior; and correlate multiple events and fuse information from multiple sources to determine patterns in malicious activity and associated malware. Works to maintain existing, and develop new, cyber intelligence contacts in the cyber intelligence community.
TIA investigates research and develops independent assessments of cyber intelligence by third parties including CDC partners.
8. Security Architect
The Security Architect is responsible for the low level design, implementation and testing of CDC platforms in alignment with High level designs and internal Customer requirements. He will be responsible for the initial realization and configuration of monitoring technologies, testing in alignment with Customer CDC mission. He will also be responsible for the operation and maintenance of development and testing platforms.
Cyber Security Monitoring - ONBOARDING
The Onboarding service evaluates monitored devices configuration in order to guarantee that they provide an optimal visibility into the customer environment. In case any gap is identified, these are remediated and then the to be monitored devices are connected to the Managed Cyber Defense Partner Services for Real Time Device Monitoring.
Cyber Security Custom Report
The Cyber Security Custom Report services produces detailed reporting about Malicious Activities detected by the Managed Cyber Defense Monitoring Service. The format and template of the report has to be agreed with the customer.
Incident Response Remote Support (24x7)
The Incident Response Remote Support provides Remote Incident Response Team support in order to quickly respond to incidents detected by the Managed Cyber Defense service and which the customer is not able to respond to. The Team will provide guidance and support on how respond to the incidents.
Fly to site Incident Response (24x7)
For any Incident Investigation included in IR, Customer shall contact Partner to request an Incident Investigation. It will be mutually agreed on an appropriate number of responders based on the nature and type of security incident. Following Incident Investigation Registration, Cyberm will make arrangements to fly onsite to conduct an Incident Investigation in accordance with the Service Level Agreement.
Social Media Monitoring Service
The purpose of a Social Media Monitoring (“SMM”) Service is to monitor cyber space to proactively prevent and detect the growing number of cyber-attacks. The Cyberm SMM Service infiltrates the Cyber Underground virtually and physically to reduce fraud, protect enterprise assets, and mitigate criminal activities Our methodology incorporates human intelligence (HUMINT) analysts with cyber intelligence (CYBINT) gleaned from disparate toolsets to support protective intelligence investigations, enhanced cyber threat analytics, and the identification of social unrest for both the commercial and public sector customers. We assists our customers with the establishment of a sustainable monitoring capability that will provide real-time (or near-real time) insights into current and emergent cyber threats, social media brand monitoring and management, and establishing the means for converting social interactions into a strong cyber intelligence and response capability for enhanced incident response activities. This capability will be achieved through the ingestion, aggregation, analysis, and correlation of real-time feeds from various sources. Our analysts perform interactive and passive monitoring across the spectrum of social media outlets relevant to the population of our Customer’s geography, which will, where applicable, include vetted cyber underground forums, chat rooms and discussion forums. Monitoring for potential asymmetrical threat vectors will be performed in order to identify threats that may introduce unwanted risks or vulnerabilities to the organization or nation. Common user concerns, issues and threats that could be addressed during this service, but are not limited to: • Targeted threats against the organization/nation • Sponsored attacks • Cyber campaigns or scams • Posts or calls-to-action • Civil Unrest • Terrorism • Other threats to be defined
Resident Services
In the event that the Customer lacks the resources or capabilities to manage a specific or set of solutions, Cyberm offers Operational and Residency Services for certain technology areas. Operational Services enable enterprises to outsource key IT functions to seasoned experts, customized to meet the Customer’s requirements. These services can be delivered onsite and/or remotely. Residency Services are flexible offerings that support routine, critical, or executive-level activities and are designed to augment existing staff with onsite consultants. These experienced consultants provide expertise and support in the form of knowledge transfer, establishment of best practices, and dedicated, full-time management of the solution.