Datasheet

Cyber Operations & Intelligence (COI)Our MSS Offering

The cornerstone of Encode’s Managed Security Service (MSS) is our Cyber Operations &

Intelligence (COI) services consisting of the following service modules:

24x7 Real Time Threat Management (RTTM)

This our core Security Intelligence driven Security Incident and Event Management (SIEM) solution-

configured with Encodes 14 years of Red Team offensive cyber expertise. Our SIEM capability is

delivered with Encode’s OEM version of IBM QRadar, Enorasys SIEM - rated in the top-most Gartner

quadrant for being the best and most advanced SIEM technology.

24 x7 Cyber Security Analytics (CSA)

This is a highly advanced Data Analytics capability calibrated to detect Cyber Attack Logic

behavior for which there is no known attack signatures – i.e. the attack and exploit vectors are

unique to the target. This capability is delivered with our Enorasys Security Analytics technology

product – engineered to detect previously unknown combinations of attack and exploit vectors.

Incident Response Orchestration

The ability to respond rapidly in a controlled, targeted manner is essential to combat a breach

before it can progress to inflict significant damage. Having real-time visibility of a single (or

multiple) breach event, technical footprint and event management are key to successful breach

defense. Our Enorasys SOCstreams technology product provides an automated and/or guided

response capability as well as a user-friendly event status console- a single view of all events.

Advanced Targeted Response (ATR)

Through the Incident Response Orchestration Service module, our Cyber-SOC team can deploy

an Endpoint Visibility and Control (EVC) sensor to a targeted endpoint in order to increase

situational awareness in the event of a suspected breach. Also, for any event, using pre-deployed

Network Activity Visibility (NAV) sensors, on-demand activation and acquisition of network session

recordings can be made. This enables us to initiate (through ATR EVC sensors or other network

security gateways) endpoint isolation from the network or blocking of offending IPs/Domains.

encodegroup.com info@encodegroup.com ©2001-2017 Encode. All rights reserved. Confidential, do not distribute

Cyber Operations & Intelligence (COI)

COI Service Architecture

The foundation of our COI Services is Encode’s Cyber-borne Early Warning and Containment

System (CEWACS) – a next generation managed security services platform operated by a Cyber

Operations team possessing unique offensive and defensive expertise.

CEWACS is implemented using our Enorasys Technology stack- Enorasys SIEM, Enorasys

SOCStreams (Incident Response Orchestration) and Enorasys Security Analytics

100% Security is a myth - you will be breached

There is no such thing as a 100% secure perimeter. Encode’s COI services are designed around

the assumption that an IT environment will eventually be compromised. COI focuses on

providing early warning and targeted response: Stopping a breach before it begins to have

significant impact.

Visibility – Situational Awareness is key to early breach detection

24x7 visibility across your environment is critical to ensure all round situational awareness and therefore

early breach detection and response. Our COI Services provide the situational awareness needed

to detect attacks against mission-critical, corporate and Internet-facing systems from any type of

adversary - nation-state or state-sponsored teams, hacktivists, cyber-criminals and insiders alike.

Security Intelligence - Signature based detection

Encode’s COI services deliver a next generation Security Intelligence driven breach Detect, Respond

and Contain capability decoupled from the monitored IT environment. The COI service consumes

global Threat Intelligence feeds to update our extensive threat management database used to

support 24x7 Real Time Threat Monitoring (RTTM).

Cyber Operations & Intelligence – why it’s needed today

encodegroup.com info@encodegroup.com ©2001-2017 Encode. All rights reserved. Confidential, do not distribute

Our MSS Offering

Security Analytics - Signatureless breach detection

Advanced Persistent Threat (APT) based targeted attacks, characterised by their ability to evade

perimeter security using attack and exploit vectors unique to the target, represent the greatest threat

to digital businesses. It’s therefore unlikely signature based detection will pick up such attacks. Encode’s

COI Service uses our Enorasys Security Analytics technology to detect anomalous environment

behavior (against a baseline) and identify patterns of behavior that may be consistent with Cyber Kill

Chain phases. This is our Signatureless based breach detection capability.

Embracing Complexity - Business as Usual, IT Transformation and/or Transition states

Encodes’COI services are designed to embrace IT complexity at any scale, provide deep insight into

IT environment activities and alert on breach Indicators of Compromise (IoC). Our ability to embrace

IT estate complexity at whatever scale and still provide unimpaired breach early warning is a key

strength, advantage and assurance for Encode clients.

Our Cyber-SOC: Working in partnership with our clients

We work in partnership with clients to effectively address the ever-changing cyber security threat

landscape. We deliver our MSS from our Cyber-SOC that is certified to and exceeds ISO 27001. Our

processes and controls both physical and IT security, ensure uninterrupted operations and maximum

protection of our clients’ data and IT operations.

Supporting Agility, Change and the Human Factor

Businesses are always in some state of change- whether intrinsic or deliberate. Deliberate change

can range from increasing agility (e.g. liberalizing electronic access channels and allowing

employees to bring their own devices) to ongoing IT Transformation to fix security gaps and/or

compliance issues.

Benefits

encodegroup.com info@encodegroup.com ©2001-2017 Encode. All rights reserved. Confidential, do not distribute

Cyber Operations & Intelligence (COI)

Change represents complexity and therefore increased (or exposed) attack surface and/

or elevated risk of successful (i.e. undetected) cyber breaches. The human factor (i.e. users)

exacerbates this further. The last line of defence is real-time 24x7 visibility of the IT environment, in

any change state that is able to detect, respond and contain breaches early enough to minimize

damage. Our COI service is change agnostic- i.e. we can observe, monitor, detect, respond and

contain a breach regardless of IT environment complexity at any change state.

Augments cyber defense capabilities

Advanced cyber threats are designed, instrumented and operated by humans and not a

“mindless” peace of code such as common malware. This makes the battle with traditional (or less

traditional) “automated technical controls”totally uneven and in favor of the attacker.

Our COI services ‘evens up the score’ with next generation signature and signatureless breach

detection to augment existing Cyber defences needed in today’s Cyber Threat Landscape.

Goes beyond Security Monitoring

Our approach is designed around ‘Use-Cases’ and, by leveraging our advanced security analytics

technology and proactive threat hunting processes, goes beyond traditional security monitoring. We

can detect cyber threats as they occur and before they have an impact on our clients’ business.

Your security partner

Our 24x7 Cyber Operations & Intelligence capabilities enable us to be our clients’ vigilant security

partner to provide immediate and on-the-spot response to their security needs.

Our service modules can be deployed in a number of modes to meet client requirements. The

table below illustrates the possible COI solution deployment available.

Benefits

COI Services – Deployment modes

Managed CloudSoftware as a Service (SaaS)

Managed on Premise On Premise

24 x7 RTTM (Enorasys SIEM)

24x7 Cyber Security Analytics(Enorasys Security Analytics)

Incident Response Orchestration

(Enorasys SOCStreams)

Advanced Targeted Response