Managed Detection and Response Service

Managed Detection and Response (MDR) is the evolution of the managed Security Operations Centre (SOC) service. Nview is a MDR service which provides advanced threat detection and a key element missing in most traditional SOC’s offerings… the human element.

Nview is built and maintained by Nclose with almost a decade of experience in delivering managed security services, security assessment services and consulting services. Combining this experience with a blend of open source and in house written applications has produced a leading edge MDR solution.

Traditionally SOC’s have relied on vendor supplied use cases or traditional technologies like Antivirus or Web Filtering to detect threats. These traditional inputs often generate false positives or require significant tuning to be truly effective, and this is rarely done proactively.

Nview allows clients with stretched security budgets and thinly spread security teams to have a world class SOC, with the latest detection methods being employed.

How is it different

Nview is different, we incorporate next generation concepts to detect threats which are missed by
traditional security technologies. These include:

01.

Threat Hunting

Regular, scheduled threat hunting by experienced analyst finds anomalies missed by security technologies.

02.

Beyond Security Logs

Monitoring beyond the traditional security software sources. DNS traffic, application processes and other sources are often overlooked but can provide a wealth of information.

03.

Honeypots

Honeypots or deceptive technologies alert us when intruders or malware is attempting to move laterally in your network.

04.

Building Intelligence

Build our own threat intelligence based on previous events seen in the MDR centre. Traditional threat feeds are also consumed and tuned for maximum effectiveness.

05.

Mitigate Defense Regression

Actively mitigate against “alert fatigue” and “defense regression”, a common risk against effectively detecting breaches or security incidents.

06.

Hybrid Offering

Offer a hybrid cloud/onsite model to allow clients to make use of data analytics onsite for operations and security.

07.

Context Aware

We take contextual information into consideration. This is imperative in order to assign an effective risk to incidents.

08.

Effective Measurement

Our monthly reports measure how effective Nview protects your organisation from a threat perspective, highlighting any gaps where defences should be re-focused.

Think like an attacker?

For years the security industry has alluded to the fact that as defenders we need to think like attackers, however this approach has failed.

We believe in thinking like an “investigator”. So many times we hear of breaches being discovered months after the fact, often by third parties.

What happens after the initial discovery? Forensic investigators trawl through logs to establish what happened, often older logs may be deleted or otherwise unavailable, making the task extremely difficult.

We believe in performing this investigative action proactively, looking for the activities in real time in order to detect malicious behavior in real time.

FAQ

As an organisation, we are not at high risk of becoming a target of an advanced attack. Do we really need Nview?

Nview provides more than detecting advanced attacks. Meeting compliance requirements and being able to detect fresh malware that traditional security technologies don’t detect are a key benefit that some organizations seek out of Nview.

Tell me about the “Response” part of Managed Detection and Response?

We believe that all alerts need to be responded to in some fashion. To this effect we aim to minimize the number of false positive alerts, and also ensure there was a response to true positive alerts. Sometimes the response was already done by a security technology in your environment, in severe cases we may suggest that an onsite response be initiated.

What is this “threat hunting” business everyone is talking about?

Threathunting entails an analyst manually reviewing various log files with the view of finding anomalies that require further investigation. We know that security technologies often miss threats, and threat hunting is designed to mitigate this.

Often a threat hunt reveals a mis-configuration or bad behavior from an application, but at times it will reveal malicious activity.

Can I Pilot Nview?

Yes, most clients wish to pilot Nview in order to gauge its effectiveness. A pilot generally runs for 2-3 months and may have an associated but palatable cost due to the level of initial effort required.

How can I showcase Nview value to my executive team?

Monthly executive reports are provided. These reports have the executive audience in mind, and can be customized to your organizations requirements. As a baseline we track threat and system coverage so any gaps are clearly tracked and improved.

Is Nview run on hardware appliances?

Nview is a software based deployment but virtual appliances are available. Nview works best on physical hardware but virtual hardware is perfectly acceptable. Hardware specification is dependent on the environment. As a managed service, clients need not worry about configuring and maintaining Nview.

Can I retain logs for X years.

We typically retain 3 months of data in our MDR centre, however many customers have much longer retention periods for logs onsite. Provided storage space is available, logs can be retained for many years. Should offsite retention be required, periods of longer than 3 months is available.

We have a distributed network, will Nview work?

Yes, some of our clients have global networks, micro branches scattered around the globe. These branches are high risk and should not be ignored when security is considered.

Pricing / Contact

Our service and effectiveness improves as we consume more data from your environment, and our pricing model reflects this to encourage multiple sources of data.

Nview has a simple pricing model without requiring complex calculations on Events Per Second (EPS).

For more information please contact us:

Tel: 0860 625 673 / 0860 NCLOSE
Email: info@nclose.com

  • This field is for validation purposes and should be left unchanged.