Identify incidents as early as possible.
It’s impossible to detect everything, even with gigantic resources. Experience in the field, or simply reading the list of attack techniques and sub-techniques referenced in MITRE ATT&CK, will quickly convince you that you need to concentrate your detection resources, based on quality intelligence and in a very dynamic way, where they will produce the maximum opportunity to detect an attack as early as possible, and at an operational cost that you know you can finance.
The difficulty with detection: when you don’t detect anything, you don’t know if there was nothing to detect… or if you didn’t look hard enough!
SOC : Managed Detection & Response
Detect and proactively initiate remediation actions
Almond’s ambition with the Almond CWATCH SOC managed services deployed from 2016: to define with you, according to the threat and your risks, a reasonable ambition for detection that you know how to finance, to rapidly build a suitable and perfectly industrialized system, then to operate it with constant attention to steering and arbitration, enabling you, within a controlled budget, to benefit over time from the best possible detection coverage.
The mission of the Almond CWATCH SOC is to detect as many attacks as possible as early as possible, to help your teams respond to them, to automate what can be automated to save time and sanity, and finally to provide you with the information you need to understand the situation at every level of your organization.
Managed External Vigilance
Use operational Cyber Threat Intelligence to detect attacks in preparation or execution…
External vigilance consists in relying on information from operational Threat Intelligence, in particular observables collected on the Internet which are markers of an operation in preparation against your interests, or even in execution or in the past.
It also involves identifying all the information that your organization, your employees, or even your partners have deliberately or negligently left on the Internet, and which are so much “free ammunition” left to your adversaries.
The Almond CWATCH SOC has developed comprehensive solutions, based on tools from the Group’s innovation and R&D teams and partners, to deliver high-quality, accessible external vigilance.
A wide range of services, products and solutions
We work on a wide range of projects:
- MSSP managed services: SOC + CTI + CERT
- Products from Almond and Amossys innovation and R&D teams: OSINT, cyber range, adversary emulation, usecase management…
- Expertise in building operational security services and deploying DevSecOps processes and technologies
- SOC audit: effectiveness, detection coverage, state of the art
- PDIS consulting services
- Assistance in delegating analysts, lead SOC…