BI.ZONE TDR
Threat Detection and Response
BI.ZONE TDR allows you to manage incidents at all stages—before, during and after the occurrence. We build an effective monitoring strategy to repel ongoing attacks, as well as investigate past incidents and provide recommendations to prevent them in the future.
This is achieved by collecting and analyzing events from a variety of log sources combining agent and agentless mechanisms
We apply retrospective analysis of events and collect forensic artifacts using EDR
Collecting EDR/NTA telemetry enables quick detection of incidents that are invisible to regular audits and security controls
Using EDR allows you to delegate the response tasks to professionals
Our recommendations, combined with EDR-based detection of vulnerabilities and weaknesses, can prevent future attacks
We will help turn your CAPEX into ОPEX to avoid the costs of purchasing, installing and maintaining security tools
Launching BI.ZONE TDR will take less time than integrating third-party solutions or creating a corporate SOC
You will work with a team of experts certified by international security authorities
We will detect attacks before any damage to your infrastructure, and prevent financial losses
Different levels of the service allow you to purchase specific solutions that are relevant to your organization
We identify typical incidents using correlation rules and TI on events from the most common sources. You will receive automated recommendations for response
We detect a wide range of incidents using correlation rules and TI on events from any security tools as well as native auditing of the IT infrastructure components. Our experts will provide recommendations on how to respond to incidents
We detect incidents, including advanced attacks, using TI, correlation rules and threat hunting on telemetry from EDR/NTA. Our experts provide active response via EDR. We also uncover past incidents and vulnerabilities as well as configuration weaknesses that could lead to incidents
Maximum visibility of the infrastructure and incidents management at all stages of their life cycle under our experts’ control. This combines Focus and Horizon capabilities
| Vision | Horizon | Focus | Panorama | |
|---|---|---|---|---|
|
Collection of events from a fixed set of log sources
|
||||
|
Collection of events from any log source
|
||||
|
Gathering of extended endpoint and network telemetry (via EDR/NTA)
|
||||
|
Monitoring of cloud infrastructures: AWS, GCP, Microsoft Azure, SaaS (Office 365 and others)
|
| Vision | Horizon | Focus | Panorama | |
|---|---|---|---|---|
|
Automated incident detection based on correlation rules and TI data
|
||||
|
24/7 monitoring of correlation rule triggers by our experts
|
||||
|
Fixed set of correlation rules
|
||||
|
Constantly updated set of correlation rules
|
||||
|
Development of individual correlation rules according to client requirements
|
||||
|
Correlation rules for detecting advanced attacks
|
||||
|
Usage of YARA rules for detection
|
||||
|
Manual proactive search for incidents by our experts (threat hunting)
|
| Vision | Horizon | Focus | Panorama | |
|---|---|---|---|---|
|
Automated notifications and recommendations on detected incidents (direct alerts)
|
||||
|
Notifications and recommendations regarding detected incidents, prepared by our experts
|
|
|||
|
Active response to detected incidents using EDR provided by our experts
|
| Vision | Horizon | Focus | Panorama | |
|---|---|---|---|---|
|
Our experts develop customized rules for automatic threat prevention based on the response results
|
||||
|
Automatic prevention of known threats based on rules provided by our experts
|
| Vision | Horizon | Focus | Panorama | |
|---|---|---|---|---|
|
Detection of past attacks that are currently inactive
|
| Vision | Horizon | Focus | Panorama | |
|---|---|---|---|---|
|
Continuous detection of infrastructure vulnerabilities and weaknesses
|
||||
|
Validation of detected weaknesses and vulnerabilities by our experts
|
| Vision | Horizon | Focus | Panorama | |
|---|---|---|---|---|
|
24/7 technical support
|
||||
|
Incident notification via email
|
||||
|
Incident notification via Telegram
|
||||
|
Notification of critical incidents by phone
|
||||
|
Client portal with automated incident reports, statistics and dashboards
|
||||
|
The option of creating incidents on your own in your client portal or via email
|
||||
|
Client portal REST API
|
||||
|
Consultation with BI.ZONE SOC experts
|
-
We will provide a demo and more details about the service
-
We will give you a free Proof of Concept to evaluate the service
