F-secure Rapid Detection &
Response Service

Managed detection and response service against targeted cyber attacks

Request a demo

Report a breach

World-class threat identification team at your service

F-Secure's elite threat identification team prepare your organization for advanced cyber attacks, before and after they happen. Our fully managed service is designed to detect the most skilled of attackers within minutes, with around-the-clock coverage. F-Secure Rapid Detection & Response Service gives you a small number of filtered and accurate detections, enabling you to respond to real threats with actionable guidance from our experts.

Our service is committed to the following:

Experienced threat hunters from F-Secure watching over your environment 24x7x365

Max 30 minutes from breach detection to response, as agreed in a Service Level Agreement

High-quality detections, with actionable response guidance by F-Secure experts

How does the F-Secure Rapid Detection & Response Service service detect and respond to human-conducted attacks?

Your Organization PR Marketing Finance Events F-Secure Detection and Forensics Platform Real-time behaviour analysis Big data analysis Reputational analysis Anomalies F-Secure Rapid Detection & Response Center Threat hunters Incident responders Forensic experts max 30 mins CISO

How Does a Targeted Cyber Attack Usually Happen?

Attackers will first gain access to your IT infrastructure. This typically happens either by exploiting a known vulnerability in one of your servers, or by using a combination of spear-phishing emails and web exploits targeting one of your customer-facing teams.

After gaining an initial foothold in your IT infrastructure, the attackers will try to access or seize control of the data they're after.

Typically, they accomplish this by using existing IT administrator tools included in Windows, Mac and Linux operating systems, such as PowerShell, Windows Remote Management and Service Commands.

How do we detect attacks?

Real-time behaviour analysis

Big data analysis

Reputational analysis

The F-Secure Rapid Detection & Response Service includes lightweight intrusion detection sensors for endpoints, networks and decoy servers that are deployed across your IT infrastructure. The sensors monitor activities initiated by the attackers, and stream all information to our cloud in real-time.

Our cloud-based service hunts for anomalies in the data by using a combination of advanced technologies, such as real-time behavioral analytics, big data analytics and reputational analytics. Anomalies are hunted from two perspectives: known and unknown malicious behavior.

The use of different types of analytics ensures that attackers are not able to remain undetected, even when using evasion tactics designed to fool specific detection methods.

How Do We Respond?

Threat hunters

Incident responders

Forensic experts

Anomalies are flagged to our threat hunters in the F-Secure Rapid Detection & Response Center, who work 24x7x365 to verify them and filter out false positives.

Once our threat hunters have confirmed that an anomaly is an actual threat, they will alert you in less than 30 minutes. Our threat hunters will guide you through the necessary steps to contain and remediate the threat. We also provide detailed information about the attack, which can be used as evidence in criminal cases.

Our on-site incident response service is also available to assist you in difficult cases, or in cases where your own experts are unavailable.

Our team is at your service 24x7x365

At the core of the F-Secure Rapid Detection & Response Service is our F-Secure Rapid Detection & Response Center, which is the base of operations for all of our detection and response services.

At the center, cyber security experts work 24/7 to hunt for threats, monitor data and alerts from customer environments, and flag anomalies and signs of data breaches.

365x24x7

Staff at our F-Secure Rapid Detection & Response Center are trained to handle a variety of tasks

Their main tasks fall into three different roles:

Threat identification team

First responders who monitor the service, hunt for threats and maintain contact with the clients

Incident Responders

Tackle complex cases that clients are unable to handle on their own, usually assist clients on-site

Forensics Experts

Specialized in the most difficult cases, even the most complicated nation state-originated attacks

Details

Lightweight, discreet monitoring tools designed to be deployed on all relevant Windows, Mac OS, and Linux computers within your organization. Sensors are custom-configured for each organization and are easily deployed using standard IT remote administration tools. These components collect behavioral data from endpoint devices using well-documented mechanisms, and are specifically designed to withstand attacks from adversaries. The sensors are data collectors, requiring very little maintenance. The sensors are also designed to function in Payment Card Industry Data Security Standard (PCI-DSS) compliant environments.

Network and Decoy Sensors are designed to be deployed across your organization's network segments. Decoy Sensors work as honeypots, giving you an effective, low-noise method of identifying post-breach activity. Honeypots emulate popular services including SSH, HTTP, and SMB, and are designed to mimic Windows servers, workstations, file servers and even VOIP servers. Network Sensors analyze all connection attempts to and from your organization's network, and record selected network traffic, analyzing files that arrive to the system.

You will be alerted within 30 minutes from the moment an anomaly is flagged as a threat. With the dashboard, you can stay on top of all alerts that have been reported as actual threats, as well as other suspicious activity that our threat hunters have reviewed and detected as potential threats. Actionable guidance from our experts helps you respond to threats promptly, and manage the verification process of less critical detections. In addition, the dashboard provides continuous visibility into all installed sensors and hosts.

All data collected from customer deployments is sent through encrypted channels and stored on controlled, secured servers. Access to data is carefully restricted to only authorized users and authorized purposes. All data is physically stored in Europe. We respect our users' privacy and our customers' need to protect sensitive data and corporate secrets – data collected from one customer is never shared with other customers. Contact us for more information on our privacy and confidentiality policies, especially in regards to data handling.

Lightweight, discreet monitoring tools designed to be deployed on all relevant Windows, Mac OS, and Linux computers within your organization. Sensors are custom-configured for each organization and are easily deployed using standard IT remote administration tools. These components collect behavioral data from endpoint devices using well-documented mechanisms, and are specifically designed to withstand attacks from adversaries. The sensors are data collectors, requiring very little maintenance. The sensors are also designed to function in Payment Card Industry Data Security Standard (PCI-DSS) compliant environments.