F-Secure Rapid Detection Service

Managed detection and response service against targeted cyber attacks

Request a demo

Report a breach

Detecting the Undetectable: Man + Machine

Rapid Detection Service helps prepare your organization for advanced cyber attacks, before and after they happen. Our fully managed service is designed to detect the most skilled of attackers, whether they're using malware or non-malware tactics, techniques, and procedures. It enables you to respond to threats promptly, with actionable guidance from our experts.

Our service is committed to the following:

Cyber security experts keeping watch
over your environment 24x7x365

Max 30 minutes from breach detection to response committed in Service Line Agreement

$

Immediate return on investment
as a turnkey managed service

Gartner Market Guide for Managed Detection and Response Services

F-Secure is proud to have been listed by Gartner as a representative vendor of Managed Detection and Response Services, 2017. Read a complimentary copy of the Market Guide to get an authoritative update on the topic.

How does Rapid Detection Service
detect and respond to human-conducted attacks?

Your Organization PR Marketing Finance Events F-Secure Detection and Forensics Platform Real-time behaviour analysis Big data analysis Reputational analysis Anomalies F-Secure Rapid Detection Center Threat analysis Incident responders Forensic experts max 30 mins CISO

How Does a Targeted Cyber Attack Usually Happen?

Attackers will first gain access to your IT infrastructure. This typically happens either by exploiting a known vulnerability in one of your servers, or by using a combination of spear-phishing emails and a web or document exploit targeting, for example, one of your customer-facing teams.

After gaining the initial foothold in your IT infrastructure, the attackers will try to access the data or gain the control they are after.

Typically, they accomplish this by using existing IT administrator tools included in Windows, Mac and Linux operating systems such as PowerShell, Windows Remote Management and Service Commands.

How Do We Detect?

Real-time behaviour analysis

Big data analysis

Reputational analysis

Rapid Detection Service includes lightweight intrusion detection endpoint and network decoy sensors that are deployed across your IT infrastructure. The sensors monitor activities initiated by the attackers and will stream all information in real-time to our cloud.

Our cloud hunts for anomalies in the data by using a combination of advanced analytics such as real-time behavioral analytics, big data analytics and reputational analytics. Anomalies are hunted from two perspectives: known and unknown bad behavior.

The use of different types of analytics means that attackers are unable to successfully use evasion tactics designed against a specific analytics type.

How Do We Respond?

Threat analysis

Incident responders

Forensic experts

Anomalies are flagged to our analysts in the Rapid Detection Center, who work 24x7x365 to verify them and filter out false positives.

Once our analysts have confirmed that an anomaly is an actual threat, they will alert you in less than 30 minutes. Our analysts will guide you through the necessary steps to contain and remediate the threat. We also provide detailed information about the attack, which can be used as evidence in criminal cases.

Our on-site incident response service is also available to serve you in difficult cases or if your own experts are unavailable.

F-Secure's security experts have participated in more European cyber crime scene investigations than any other company. While our experts are tracking the pulse of cyber threats, you stay up to date with the latest threat intelligence.

2 Billion

Data Events/ Month

Collected by ~1300 end-point sensors

900 000

Suspicious Events

After RDS engine analysis of the raw data

25

Detections

RDC threat analysts confirmed anomalies and contacted the customer

15

Real Threats

Confirmed by the customer

Finding a needle in a haystack – a real world example

In a 1300-node customer installation, our sensors collected around 2 billion events over a period of one month. Raw data analysis in our backend systems filtered that number down to 900,000 events.

Our detection mechanisms and data analytics then narrowed that number to 25. Finally, those 25 anomalies were analyzed and handled by experts in our Rapid Detection Center, and 15 were confirmed by the customer to be actual threats.

In each of these 25 cases, our Rapid Detection Center alerted the client within 30 minutes from the moment the anomalies were flagged.

Our team is at your service 24x7x365

At the core of Rapid Detection Service is our Rapid Detection Center, which is the base of operations for all of our detection and response services.

At the center, cyber security experts work on a 24/7 basis, where they hunt for threats, monitor data and alerts from customer environments, flag anomalies and signs of a breach, and then work with our customers to respond to real incidents as they take place.

365x24x7

Staff at our Rapid Detection Center are trained to handle a variety of tasks

Their main tasks fall into three different roles:

Threat Analysts

First responders who monitor the service, hunt for threats and maintain contact with the clients

Incident Responders

Tackle complex cases that clients are unable to handle on their own, usually assist clients on-site

Forensics Experts

Specialized in the most difficult cases, even the most complicated nation state-originated attacks

Details

Lightweight, discreet monitoring tools designed to be deployed on all relevant Windows, Mac OS, and Linux computers within your organization. Sensors are custom-configured for each organization and are easily deployed using standard IT remote administration tools. These components collect behavioral data from endpoint devices using well-documented mechanisms, and are specifically designed to withstand attacks from adversaries. The sensors are data collectors, thus require very little maintenance. The sensors are also designed to function in Payment Card Industry Data Security Standard (PCI-DSS) compliant environments.

Honeypots designed to be deployed across your organization's network segments. Honeypots are an effective, low-noise method of identifying post-breach activity.

Network Decoy Sensors emulate popular services including SSH, HTTP, and SMB, and are designed to mimic Windows servers, workstations, file server, and even VOIP servers. All connection attempts to and from network sensors are recorded, and any files that arrive on the systems are analyzed by F-Secure.

Customers are provided with both alert escalation reports (in the case of detected incidents) and periodic reports. Alert reports are automatically delivered whenever a critical incident occurs. These alerts feature actionable information designed to help the customers determine the source and cause of the detected anomaly. Periodical reports feature a summary of incident alerts and leads on potential problems worth investigating. We also deliver vertical- and region-specific benchmark data to customers where applicable. All delivered reports include information about trending threats.

All data collected from customer deployments is sent through secure, encrypted channels and stored on controlled, secured servers. Access to data is carefully restricted to authorized users and for authorized purposes only. All data is physically stored in Europe. We respect our users' privacy and our customers' need to protect sensitive data and corporate secrets. Data collected from one customer is never shared with other customers. Contact us for more information on our privacy and confidentiality policies, especially with regard to data handling.

Lightweight, discreet monitoring tools designed to be deployed on all relevant Windows, Mac OS, and Linux computers within your organization. Sensors are custom-configured for each organization and are easily deployed using standard IT remote administration tools. These components collect behavioral data from endpoint devices using well-documented mechanisms, and are specifically designed to withstand attacks from adversaries. The sensors are data collectors, thus require very little maintenance. The sensors are also designed to function in Payment Card Industry Data Security Standard (PCI-DSS) compliant environments.

Radar

Powerful, scalable vulnerability management and scanning

Find out more

Incident Response and Forensics

Professional 24/7 incident response call-outs and consultancy

Find out more