Detecting the Undetectable: Man + Machine
Rapid Detection Service helps prepare your organization for advanced cyber attacks, before and after they happen. Our fully managed service is designed to detect the most skilled of attackers, whether they're using malware or non-malware tactics, techniques, and procedures. It enables you to respond to threats promptly, with actionable guidance from our experts.
Our service is committed to the following:
Cyber security experts keeping watch
over your environment 24x7x365
Max 30 minutes from breach detection to response committed in Service Level Agreement
Immediate return on investment
as a turnkey managed service
How does Rapid Detection Service
detect and respond to human-conducted attacks?
How Does a Targeted Cyber Attack Usually Happen?
Attackers will first gain access to your IT infrastructure. This typically happens either by exploiting a known vulnerability in one of your servers, or by using a combination of spear-phishing emails and a web or document exploit targeting, for example, one of your customer-facing teams.
After gaining the initial foothold in your IT infrastructure, the attackers will try to access the data or gain the control they are after.
Typically, they accomplish this by using existing IT administrator tools included in Windows, Mac and Linux operating systems such as PowerShell, Windows Remote Management and Service Commands.
How Do We Detect?
Rapid Detection Service includes lightweight intrusion detection endpoint and network decoy sensors that are deployed across your IT infrastructure. The sensors monitor activities initiated by the attackers and will stream all information in real-time to our cloud.
Our cloud hunts for anomalies in the data by using a combination of advanced analytics such as real-time behavioral analytics, big data analytics and reputational analytics. Anomalies are hunted from two perspectives: known and unknown bad behavior.
The use of different types of analytics means that attackers are unable to successfully use evasion tactics designed against a specific analytics type.
How Do We Respond?
Anomalies are flagged to our analysts in the Rapid Detection Center, who work 24x7x365 to verify them and filter out false positives.
Once our analysts have confirmed that an anomaly is an actual threat, they will alert you in less than 30 minutes. Our analysts will guide you through the necessary steps to contain and remediate the threat. We also provide detailed information about the attack, which can be used as evidence in criminal cases.
Our on-site incident response service is also available to serve you in difficult cases or if your own experts are unavailable.
F-Secure's security experts have participated in more European cyber crime scene investigations than any other company. While our experts are tracking the pulse of cyber threats, you stay up to date with the latest threat intelligence.
Data Events/ Month
Collected by ~1300 end-point sensors
After RDS engine analysis of the raw data
RDC threat analysts confirmed anomalies and contacted the customer
Confirmed by the customer
Finding a needle in a haystack – a real world example
In a 1300-node customer installation, our sensors collected around 2 billion events over a period of one month. Raw data analysis in our backend systems filtered that number down to 900,000 events.
Our detection mechanisms and data analytics then narrowed that number to 25. Finally, those 25 anomalies were analyzed and handled by experts in our Rapid Detection Center, and 15 were confirmed by the customer to be actual threats.
In each of these 25 cases, our Rapid Detection Center alerted the client within 30 minutes from the moment the anomalies were flagged as actual threats.
Our team is at your service 24x7x365
At the core of Rapid Detection Service is our Rapid Detection Center, which is the base of operations for all of our detection and response services.
At the center, cyber security experts work on a 24/7 basis, where they hunt for threats, monitor data and alerts from customer environments, flag anomalies and signs of a breach, and then work with our customers to respond to real incidents as they take place.
Staff at our Rapid Detection Center are trained to handle a variety of tasks
Their main tasks fall into three different roles:
First responders who monitor the service, hunt for threats and maintain contact with the clients
Tackle complex cases that clients are unable to handle on their own, usually assist clients on-site
Specialized in the most difficult cases, even the most complicated nation state-originated attacks