Now with SOAR Capabilities
Triskele Labs Security Operations Centre delivers powerful threat detection, incident response, and compliance management. 24 x 7 x 365 real time monitoring and analysing of your environment is the best way to achieve multiple point security solutions to protect your critical infrastructure against the global threat landscape.
Our security experts work closely with your IT team to ensure security issues are addressed quickly upon discovery. This is achieved through full visibility across your networks, servers, endpoints, databases, applications, websites, and other systems.
Security threats are reported immediately with incident response strategies and mitigation paths to give you the resources and support to defend fast and effectively. Minimising the impact, reducing business disruption, and speeding up recovery time.
core services include
24/7/365 Real-Time Monitoring
Our security experts monitor your network and IT systems around the clock to identify potential security threats. If a compromise is substantiated we provide immediate incident response services, confirm best practices to contain, mitigate and recover from the event. Through holistic visibility, our industry leading SIEM and other security information, we correlate and analyse all security event data ensuring the strongest defences.
The Security Operations Centre run ongoing internal network vulnerability scans and external network & web applications scans to identify security misconfigurations within your environment. These regular authenticated scans will authorise detailed interrogation of each monitored asset for hardware and software deficiencies throughout the OSI layer. Instead of identifying these issues annually during Penetration Testing, the SOC will raise these issues as they are identified.
Endpoint Detection & Response
Endpoint Detection and Response (EDR) is an essential component of a modern protection strategy. Past and current breaches have proven time and again that prevention alone can’t guarantee total protection. As malicious actors design their attacks to evade traditional endpoints and tools, organisations are looking to EDR for additional visibility, including evidence of attacks that might not trigger prevention rules.
We eliminate the cost and complexity of adding yet another point solution to the security stack. EDR is delivered as part of a unified platform for advanced threat detection, incident response, and compliance. The platform centralised and automates threat hunting on endpoints, so we can detect and respond to threats wherever they unfold.
Intrusion Detection System
The Triskele Labs SOC work to gain as much visibility as possible. We deploy a Network Intrusion Detection System (NIDS) where one is not in place and Host Intrusion Detection System (HIDS) as an agent on each monitored host to analyse the behaviour and configuration status of the system, alerting on suspected intrusions.
This ensures we captures and monitor key events across the network, operating systems and installed applications. This allows Triskele Labs to access complete threat evidence, reduce noise, and automate notifications. These tools monitor traffic and hosts, along with user and administrator activities, looking for anomalous behaviours and known attack patterns. By correlating with the SIEM and other security information the Triskele Labs SOC have complete visibility of your security posture.
File Integrity Monitoring
File Integrity Monitoring (FIM) is a mechanism for validating the integrity of operating systems and application software files using a verification method between the current file state and a known baseline. It is one of the most powerful techniques used to secure IT infrastructures and business data against a wide variety of both known and unknown threats. Triskele Labs will deploy FIM to all monitored assets through the SOC agent. This removes the need to deploy a point solution and provides a holistic approach to cybersecurity and monitoring.
Dark Web Monitoring
Feeling uncomfortable your employee’s details may be on the Dark Web? The Security Operation Centre will monitor the Dark Web for account takeovers targeted at your environment. Providing historic and ongoing knowledge and details on how and when incidents were orchestrated. This may include leakage of usernames and passwords, Personally Identifiable Information or other internal data. Where evidence of a breach is identified, you will be made aware, so you can take precautionary steps to reduce the risk.