DeepSeas IRO
DeepSeas specializes in providing cyber defense services for the Digital Forensics and Incident Response (DFIR) ecosystem. Our flagship offering is DeepSeas Incident Response Overwatch (IRO).
DeepSeas IRO allows DFIR firms to have DeepSeas rapidly deploy and manage (or manage if already deployed) the telemetry and alerts generated by the partner Endpoint Detection and Response (EDR) platform.
What’s included in DeepSeas IRO?
A 45-day engagement wherein DeepSeas monitors each EDR agent 24x7 with our in-house Security Operations Center (SOC), allowing DFIR firms to focus on their mission to kick out the threat actor and get the client victim on the road to recovery.
DeepSeas will triage, investigate, and remediate endpoint threats.
DeepSeas will keep your DFIR case leaders informed about our activity in the form of validated threat notifications with documented actions taken.
After the IR is completed, the DFIR firm can introduce DeepSeas to the client to offer to keep the EDR software and configuration in place via a one-to-three-year contract with DeepSeas MDR (Managed Detection &Response).
DFIR firms often find value in introducing clients to DeepSeas to perform additional value-add services, such as DeepSeas CISO Advisory , risk and compliance assessments , and offensive security testing services through DeepSeas RED .
DeepSeas IRO Methodology
- 24×7 Detection & Alerting
- Alert Noise Reduction
- Endpoint Detect and Response
- Rapid Onboarding
- Immediate Availability
- Establish Client Data Collection Telemetry
- Increase Operational Effectiveness
- Service Delivery Management
- Alert Escalation
24x7 Monitoring
Endpoint Analysis
IR Event Oversight
- Investigation Support
- Protecting against Targeted Attacks
- Advanced Comprehensive Protection of the Enterprise
- Endpoint Analysis
- Proactive Communication
- Contextual Investigation
- Case Management
- Escalation for Intelligence & Malware Analysis
- Response and Containment Coordination
- Liaison Alert Escalation Support
- Coordination between DeepSeas + Customer SOC
Validated Threat Notification
Escalation for Intelligence & Malware Analysis
Incident Containment Escalation
- 24×7 Advanced Investigation + Triage
- Advanced Malware Analysis
- Threat Hunting
- Incident Forensics
- Reverse Engineering
- Remediation & Containment Coordination
- Attorney Client Privilege
- Forensic Investigation with Legal Support
DeepSeas IRO supports SentinelOne, CrowdStrike, Carbon Black and MSFT Defender for Endpoint.
IR Overwatch Endpoint Service Architecture
1
Tenant added to DeepSeas EDR Deployment or DeepSeas added to DFIR tenant
extra info if needed
2
EDR Agent deployed at customer by IR Firm
extra info if needed
3
EDR Agent checks in at apprpropriate tenant
extra info if needed
4
DeepSeas IR Overwatch deployed
extra info if needed
5
Threat communication and coordination
extra info if needed
If you are a DFIR firm interested in this partnership, please complete the partner application form.
DeepSeas FAQs
At DeepSeas, we're committed to helping you understand everything involved in transforming your cybersecurity program. Below are initial FAQs to get you started.
BE THE FIRST TO KNOW.
Cyber Defense Insights from DeepSeas
Demystifying Vulnerability Management with DeepSeas
How CISOs are Transforming Cybersecurity Programs in Three Phases
Your EDR is Also Providing MDR. You’re Covered…Right?
How to Get Budget for Managed Detection & Response
DeepSeas Monthly Cyber Threat Intel Rollup – October 2024
Now’s the Time to Evaluate Your SIEM. Here’s How to Do It.
Using AI in Cybersecurity: How DeepSeas Leverages AI
DeepSeas Monthly Cyber Threat Intel Rollup – September 2024
The DeepSeas AI Security Model
Vulnerability Assessment vs. Penetration Test
DeepSeas Monthly Cyber Threat Intel Rollup – August 2024
Join our Team
21% of the DeepSeas crew are Veterans or Active Military Reservists. Join our talented crew of cyber experts.