DeepSeas IRO

DeepSeas specializes in providing cyber defense services for the Digital Forensics and Incident Response (DFIR) ecosystem. Our flagship offering is DeepSeas Incident Response Overwatch (IRO).

DeepSeas IRO allows DFIR firms to have DeepSeas rapidly deploy and manage (or manage if already deployed) the telemetry and alerts generated by the partner Endpoint Detection and Response (EDR) platform.

What’s included in DeepSeas IRO?

A 45-day engagement wherein DeepSeas monitors each EDR agent 24x7 with our in-house Security Operations Center (SOC), allowing DFIR firms to focus on their mission to kick out the threat actor and get the client victim on the road to recovery.

DeepSeas will triage, investigate, and remediate endpoint threats.

DeepSeas will keep your DFIR case leaders informed about our activity in the form of validated threat notifications with documented actions taken.

After the IR is completed, the DFIR firm can introduce DeepSeas to the client to offer to keep the EDR software and configuration in place via a one-to-three-year contract with DeepSeas MDR (Managed Detection &Response).

DFIR firms often find value in introducing clients to DeepSeas to perform additional value-add services, such as DeepSeas CISO Advisory , risk and compliance assessments , and offensive security testing services through DeepSeas RED .

DeepSeas IRO Methodology

Customer data is collected by DeepSeas for visibility
  • 24×7 Detection & Alerting
  • Alert Noise Reduction
  • Endpoint Detect and Response
  • Rapid Onboarding
  • Immediate Availability
  • Establish Client Data Collection Telemetry
  • Increase Operational Effectiveness
  • Service Delivery Management
  • Alert Escalation

24x7 Monitoring

Endpoint Analysis

IR Event Oversight

Detection
DeepSeas SOC detects threats in real time and events are processed
Investigation
DeepSeas analysts investigate and create validated threat notifications
 
  • Investigation Support
  • Protecting against Targeted Attacks
  • Advanced Comprehensive Protection of the Enterprise
  • Endpoint Analysis
  • Proactive Communication
  • Contextual Investigation
  • Case Management
  • Escalation for Intelligence & Malware Analysis
  • Response and Containment Coordination
  • Liaison Alert Escalation Support
  • Coordination between DeepSeas + Customer SOC

Validated Threat Notification

Escalation for Intelligence & Malware Analysis

Incident Containment Escalation

DeepSeas drives remediation with IR Partner coordination
  • 24×7 Advanced Investigation + Triage
  • Advanced Malware Analysis
  • Threat Hunting
  • Incident Forensics
  • Reverse Engineering
  • Remediation & Containment Coordination
  • Attorney Client Privilege
  • Forensic Investigation with Legal Support

DeepSeas IRO supports SentinelOne, CrowdStrike, Carbon Black and MSFT Defender for Endpoint.

IR Overwatch Endpoint Service Architecture

1

Tenant added to DeepSeas EDR Deployment or DeepSeas added to DFIR tenant
extra info if needed

2

EDR Agent deployed at customer by IR Firm
extra info if needed

3

EDR Agent checks in at apprpropriate tenant
extra info if needed

4

DeepSeas IR Overwatch deployed
extra info if needed

5

Threat communication and coordination
extra info if needed

If you are a DFIR firm interested in this partnership, please complete the partner application form.

DeepSeas FAQs

At DeepSeas, we're committed to helping you understand everything involved in transforming your cybersecurity program. Below are initial FAQs to get you started.

BE THE FIRST TO KNOW.

Cyber Defense Insights from DeepSeas

Join our Team

21% of the DeepSeas crew are Veterans or Active Military Reservists. Join our talented crew of cyber experts.

Join Our Deep Partnership Ecosystem