DeepSeas Solutions

With the DeepSeas Virtual Chief Information Security Officer (vCISO) solution you will partner with a DeepSeas strategic security advisor who can remove the burden and stress of leading and managing a security program by bringing expertise and knowledge to your business. The DeepSeas vCISO service comprises a standard security strategy program playbook, which begins with the development of a risk assessment and a security road map. Your key stakeholders can align budgets and strategic security initiatives to guide the security program and benefit from ongoing access to your part-time Virtual CISO.

The DeepSeas IR retainer solutions are offered either on a prepaid or postpaid basis. With a prepaid IR retainer, you are guaranteed a response time of ≤12 hours for remote support or ≤24 hours for on-site support within the U.S. Response times for international destinations will be mutually agreed upon. With a postpaid IR retainer, response times are on a best-efforts basis, depending on the urgency of the request. You will also receive access to a 24/7 support watch center throughout your IR engagement.

DeepSeas offers world-class cyber expertise to support a broad range of cyber consulting, tactical offensive and defensive testing, and/or will operate cross-functionally to support a MDR program.

The DeepSeas Security Tools Effectiveness Assessment offers a comprehensive evaluation of your cyber defense controls against an extensive catalog of simulated attacks to reveal potential security weaknesses within your environment. Test results are then scored and mapped to the MITRE ATT&CK framework and compiled into detailed reports to inform strategic decision making and prioritization of future cyber initiatives.

The DeepSeas Firewall & Next-Gen Firewall Management Service provides 24/7 management and monitoring of your firewalls, ensuring consistent configuration and tuning. It also ensures the appropriate updated versions of the firewall software and operating systems are running. DeepSeas will be responsible for normal configuration changes as directed by your designated point of contact, ticketing system maintenance, and change process management. DeepSeas will collect in-scope firewall logs through the log output facility and may, if deemed necessary by our technical experts, deploy log collection appliance(s) to your premises to support data ingestion and analysis.

The DeepSeas Infrastructure Vulnerability Management solution provides you with customized vulnerability scanning (identification); triage of detected vulnerabilities within your network, based on a combination of your vulnerability management platform’s internal risk scoring model and your organization’s specific policies (prioritization); and response coordination including workflow/process setup and tracking, reporting, and trend analysis (remediation). The service can be leveraged as a one-time assessment or as an ongoing managed service.

The DeepSeas Penetration Testing (Pen Test) solution delivers internal, external, web application, or social engineering penetration testing that is designed to identify and exploit vulnerabilities within your network. Our team of industry certified practitioners at DeepSeas will replicate current sophisticated tactics, techniques, and procedures (TTPs) and leverage a mix of open-source commercial and custom tools to identify system weaknesses.

The DeepSeas Endpoint MDR solution delivers 24/7/365 endpoint threat detection, analysis, and response to validated cybersecurity threats within your environment. Threat detection includes monitoring of alerts by DeepSeas cyber defense analysts who triage, examine, and categorize alerts generated from a specified endpoint detection and response (EDR) technology. Through subject matter experts and technological capabilities, DeepSeas also provides threat hunting and detailed forensic investigation in support of the monitoring, detection, and response mission.

The DeepSeas Network Managed Detection and Response solution provides 24/7/365 network threat detection, analysis, and response to validated threats. Network MDR leverages the deployment of network intrusion detection technology onto your network to securely monitor network traffic for malicious activity. Suspicious observations are delivered to the DeepSeas cloud-hosted defense platform for triage and analysis. DeepSeas will work with you during the service initiation phase to install, configure, and validate network data collection.

The DeepSeas Log Analytics solution is a cloud-hosted platform that provides collection, normalization, enrichment, storage, and high-speed search of security event logs and other machine data. This can be helpful in investigating security threats, reviewing security activity trends, and performing analytical searching for various security operations purposes.

The DeepSeas Threat Hunting & Anomaly Detection solution applies advanced machine learning and data science techniques to your machine data to identify network, entity, and user behavior anomalies that may represent an increased cybersecurity risk. The DeepSeas experienced threat hunt team reviews and investigates environment anomalies and applies additional threat intelligence informed methods to search for and validate the potential presence of advanced threats

The DeepSeas Email MDR solution delivers 24/7 triage and monitoring of suspected email phishing and compromising attacks reported by your users by simply pressing a button installed on users Microsoft Outlook/O365. Suspicious emails identified are then isolated and aggregated in a separated, controlled cloud environment and forwarded to the DeepSeas platform for human analysis, triage, and disposition.

The DeepSeas SIEM Managed Detection & Response solution delivers 24/7/365 event analysis and supervised response to validated threats. Our cyber defense team detects threats by reviewing alerts from one or more system event log aggregation servers installed on your, or your third party, network. DeepSeas will deploy a core set of alerting rules and analytics to enable increased contextualization of your machine data. DeepSeas will update and tune SIEM rules as necessary to meet the service goals (e.g., outcomes). As a managed detection and response-based service provider, DeepSeas uses Endpoint Detection and Response (EDR) technology and Network Detection and Response (NDR) technology as primary threat detection methods. SIEM rules are used by DeepSeas to contextualize and enrich endpoint and network alerts. As determined necessary to meet the service goals (i.e., outcomes), DeepSeas will deploy SIEM rule correlation logic (“SIEM Use ”Cases) that will be used by the DeepSeas cyber defense team.

The DeepSeas Operational Technology Managed Detection & Response solution provides 24/7/365 threat detection, analysis, and response to verified threats. Threats are detected and verified by the DeepSeas cyber defense analysts by reviewing alerts from an OT threat detection technology installed on your, or your third party, OT network. Threat detection includes monitoring of alerts by DeepSeas cyber defense analysts who triage, examine, and categorize alerts generated from a specified OT Security Technology.  

DeepSeas has developed a library of OT-specific threat detection analytics that power alerts, dashboards, and reports within DeepSeas platform to enable increased contextualization of the validated threat notifications and related reports. DeepSeas will update and tune OT threat detection analytics as necessary to meet the service outcomes defined by working with your team. As part of its OT MDR solution, DeepSeas will also provide an OT-specific Customer MDR Runbook that describes general remediation recommendations to specific categories of OT threats. During the initial scoping discussions with your team and DeepSeas, one or more points of contact will be identified and made responsible for response to the Validated Threat Notifications that are created by DeepSeas.

Forward Deployed Resources are DeepSeas cyber operations team members who are dedicated to supporting a specific customer cyber defense program. These members of the DeepSeas crew extend your managed detection and response (MDR) services and operate cross-functionally to maximize the depth and business integration of the DeepSeas MDR services. To accomplish these objectives, they are deeply embedded in the L1, L2, and L3 workflows typical of the standard cyber fusion center model. Additionally, they will facilitate close coordination with both you and third-party resources to provide valuable business context to remote analysts.