DeepSeas Solutions
As a customer of DeepSeas, you’ll get the best of both worlds. You get the depth of a large cyber defense build, where the defense is tightly integrated with the business, and tradecraft with the cost efficiency and scale of an offsite as-a-service provider.
DeepSeas Capabilities
The DeepSeas Prepare, Prevent, Protect solution portfolio can help today’s CIOs, CISOs, CSOs, and IT leaders rightsize their security investment to meet the demands of their employees, constituents, customers, and board members.
Prepare
Prepare
Virtual CISO
With the DeepSeas Virtual Chief Information Security Officer (vCISO) solution you will partner with a DeepSeas strategic security advisor who can remove the burden and stress of leading and managing a security program by bringing expertise and knowledge to your business. The DeepSeas vCISO service comprises a standard security strategy program playbook, which begins with the development of a risk assessment and a security road map. Your key stakeholders can align budgets and strategic security initiatives to guide the security program and benefit from ongoing access to your part-time Virtual CISO.
Incident Response Retainer
The DeepSeas IR retainer solutions are offered either on a prepaid or postpaid basis. With a prepaid IR retainer, you are guaranteed a response time of ≤12 hours for remote support or ≤24 hours for on-site support within the U.S. Response times for international destinations will be mutually agreed upon. With a postpaid IR retainer, response times are on a best-efforts basis, depending on the urgency of the request. You will also receive access to a 24/7 support watch center throughout your IR engagement.
Professional Security Services
DeepSeas offers world-class cyber expertise to support a broad range of cyber consulting, tactical offensive and defensive testing, and/or will operate cross-functionally to support a MDR program.
Security Tools Effectiveness Assessment
The DeepSeas Security Tools Effectiveness Assessment offers a comprehensive evaluation of your cyber defense controls against an extensive catalog of simulated attacks to reveal potential security weaknesses within your environment. Test results are then scored and mapped to the MITRE ATT&CK framework and compiled into detailed reports to inform strategic decision making and prioritization of future cyber initiatives.
Compromise Assessment
The DeepSeas Compromise Assessment solution seeks to identify evidence of an active or historical security breach in your IT systems by combining threat intelligence analysis, endpoint detection, and advanced threat hunting performed by an experienced team of DeepSeas cyber defense professionals.
Prevent
Prevent
Firewall & Next-Gen Firewall Management
The DeepSeas Firewall & Next-Gen Firewall Management Service provides 24/7 management and monitoring of your firewalls, ensuring consistent configuration and tuning. It also ensures the appropriate updated versions of the firewall software and operating systems are running. DeepSeas will be responsible for normal configuration changes as directed by your designated point of contact, ticketing system maintenance, and change process management. DeepSeas will collect in-scope firewall logs through the log output facility and may, if deemed necessary by our technical experts, deploy log collection appliance(s) to your premises to support data ingestion and analysis.
Vulnerability Management
The DeepSeas Infrastructure Vulnerability Management solution provides you with customized vulnerability scanning (identification); triage of detected vulnerabilities within your network, based on a combination of your vulnerability management platform’s internal risk scoring model and your organization’s specific policies (prioritization); and response coordination including workflow/process setup and tracking, reporting, and trend analysis (remediation). The service can be leveraged as a one-time assessment or as an ongoing managed service.
Penetration Testing
The DeepSeas Penetration Testing (Pen Test) solution delivers internal, external, web application, or social engineering penetration testing that is designed to identify and exploit vulnerabilities within your network. Our team of industry certified practitioners at DeepSeas will replicate current sophisticated tactics, techniques, and procedures (TTPs) and leverage a mix of open-source commercial and custom tools to identify system weaknesses.
Attack Simulation
The DeepSeas Attack Simulation solution offers ongoing comprehensive Purple Team-style evaluations of your cyber defense controls against an extensive catalog of simulated attacks. Attack Simulation is designed to comprehensively test endpoint security from an attacker’s perspective by mimicking real-world attacks in a test environment, providing complete visibility into which events are blocked, detected, and alerted, logged and/or not logged.
Protect
Protect
Endpoint Managed Detection and Response (Endpoint MDR)
The DeepSeas Endpoint MDR solution delivers 24/7/365 endpoint threat detection, analysis, and response to validated cybersecurity threats within your environment. Threat detection includes monitoring of alerts by DeepSeas cyber defense analysts who triage, examine, and categorize alerts generated from a specified endpoint detection and response (EDR) technology. Through subject matter experts and technological capabilities, DeepSeas also provides threat hunting and detailed forensic investigation in support of the monitoring, detection, and response mission.
Network Managed Detection and Response (Network MDR)
The DeepSeas Network Managed Detection and Response solution provides 24/7/365 network threat detection, analysis, and response to validated threats. Network MDR leverages the deployment of network intrusion detection technology onto your network to securely monitor network traffic for malicious activity. Suspicious observations are delivered to the DeepSeas cloud-hosted defense platform for triage and analysis. DeepSeas will work with you during the service initiation phase to install, configure, and validate network data collection.
Log Analytics
The DeepSeas Log Analytics solution is a cloud-hosted platform that provides collection, normalization, enrichment, storage, and high-speed search of security event logs and other machine data. This can be helpful in investigating security threats, reviewing security activity trends, and performing analytical searching for various security operations purposes.
Threat Hunting & Anomaly Detection
The DeepSeas Threat Hunting & Anomaly Detection solution applies advanced machine learning and data science techniques to your machine data to identify network, entity, and user behavior anomalies that may represent an increased cybersecurity risk. The DeepSeas experienced threat hunt team reviews and investigates environment anomalies and applies additional threat intelligence informed methods to search for and validate the potential presence of advanced threats
Email Managed Detection & Response (Email MDR)
The DeepSeas Email MDR solution delivers 24/7 triage and monitoring of suspected email phishing and compromising attacks reported by your users by simply pressing a button installed on users Microsoft Outlook/O365. Suspicious emails identified are then isolated and aggregated in a separated, controlled cloud environment and forwarded to the DeepSeas platform for human analysis, triage, and disposition.
SIEM MDR
The DeepSeas SIEM Managed Detection & Response solution delivers 24/7/365 event analysis and supervised response to validated threats. Our cyber defense team detects threats by reviewing alerts from one or more system event log aggregation servers installed on your, or your third party, network. DeepSeas will deploy a core set of alerting rules and analytics to enable increased contextualization of your machine data. DeepSeas will update and tune SIEM rules as necessary to meet the service goals (e.g., outcomes). As a managed detection and response-based service provider, DeepSeas uses Endpoint Detection and Response (EDR) technology and Network Detection and Response (NDR) technology as primary threat detection methods. SIEM rules are used by DeepSeas to contextualize and enrich endpoint and network alerts. As determined necessary to meet the service goals (i.e., outcomes), DeepSeas will deploy SIEM rule correlation logic (“SIEM Use ”Cases) that will be used by the DeepSeas cyber defense team.
OT MDR
The DeepSeas Operational Technology Managed Detection & Response solution provides 24/7/365 threat detection, analysis, and response to verified threats. Threats are detected and verified by the DeepSeas cyber defense analysts by reviewing alerts from an OT threat detection technology installed on your, or your third party, OT network. Threat detection includes monitoring of alerts by DeepSeas cyber defense analysts who triage, examine, and categorize alerts generated from a specified OT Security Technology.
DeepSeas has developed a library of OT-specific threat detection analytics that power alerts, dashboards, and reports within DeepSeas platform to enable increased contextualization of the validated threat notifications and related reports. DeepSeas will update and tune OT threat detection analytics as necessary to meet the service outcomes defined by working with your team. As part of its OT MDR solution, DeepSeas will also provide an OT-specific Customer MDR Runbook that describes general remediation recommendations to specific categories of OT threats. During the initial scoping discussions with your team and DeepSeas, one or more points of contact will be identified and made responsible for response to the Validated Threat Notifications that are created by DeepSeas.
Forward Deployed Resources
Forward Deployed Resources are DeepSeas cyber operations team members who are dedicated to supporting a specific customer cyber defense program. These members of the DeepSeas crew extend your managed detection and response (MDR) services and operate cross-functionally to maximize the depth and business integration of the DeepSeas MDR services. To accomplish these objectives, they are deeply embedded in the L1, L2, and L3 workflows typical of the standard cyber fusion center model. Additionally, they will facilitate close coordination with both you and third-party resources to provide valuable business context to remote analysts.
Service & Severity Levels
The DeepSeas cyber defense team identifies potential security threats in your environments using a combination of alert enrichment and review, open and closed source cyber threat intelligence, enterprise data search, and targeted cyber threat hunting. When DeepSeas identifies and validates a potential security threat in a monitored environment, a threat notification report is documented and delivered to you in alignment with a scaled threat severity model. Threat notification reports are created in the form of a case event in the DeepSeas customer portal. Depending on the threat severity, direct contact is made in accordance with the notification escalation order you provide per your MDR Runbook and direction provided by DeepSeas.
Prepare
Virtual CISO
With the DeepSeas Virtual Chief Information Security Officer (vCISO) solution you will partner with a DeepSeas strategic security advisor who can remove the burden and stress of leading and managing a security program by bringing expertise and knowledge to your business. The DeepSeas vCISO service comprises a standard security strategy program playbook, which begins with the development of a risk assessment and a security road map. Your key stakeholders can align budgets and strategic security initiatives to guide the security program and benefit from ongoing access to your part-time Virtual CISO.
Incident Response Retainer
The DeepSeas IR retainer solutions are offered either on a prepaid or postpaid basis. With a prepaid IR retainer, you are guaranteed a response time of ≤12 hours for remote support or ≤24 hours for on-site support within the U.S. Response times for international destinations will be mutually agreed upon. With a postpaid IR retainer, response times are on a best-efforts basis, depending on the urgency of the request. You will also receive access to a 24/7 support watch center throughout your IR engagement.
Professional Security Services
DeepSeas offers world-class cyber expertise to support a broad range of cyber consulting, tactical offensive and defensive testing, and/or will operate cross-functionally to support a MDR program.
Security Tools Effectiveness Assessment
The DeepSeas Security Tools Effectiveness Assessment offers a comprehensive evaluation of your cyber defense controls against an extensive catalog of simulated attacks to reveal potential security weaknesses within your environment. Test results are then scored and mapped to the MITRE ATT&CK framework and compiled into detailed reports to inform strategic decision making and prioritization of future cyber initiatives.
Compromise Assessment
The DeepSeas Compromise Assessment solution seeks to identify evidence of an active or historical security breach in your IT systems by combining threat intelligence analysis, endpoint detection, and advanced threat hunting performed by an experienced team of DeepSeas cyber defense professionals.
Prevent
Firewall & Next-Gen Firewall Management
The DeepSeas Firewall & Next-Gen Firewall Management Service provides 24/7 management and monitoring of your firewalls, ensuring consistent configuration and tuning. It also ensures the appropriate updated versions of the firewall software and operating systems are running. DeepSeas will be responsible for normal configuration changes as directed by your designated point of contact, ticketing system maintenance, and change process management. DeepSeas will collect in-scope firewall logs through the log output facility and may, if deemed necessary by our technical experts, deploy log collection appliance(s) to your premises to support data ingestion and analysis.
Vulnerability Management
The DeepSeas Infrastructure Vulnerability Management solution provides you with customized vulnerability scanning (identification); triage of detected vulnerabilities within your network, based on a combination of your vulnerability management platform’s internal risk scoring model and your organization’s specific policies (prioritization); and response coordination including workflow/process setup and tracking, reporting, and trend analysis (remediation). The service can be leveraged as a one-time assessment or as an ongoing managed service.
Penetration Testing
The DeepSeas Penetration Testing (Pen Test) solution delivers internal, external, web application, or social engineering penetration testing that is designed to identify and exploit vulnerabilities within your network. Our team of industry certified practitioners at DeepSeas will replicate current sophisticated tactics, techniques, and procedures (TTPs) and leverage a mix of open-source commercial and custom tools to identify system weaknesses.
Attack Simulation
The DeepSeas Attack Simulation solution offers ongoing comprehensive Purple Team-style evaluations of your cyber defense controls against an extensive catalog of simulated attacks. Attack Simulation is designed to comprehensively test endpoint security from an attacker’s perspective by mimicking real-world attacks in a test environment, providing complete visibility into which events are blocked, detected, and alerted, logged and/or not logged.
Protect
Endpoint Managed Detection and Response (Endpoint MDR)
The DeepSeas Endpoint MDR solution delivers 24/7/365 endpoint threat detection, analysis, and response to validated cybersecurity threats within your environment. Threat detection includes monitoring of alerts by DeepSeas cyber defense analysts who triage, examine, and categorize alerts generated from a specified endpoint detection and response (EDR) technology. Through subject matter experts and technological capabilities, DeepSeas also provides threat hunting and detailed forensic investigation in support of the monitoring, detection, and response mission.
Network Managed Detection and Response (Network MDR)
The DeepSeas Network Managed Detection and Response solution provides 24/7/365 network threat detection, analysis, and response to validated threats. Network MDR leverages the deployment of network intrusion detection technology onto your network to securely monitor network traffic for malicious activity. Suspicious observations are delivered to the DeepSeas cloud-hosted defense platform for triage and analysis. DeepSeas will work with you during the service initiation phase to install, configure, and validate network data collection.
Log Analytics
The DeepSeas Log Analytics solution is a cloud-hosted platform that provides collection, normalization, enrichment, storage, and high-speed search of security event logs and other machine data. This can be helpful in investigating security threats, reviewing security activity trends, and performing analytical searching for various security operations purposes.
Threat Hunting & Anomaly Detection
The DeepSeas Threat Hunting & Anomaly Detection solution applies advanced machine learning and data science techniques to your machine data to identify network, entity, and user behavior anomalies that may represent an increased cybersecurity risk. The DeepSeas experienced threat hunt team reviews and investigates environment anomalies and applies additional threat intelligence informed methods to search for and validate the potential presence of advanced threats
Email Managed Detection & Response (Email MDR)
The DeepSeas Email MDR solution delivers 24/7 triage and monitoring of suspected email phishing and compromising attacks reported by your users by simply pressing a button installed on users Microsoft Outlook/O365. Suspicious emails identified are then isolated and aggregated in a separated, controlled cloud environment and forwarded to the DeepSeas platform for human analysis, triage, and disposition.
SIEM MDR
The DeepSeas SIEM Managed Detection & Response solution delivers 24/7/365 event analysis and supervised response to validated threats. Our cyber defense team detects threats by reviewing alerts from one or more system event log aggregation servers installed on your, or your third party, network. DeepSeas will deploy a core set of alerting rules and analytics to enable increased contextualization of your machine data. DeepSeas will update and tune SIEM rules as necessary to meet the service goals (e.g., outcomes). As a managed detection and response-based service provider, DeepSeas uses Endpoint Detection and Response (EDR) technology and Network Detection and Response (NDR) technology as primary threat detection methods. SIEM rules are used by DeepSeas to contextualize and enrich endpoint and network alerts. As determined necessary to meet the service goals (i.e., outcomes), DeepSeas will deploy SIEM rule correlation logic (“SIEM Use ”Cases) that will be used by the DeepSeas cyber defense team.
OT MDR
The DeepSeas Operational Technology Managed Detection & Response solution provides 24/7/365 threat detection, analysis, and response to verified threats. Threats are detected and verified by the DeepSeas cyber defense analysts by reviewing alerts from an OT threat detection technology installed on your, or your third party, OT network. Threat detection includes monitoring of alerts by DeepSeas cyber defense analysts who triage, examine, and categorize alerts generated from a specified OT Security Technology.
DeepSeas has developed a library of OT-specific threat detection analytics that power alerts, dashboards, and reports within DeepSeas platform to enable increased contextualization of the validated threat notifications and related reports. DeepSeas will update and tune OT threat detection analytics as necessary to meet the service outcomes defined by working with your team. As part of its OT MDR solution, DeepSeas will also provide an OT-specific Customer MDR Runbook that describes general remediation recommendations to specific categories of OT threats. During the initial scoping discussions with your team and DeepSeas, one or more points of contact will be identified and made responsible for response to the Validated Threat Notifications that are created by DeepSeas.
Forward Deployed Resources
Forward Deployed Resources are DeepSeas cyber operations team members who are dedicated to supporting a specific customer cyber defense program. These members of the DeepSeas crew extend your managed detection and response (MDR) services and operate cross-functionally to maximize the depth and business integration of the DeepSeas MDR services. To accomplish these objectives, they are deeply embedded in the L1, L2, and L3 workflows typical of the standard cyber fusion center model. Additionally, they will facilitate close coordination with both you and third-party resources to provide valuable business context to remote analysts.
Service & Severity Levels
The DeepSeas cyber defense team identifies potential security threats in your environments using a combination of alert enrichment and review, open and closed source cyber threat intelligence, enterprise data search, and targeted cyber threat hunting. When DeepSeas identifies and validates a potential security threat in a monitored environment, a threat notification report is documented and delivered to you in alignment with a scaled threat severity model. Threat notification reports are created in the form of a case event in the DeepSeas customer portal. Depending on the threat severity, direct contact is made in accordance with the notification escalation order you provide per your MDR Runbook and direction provided by DeepSeas.
We’re here for you.
cyberdefense@deepseas.comThe DeepSeas are calling.
Book your virtual consult.
You pick the time and day. We’ll be ready to answer your questions.