Detecting and Preventing UNC1878Evelyn Brown
Recently, The FBI, the Department of Health and...
The flexibility and scalability of cloud meets the comprehensive nature of 24/7/365 monitoring, investigation, and incident response, brought together by SHIELDVision – Datashield’s proprietary threat hunting and security orchestration platform. Using SHIELDVision, Datashield leverages automated, intelligence-driven threat hunting, internally-developed threat detection content, and centralized reporting for all customers simultaneously, regardless of size.
Increasing adoption of cloud-native tools in the security ecosystem affects enterprises and small and medium businesses alike, and now, Datashield is bringing its 11-year history of managing diverse SIEM environments to bear on a rapidly-deployable cloud-native solution.
The core of Datashield’s service offering remains fully outsourced or co-managed SOC as a service, with 24/7/365 eyes-on-glass available for organizations of all sizes. Datashield acts as an extension of internal organizations’ security teams and not only provides monitoring, forensic investigation and response, but also includes remote administration, custom use case development, ticketing integrations, and architectural consulting and security tool implementation as part of its standard MDR offering.
Datashield is a best-in-class Security Operation Center that goes beyond normal alert churn and regurgitation, and instead brings truly contextualized alerting enhanced with knowledge of your own environment, reduced alert fatigue, and custom use cases that account for your organization’s unique business drivers. Datashield SOC also provides three other elements that many other MSSPs do not.
SHIELDVision is a threat hunting and threat detection force multiplier that allows Datashield to efficiently provide customers with round-the-clock visibility, pivot immediately off new threat intelligence, and provide automatic, real-time alerting across Datashield’s entire customer base.
Through multi-source threat intelligence and in-house threat content development, SHEILDvision also allows Datashield’s SOC to perform threat identification in a more automated and machine-driven way. When an alert is fired in customer A’s environment, SHIELDVision automatically scans for the potential vulnerability in Customer B’s environment and so on. This process allows for a combination of real-time alerts and historical querying to be used for forensic analysis. This blended with ingestion from a multitude of security tools including SIEM, Endpoint, Email, Firewall and more, makes it the leverage point and differentiator for Datashield’s service offering.
For its cloud-native offering, Datashield has sought industry-leading, best-of-breed solutions that offer maximum flexibility, comprehensive visibility, and rapid deployment while leveraging the potential in machine learning, orchestration, and threat response. By partnering with ExtraHop, Google Chronicle, and SentinelOne, and knitting them together under the SHIELDVision umbrella, Datashield offers a no-compromise MDR solution that scales to any organization.
ExtraHop has made their bones as a Cloud-Native Network Detection and Response platform. Datashield has specialized in network threat detection and forensics via packet capture since before MDR was an industry-recognized term, so it’s only natural that Datashield and ExtraHop would partner to provide Full Packet Capture with NDR for their customers.
It would make perfect sense that the most prolific data aggregator of all time would develop a log aggregation tool that is designed for a world that works in petabytes. Google brings Chronicle, a cloud based SIEM to the market and Datashield meets them to offer data stewardship and compliance support for customers even down to the sub-100 employee count.
With some of the most powerful AI-driven prevention and an industry-disrupting $1M Lloyd’s of London backed cyber insurance policy, SentinelOne offers a truly unique endpoint protection platform. Datashield’s deep security knowledge and incident response expertise make it a natural fit for management and monitoring of an industry-leading EDR platform.
At the foundation of any cybersecurity, service is a threat intelligence feed that allows for up to the minute information about new and emerging dangers in the cyber environment.
At Datashield, we've built our own threat intelligence for internal use and as an operational tool for correlation against real events.
The real difference with MDR is the trained professionals who are on-site and equipped with the knowledge and tools actively defend and protect your organization's data.
Threat Hunting is the proactive or offensive side of Managed Detection and Response. We use our cutting-edge, proprietary, orchestration tool called SHIELDVision to leverage data from numerous sources around the globe.
SHIELDVision allows our talented analysts to "go back in time" and identify compromises missed by other tools. We can scrub legacy traffic against zero-day exploits and help close detection and remediation.
We utilize logs, full packet capture, and advanced intrusion detection technology to constantly monitor all traffic on your network-- not just the events that trigger an alert.
Our MDR service provides network and application log monitoring, alerting, and reporting in real-time so we can have a bird's eye view. We also work with global intelligence groups to actively hunt for active threats and malicious conspirators who may be targeting your company's industry or network.
When we detect suspicious indicators, an MDR analyst investigates deeper to determine if a real threat or incident exists.
This process works in sync with SHIELDVision, manual intel analysis, automated real-time scanning/querying. With SHIELDVision, we can correlate against past packet data.
For a validated incident, all critical data is collected and delivered in comprehensive reports to provide you with a granular view of what is happening and how to approach remediation.
Datashield reconstructs the actions leading up to an event and advises you on mitigation strategies for any compromised assets as well as future prevention techniques.
Within the context of our MDR service, we are always gathering intel, writing content, and managing alert volume to provide our customers with a smooth and efficient experience.
Read our latest Security Advisories