<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Cloud-Native Security

The flexibility and scalability of cloud meets the comprehensive nature of 24/7/365 monitoring, investigation, and incident response, brought together by SHIELDVision – Datashield’s proprietary threat hunting and security orchestration platform. Using SHIELDVision, Datashield leverages automated, intelligence-driven threat hunting, internally-developed threat detection content, and centralized reporting for all customers simultaneously, regardless of size.

Increasing adoption of cloud-native tools in the security ecosystem affects enterprises and small and medium businesses alike, and now, Datashield is bringing its 11-year history of managing diverse SIEM environments to bear on a rapidly-deployable cloud-native solution.

 

Outsourced SOC & MDR Offering

The core of Datashield’s service offering remains fully outsourced or co-managed SOC as a service, with 24/7/365 eyes-on-glass available for organizations of all sizes. Datashield acts as an extension of internal organizations’ security teams and not only provides monitoring, forensic investigation and response, but also includes remote administration, custom use case development, ticketing integrations, and architectural consulting and security tool implementation as part of its standard MDR offering.

Datashield is a best-in-class Security Operation Center that goes beyond normal alert churn and regurgitation, and instead brings truly contextualized alerting enhanced with knowledge of your own environment, reduced alert fatigue, and custom use cases that account for your organization’s unique business drivers. Datashield SOC also provides three other elements that many other MSSPs do not.

  1. Internally Curated Threat Intelligence – Datashield leverages a wide variety of sources, including those developed by Datashield’s own CTI analysts for meaningful detections that aren’t coupled with high-volumes of noise and alert fatigue.
  2. Expansive Out-of-the-Box Threat Content Library – Covering everything from lateral movement to unique malware and ransomware variants, Datashield’s internally-developed threat detection content comes with the service. Constantly tested by threat content developers with real-world red-team experience, all future development and additions are included at no additional charge.  
  3. Research and Development – Working alongside the SOC, Datashield has a full-time software development team that supports ticketing and tool integrations with SHIELDVision, helping your organization realize the maximum potential out of tools already in operation or those acquired in the future.

 

SHIELDVision

SHIELDVision is a threat hunting and threat detection force multiplier that allows Datashield to efficiently provide customers with round-the-clock visibility, pivot immediately off new threat intelligence, and provide automatic, real-time alerting across Datashield’s entire customer base.

Through multi-source threat intelligence and in-house threat content development, SHEILDvision also allows Datashield’s SOC to perform threat identification in a more automated and machine-driven way. When an alert is fired in customer A’s environment, SHIELDVision automatically scans for the potential vulnerability in Customer B’s environment and so on. This process allows for a combination of real-time alerts and historical querying to be used for forensic analysis. This blended with ingestion from a multitude of security tools including SIEM, Endpoint, Email, Firewall and more, makes it the leverage point and differentiator for Datashield’s service offering.

 

World Class Security Tools

For its cloud-native offering, Datashield has sought industry-leading, best-of-breed solutions that offer maximum flexibility, comprehensive visibility, and rapid deployment while leveraging the potential in machine learning, orchestration, and threat response.   By partnering with ExtraHop, Google Chronicle, and SentinelOne, and knitting them together under the SHIELDVision umbrella, Datashield offers a no-compromise MDR solution that scales to any organization.

 

A.) Full Packet Capture – ExtraHop & Network Detection and Response (NDR)

extrahop-logo-webExtraHop has made their bones as a Cloud-Native Network Detection and Response platform.   Datashield has specialized in network threat detection and forensics via packet capture since before MDR was an industry-recognized term, so it’s only natural that Datashield and ExtraHop would partner to provide Full Packet Capture with NDR for their customers.

 

B.) Data Stewardship & Compliance – Google Chronicle

chronicle-horIt would make perfect sense that the most prolific data aggregator of all time would develop a log aggregation tool that is designed for a world that works in petabytes. Google brings Chronicle, a cloud based SIEM to the market and Datashield meets them to offer data stewardship and compliance support for customers even down to the sub-100 employee count.

 

C.) Endpoint Protection – SentinelOne & EDR

sentinelone logo transparentWith some of the most powerful AI-driven prevention and an industry-disrupting $1M Lloyd’s of London backed cyber insurance policy, SentinelOne offers a truly unique endpoint protection platform. Datashield’s deep security knowledge and incident response expertise make it a natural fit for management and monitoring of an industry-leading EDR platform.  

 

How our MDR works

Threat Intelligence

At the foundation of any cybersecurity, service is a threat intelligence feed that allows for up to the minute information about new and emerging dangers in the cyber environment.

At Datashield, we've built our own threat intelligence for internal use and as an operational tool for correlation against real events.

The real difference with MDR is the trained professionals who are on-site and equipped with the knowledge and tools actively defend and protect your organization's data.

Threat Hunting

SHIELDVision

Threat Hunting is the proactive or offensive side of Managed Detection and Response. We use our cutting-edge, proprietary, orchestration tool called SHIELDVision to leverage data from numerous sources around the globe.

SHIELDVision allows our talented analysts to "go back in time" and identify compromises missed by other tools. We can scrub legacy traffic against zero-day exploits and help close detection and remediation.

Learn More about SHIELDVision

Threat Detection

We utilize logs, full packet capture, and advanced intrusion detection technology to constantly monitor all traffic on your network-- not just the events that trigger an alert.

Our MDR service provides network and application log monitoring, alerting, and reporting in real-time so we can have a bird's eye view. We also work with global intelligence groups to actively hunt for active threats and malicious conspirators who may be targeting your company's industry or network.

Threat Validation

When we detect suspicious indicators, an MDR analyst investigates deeper to determine if a real threat or incident exists.

This process works in sync with SHIELDVision, manual intel analysis, automated real-time scanning/querying. With SHIELDVision, we can correlate against past packet data.

Threat Response

For a validated incident, all critical data is collected and delivered in comprehensive reports to provide you with a granular view of what is happening and how to approach remediation.

Datashield reconstructs the actions leading up to an event and advises you on mitigation strategies for any compromised assets as well as future prevention techniques.

Threat Intel, Content and Alerting

Within the context of our MDR service, we are always gathering intel, writing content, and managing alert volume to provide our customers with a smooth and efficient experience.

Read our latest Security Advisories

Recent Articles

E-mail address

engagement[@]
datashieldprotect.com
pin

Contact us

(623) 377-4394‬

24-hours

Incident Response

(623) 377-4394‬