MANAGED DETECTION AND RESPONSE

Managed Detection & Response

Alchemy Managed Detection & Response Service

Our Managed Detection & Response service combines best of breed technology and expertise with skilled and experienced analysts to provide advanced detection and response capabilities. This combination allows us to reduce the impact of a breach or incident and, rapidly mature the defensive capabilities of our customers.

Detect advanced threats

Best of breed technology combined with Alchemy's inhouse detection strategies detect and defend your environment against advanced and persistent threats.

Proactively identify malicious activity

Alchemy's skills and experience in both incident response and red teaming allows us to proactively hunt for threats within your environment. Proactively identifying threats that technology and product alone cannot.

Rapidly Mature your Cyber Security

Granular visibility, best of breed technology paired with skilled and experience security consultants rapdily matures your cyber security capabilities

Managed Detection & Response

MDR TECHNOLOGY

Our MDR services are built on best of breed technology such as end-point detection and response (EDR) and security information and event management (SIEM). While these technologies in isolation are effective, our skilled and experienced consultants fill the gaps in detection techniques that technology in isolation cannot.

end-point vulnerability management
End-Point Detection & Response
24x7 Monitoring
all incidents reviewed & validated
Security team respond to threats on your behalf
Detailed reporting
incident response assistance
Access to azure sentinel
user & entity baseline analytics (UEBA)
manual threat hunting to identify advanced persistent threats (monthly)

FEATURES MATRIX

Managed Detection & Response Features

MANAGED DETECTION & RESPONSE
FeaturesFoundationAdvanced
End-Point Vulnerability Management
End-Point Detction & Response
24x7 Monitoring
All incidents reviewed and validated
Security Team respond to threats on your behalf
Regular consults and reporting
Incident Response assistance1 p/y
2 p/y
Access to Azure Sentinel
User and Entity Baseline Analytics (UEBA)  
Manual Threat Hunting to Identify Advanced Persistent Threats
DEDICATED SECURITY CONSULTANT
FeaturesFoundationAdvanced
Dedicated security consultant
Reviews/Triages alerts and incidents
SIEM Support
Scheduled consultations with security consultant
QuarterlyMonthly
Assistance with management and executive reporting
General security consulting to assist in broader security decisions
Communicates impact and findings of threat hunting
DETECTION TECHNIQUES
FeaturesFoundationAdvanced
Advanced persistent threat TTP detections
Zero-Day vulnerability detection
User and entity baseline analytics (UEBA)
Threat intelligence
Manual Threat Hunting to Identify Advanced Persistent Threats (APT)
RESPONSE
FeaturesFoundationAdvanced
Security team respond, validate and triage alerts and incidents
Security team will perform actions on infected hosts to isolate threats
Security team will perform incident response to assist in managing an incident
VISIBILITY AND REPORTING
FeaturesFoundationAdvanced
Alert and incident reports with tailored remediation and mitigation actions
Onboarding red team validation test
Onboarding threat hunting report
Threat analytics reporting
Monthly Vulnerability Report
Customer specific reporting
Monthly threat hunting reports
LOG AND EVENT MANAGEMENT
FeaturesFoundationAdvanced
Self service alerting and reporting
Implementation, setup and configuration assistance (SIEM)
Self service log management, searching and reporting capability (SIEM)
How It Works

THE MDR PROCESS

Our Managed Detection and Response service stays on the very cutting edge of both detection and response capabilities.

PREPARATION

Alchemy Sec's Managed Detection and Response prepares you to both identify and react to a breach by rapidly maturing your defensive capabilities and incident response processes.

IDENTIFICATION

Threats are proactively identified by advanced detection techniques paired with best of breed technology and experienced security consultants.

CONTAINMENT

Once a threat has been identified, containment strategies are implemented to limit further impact and lateral movement.

ERADICATIOn

Through investigation and hunting strategies, infections and persistence mechanisms are removed through both remediation and restoration activities.

RECOVERY

All impacted end-points, accounts and services will have numerous recovery actions performed to ensure that vulnerabilities exploite by the threat actor have been appropriately remediated.

LESSONS LEARNED

The final phase allows us to review the incident as a whole, identifying what was done well and what could have been done better to further improve future incident response capabilities.

Alchemy Difference

Why alchemy is different

AlchemySec's MDR capability is built upon experience gained from years of incident response and red team engagements that allow us to rapidly mature our customers incident response capabilities, mitigate attacks and proactively identify breaches.

case studies

problem
solution
impact
testimonial
The Problem

EVENTS AND LOGS are not monitored to detect attackS

While most businesses have numerous security controls in place, the events and logs from these sources are not centralised, correlated or monitored to detect various stages of a cyber-attack.
The Solution

Alchemy identify critical assets and design a SIEM

Alchemy worked with key stakeholders to identify business critical assets, information and processes. Using this information a SIEM was designed and implemented to centralise logs and events while enabling the business to proactively correlate and identify threats within all tiers of their environment.

The Impact

effective identification & Defence against attack

This gave the business granular visibility across their environment, enabling them to proactively identify and defend their business against advanced attacks.

The Testimonial

They UnderstooD emerging tecHnology and threats

AlchemySec is my go-to Cyber Security Consultancy, Every. Time. They are quick to answer an email for the “easy” questions, or give you the detail you need to convey an issue to a client. Having worked in both the Enterprise space, as well as the Small-to-Medium business, they understand what you are trying to achieve and knows how to get the job done. I can’t recommend them highly enough.

It’s free to chat

Send us a message and we will be in touch as soon as possible. And it’s free to chat

Recent Post

Detecting and defending against advanced persistent threats utilizing the latest in industry-leading tools and techniques to strengthen and mature the security posture.

Conti Group - Tooling, Leaks and Russian FSB Ties

The Conti group have been featured across many news outlets lately both inside and outside the cyber security community. It is well known that this specific threat actor is mainly…
Read More

Yes, Local Administrators ARE a Risk

Modern environments are in a constant state of flux; new systems are being commissioned, and old systems decommissioned, to meet new requirements and increase efficiency in all sectors. Managing those…
Read More

OSINT for Penetration Testers

Part of performing an effective and successful penetration test requires gathering as much information about the target as possible. The more information you have on your target, the more likely…
Read More

CONTI Group - The not so advanced APT

Recently in the news it was revealed that a member of an “APT” group that utilises the “Conti” ransomware became disgruntled at the state of their relationship with the group…
Read More

Hidden Cobra - Uncovering the North Korean APT

Advanced persistent threats come in many forms ranging from your crime groups, activists all the way through to your state sponsored groups. While some of these threat actors such as…
Read More

Please Sign Here - Why NTLM Relaying Is Still a Risk in 2021

The Windows Name Resolution Flow You may be under the impression that turning host names into IP addresses is simple. You check:  The Hosts file; then Your system’s DNS (Domain Name System) resolver  That’s it right? If you don’t…
Read More

The benefits of Red Teaming

Red teaming is not a new concept within the cyber security community. However in Australia, Red Teaming is a relatively new term for most organisations. In this blog post we'll…
Read More

Stealing Password Reset Tokens for Fun and Profit

When adding a “Password Reset” function to your application it is especially important to ensure this has the same security considerations as any other critical function within the application. Due…
Read More

MITRE ATT&CK Framework Primer

The MITRE ATT&CK framework is a fairly familiar term within the Cyber Security industry. It has quickly evolved from a niche framework, to the core of many security operation centers.…
Read More