Managed Detection and Response
- Emergency Response If you are under attack – or think you might be – call us. We can remotely deploy and start fighting back within minutes. Learn more...
- Managed Detection & Response (MDR) Bring the latest expertise, technology, and telemetry for attack detection and response to your organization – without the overhead of managing it. Learn more...
- Threat Hunting Consultancy It can take up to three years to build an internal threat hunting capability. We can defend your organization while training and developing your team to battle the evolving threat landscape. Learn more...
Our threat hunters specialize in seeking out live attackers that are using previously unseen tactics, techniques, and procedures. They do this by incorporating research and intelligence from across MWR and the wider security community into our threat hunting platform, drawing from threat intelligence, the latest red team learnings, public and private research, and known attacker behaviour to eliminate false positives.
We stay ahead of attackers. At the core of our managed detection and response service is our team of threat hunters, a highly skilled set of individuals trained in the attacker mindset. To identify anomalous behaviour, the team continually collects and analyzes rich data from across a customer’s estate, including endpoints, logs, sensors, and Office 365.
Live response to human adversaries
Detecting attacks without the ability to respond offers little in the way of protection. Our goal is to detect, respond to, and contain an attack before the attacker’s objective is reached, often while the attack is happening. While much of the market is focused predominantly on the 'detection and containment of malware', it lacks the mindset that the real threat is a human attacker – a dynamic entity that can and will adapt techniques in real-time that can only be effectively countered an equally skilled and equipped hunt team.
A robust response capability should include the following:Suspect an incident?
How do you – the client – get visibility into what’s happening on your estate? How do we alert you to suspicious activity? How do we collaborate and provide transparency?
Client portal for live updates and interaction
Our client portal supports our fully managed service customers with a number of features and provides:
- - The ability to customize and integrate with your existing system and tech stack
- - A chat feature for real-time communication and collaboration
- - Out-of-band incident management
- - System integration available through API
- - Live state of deployment through visibility of the agent's status
- - The ability to raise requests
- - Generated executive summary reports
The Countercept Technology Stack
Our technology stack – and the skills and processes to leverage it – didn’t happen overnight. It is the result of years of thoughtful planning, creative problem-solving, and stellar coding and development. It was developed to raise the bar of the managed detection and response industry and provide a comprehensive service that takes in all elements needed to minimize risks to organizations. Our goal is to detect and respond to attacks before they impact the business and our tech stack reflects this ambition.
The endpoint remains the most common attack vector, which is why we developed a proprietary endpoint detection and response (EDR) agent, which is rich in IR features, such as the ability to contain any executable, isolate a host, and pull rich forensic artefacts (files, MFT, memory images, etc.) to fully understand the attackers motives.
We also have the ability to consume data outside of the EDR agent, such as network sensors, logs and Office365.