Managed Threat Detection & Response

Detecting, Preventing and Mitigating Threats

Detect Unknown Threats

Forget traditional signature-based detection and rely on EDR that can detect suspicious behavior and identify unknown threats.

Learn more

Prevent Malicious Actions

Actions categorized as potentially malicious or dangerous can be automatically blocked and reported for analysis to our triage team.

Learn more

Perform Incident Response

We can perform our incident reponse remotely, even including isolating a host on network level to perform further analysis.

Learn more
Crowdstrike Global Threat Report 2021

Bad stuff happens, but we're here to help.

Last year state-sponsored adversaries infiltrated networks to steal valuable data on vaccine research and government responses to the pandemic, criminal adversaries introduced new business models and both eCrime and targeted intrusion adversaries stepped up their development efforts. Now is probably a good time to look into EDR protection.

161

Tracked Adversaries

75.000

Stopped Breaches

7 Trillion

Events per Week

4X

Interactive Threats

You are always informed.

Every detection and potential action is reported to you in real time over your company communication channel.

We are here to help.

If you have a question around our service, vulnerabilities or impact, ask us for technical advice and let us delve into your question.

Never break your flow.

Stay within your company tools where you feel most comfortable. We will reach you the way you prefer.

slack

Agent signal Collection

The agent collects and ships security telemetry to the Threat Cloud securely. In case no network is available, on-device detection is performed. We support most common platforms including Kubernetes.

Cloud signal aggregation & detection

Signals are analyzed using crowdsourced static rulesets, Machine Learning models and threat intelligence to aggregate, identify and classify threats.

Threat Prevention

Signals are pushed through to static and Machine Learning models to aggregate into potential threats. Crowdsourced threat intelligence intelligence to identify and classify threats.

Incident After Care

Incident Response actions for further investigation and remediation of a detection is done completely remotely, even isolating an infection.

So how does it work?

We base ourselves upon a lightweight agent to collect security signals and perform automatic & manual threat hunting.

Getting the job done with the least amount of burden is our priority.
We treat device telemetry as confidential information and always process it according to the European GDPR legislation in the EU-WEST region.

Four Characteristics

% # we are happily compiling code without any performance impact!
% go build -o my-huge-app ./...
% # and note that the agent is not consuming a lot of resources
% top -c d -l 1 -stats "COMMAND,PID,CPU,MEM" | grep -Ei 'com.crowdstrike'
% com.crowdstrike. 1522   0.0  84739K
# some things may look suspicious but not enough to block
# e.g. manually compiling code with the msbuild c++ engine ("living of the land")
# and this alert will be triaged by us
C:\Users\iron\.NET\ > MSBuild.exe msupdate.xml
C:\Users\iron\.NET\ >
% # we will now try to extract the root password hash in a trivial way
% # this process can trigger a detection and be most likely blocked
% sudo grep root /etc/shadow
  process exited
% 
# we can do incident response remotely for manually investigating threats
C:\Users\iron\Downloads\> ls
Directory listing for C:\Users\iron\Downloads -
Name            Type       Size (bytes)
suspicious.dll  .dll       196

Service Pricing

Straight-forward pricing models, priced per endpoint per month.
EDR

Detection & Response

€ 10

Full EDR coverage without the hard bits.

  • Windows, macOS, linux
  • Lightweight agent
  • Human alert triage
  • Incident Response
  • Proactive Threat Hunting
  • Technical Support
Coming Soon

Vulnerabilies & Patching

Detect missing patches & local vulnerabilities.

  • Windows, macOS, linux
  • Lightweight agent
  • Human alert triage
  • Incident Response
  • Technical Support
  • Continuous Threat Hunting
  • Patch & vulnerability detection
  • Patch & vulnerability triage
Under Review

Cloud Posture Security

Discover cloud misconfigurations.

  • Google Cloud, Amazon Web Services
  • Service connector
  • Human alert triage
  • Incident Response
  • Technical Support

I'm sure you're still having loads of questions.

Let's go over the most common ones, but don't hesitate to just reach out for a talk.

Everything you need! This includes help before, during and after the deployment, technical support, the actual sensors, ongoing support, alert triage, any integrations plus access to the platform.
  • Apple macOS
    Monterey (12.0+), Big Sur (11.0+), Catalina (10.15+), Mojave (10.14+).
  • Windows Server
    2008 R2 SP1, 2012, 2016, 2019, 2022.
  • Windows
    7, 8.1, 10, 11.
  • linux
    Amazon Linux, CentOS, Debian, Oracle Linux, Red Hat, SUSE, Ubuntu, AWS ARM, Docker.
    Kernel compatibility is generally for LTS releases.
  • Kubernetes
    Google Kubernetes Engine, Red Hat Openshift, Amazon EKS.
    With a kernel-level sensor we deploy sensors to the worker nodes which run the Pods.
    If this is not possible, we can deploy sidecar containers which are licensed per Pod.
    This depends on your worker node OS and kernel version, please reach out to us.
  • Docker
    Yes, as a general container.
Due to licensing agreements, we have to bill you yearly instead of monthly. The amount of endpoints is taken as an average and recalculated at the end of the year. In case your company grows, we only charge you for the remaining time of your original invoice.
Just reach out! We're super happy to explain it everything to you and address any concerns you might have.

It's recommended for business.

You want to be safeguarding your company assets in the most cost effective way possible, taking into account your revenue stream and growth cycle. Our services scale along your company while still providing you with the best security protection for all of the prevalent system platforms.

It's recommended for IT.

Building a SOC and monitoring team is resource intense and requires knowledge of the latest attack techniques which you might not have readily available internally. With the current state of the IT market it makes perfect sense to outsource specialized services in a cost-effective way so you can get back to building.

Ready to start improving your security posture?

Try our Managed Detection & Response today.

Get your IRON account