The AlexSta team is specialized in delivering bespoke security solutions; below we list some of the capabilities we have.
Our experience was built over the years from complex engagements delivered to Fortune 500 customers across a wide spectrum of industries and countries.
Cyber Strategy and Transformation
Security Assessments
Knowing the Threat Landscape relevant for your business and the risk implications can go a long way in preparing for security incidents. This service focuses on the evaluation of your business security profile and the right choice of security best practices that can eliminate or mitigate most of the threat actors techniques. The main objective of the engagement is security alignment with industry frameworks such as the ones from NIST, CIS18 or ENISA.
“Key stakeholders often underestimate how complex and overwhelming it can be to manage all the ancillary people and groups who must play a role in mitigating a major breach incident, including internal and external attorneys, internal and external investigators, law enforcement, regulators, insurers and many others.” – Bryan Sartin
SOC Enablement
The Security Operation Center (SOC) is a complex team of security professionals that follow clear processes with the main objectives of improving detection of threats and minimizing the time spent between detection and remediation of security incidents. The SOC Design service evaluates the security risks for the business’ mission, current skills available and processes used within the SOC – the resulting report provides a roadmap for how to better align the SOC operations with business goals.
“I really think that if we change our own approach and thinking about what we have available to us, that is what will unlock our ability to truly excel in security. It’s a perspectives exercise. ” – Greg York
Cyber Security Incident Response Plan
Incident response is a complex process involving many teams with a common objective – restore impacted systems and services as soon as possible back in production with minimal business impact. Establishing an efficient incident response capability requires substantial planning and resources and at the center of this effort is the CyberSecurity Incident Response Plan (CSIRP) – an overarching document that enables organizations in establishing security incident response capabilities and handling incidents efficiently and effectively by determining the appropriate response to each incident.
“A modern cybersecurity program must have Board and Executive level visibility, funding, and support. The modern cybersecurity program also includes reporting on multiple topics: understanding how threats impact revenues and the company brand, sales enablement, brand protection, IP protection, and understanding cyber risk.” – Demitrios ‘Laz’ Lazarikos
Readiness - Table Top Exercise
Test your team’s incident response readiness with real-life scenarios. TTE (table top exercise) are the first step when assessing the cybersecurity team members understanding of their roles and responsabilities during the major phases of an incident response effort. This is the best way to evaluate if your CyberSecurity IR Plan is sound and the members of the incident response team are fully aware of its details.
“In the very near future, cybersecurity exercises are going to be absolutely expected of all companies by regulators.” – Michael Vatis
Managed Security Services
DFIR Retainer
Have your dedicated stand-by team of DFIR (Digital Forensic and Incident Response) experts ready to respond to incidents that affect your organization and who are familiar with your corporate environment details. A retainer guarantees short terms of response to an incident with a dedicated security consultant, reducing the negative impact of an incident. The unspent hours are used for Compromise Assessment engagements or other proactive engagements.
At AlexSta we are using cloud powered solutions to make the most of the data available in your environment. Our methodology goes beyond the known attack libraries (e.g. MITTRE ATT&CK) and uses statistics to profile the environment in search for anomalies as well as operational practices knowledge.
“My message for companies that think they haven’t been attacked is: You’re not looking hard enough”. – James Snook
Managed Detection and Response
The MDR service is the ideal choice for organizations who need a highly skilled security team monitoring their environment. Our team has 12+ years in the DFIR (digital forensics and incident response) & TH (Threat Hunting) field. The MDR solution offers unparalleled visibility of cyber-attacks and security alerts triage by combining continuous threat hunting, high-value asset threat modeling and an intimate knowledge of your corporate environment and operational practices.
“Understand what data you hold, how you are using it, and make sure that you are practicing good data hygiene.” – David Mount
On-demand Security Services
Emergency Incident Response
Dealing with targeted security incidents is a very challenging situation for any organization; the skills required to handle such incidents are rarely found in the typical SOC (even for Fortune 500 corporations). Our team has 12+ years experience in executing incident response investigations of advanced persistent threats in very complex environments from different industries and geographical locations.
“A breach alone is not a disaster, but mishandling it is.” – Serene Davis
Digital Forensic Investigations
Arguably one of the most sophisticated area of the DFIR field Digital Forensics (DF) can answer questions that an IR investigation may not be able to. DF requires very high technical skills and can be very helpful in number of complex investigations such as when the threat actor tries to hide its tracks or for internal corporate investigations that may lead up to law enforcement involvement.