Managed Services

Incident Response

Our incident response managed services provide clients with a proactive and efficient approach to handle and mitigate the impact of cyber security incidents. Our experienced incident response team is available round-the-clock to rapidly respond to and contain security breaches, minimize damage, and restore normal operations. By leveraging our expertise in incident response planning, detection, investigation, and recovery, clients can effectively mitigate risks, reduce downtime, protect their valuable assets and reputation in the face of cyber attacks, and sleep just a bit easier at night. A great way to get ahead of the curve, is to prepare for the worst doing tabletop exercises, but it’s never a bad idea to adopt an “assumed breach” approach to have a quick resolution.

Security Event Monitoring

EkoCyber utilizes Security Information and Event Management (SIEM) systems, also known as Data Lakes, to perform security event monitoring (SEM) duties for our client. Our SIEM consolidates and analyzes security event logs from various sources, providing a centralized view of the client’s security posture, detecting anomalies, creating a timeline of associated events and facilitating effective incident response.

Our SEM managed services customers have peace of mind knowing that we will also perform Managed Detection & Response (MDR) duties as well. They don’t need to worry about who is actioning the alerts, or what needs to be prioritized. Our managed services filter out the noise to reduce false positive alerts and only bring the important notifications to your attention, so you can focus on running your business.

Endpoint Protection Managed Services

At EkoCyber we deliver comprehensive Endpoint Detection and Response (EDR) and Next-Generation Antivirus (NGAV) managed services to our clients. With EDR, we proactively monitor and analyze endpoint activities, leveraging advanced threat detection techniques and real-time visibility to swiftly identify and respond to potential security incidents. Our NGAV solution combines cutting-edge antivirus capabilities with machine learning and behavioral analysis to protect against known and unknown threats. By combining EDR and NGAV, we provide our clients with a robust defense against sophisticated attacks, ensuring their endpoints are secured, and enabling them to focus on their core business operations with confidence.

Vulnerability Management

Traditional vulnerability management programs have relied on static, or perhaps scheduled, vulnerability scans. These could range from every two weeks, to every month, every quarter, or even every year. Some might only scan their external perimeter, or only their internal, leaving huge swathes of their network unattended. These can be great, and in fact we also offer them HERE, especially for segmented networks where there’s no internet access but aren’t one-size-fits-all.

We take an adversarial approach, and recognize that every day new vulnerabilities are discovered and new exploits created. To solve this, we offer agent-based vulnerability assessments through Qualys. We will work with you to identify all of your endpoints, and deploy an extremely lightweight agent to them. This agent passively collects information about identified vulnerabilities, and is able to report findings in real-time. Every time a new vulnerability is posted, they will automatically assess if it’s relevant or not. We take the guess work out of figuring out your attack surface.

Patch Management

You’ve created an asset inventory, started performing vulnerability assessments on your devices, but what now? How do you go about remediating the software vulnerabilities identified? Many organizations hit a roadblock here. There are patching solutions available such as Windows SCCM, Chocolatey, PDQ Deploy, amongst others, but they all have the same bottleneck – trying to deploy patches over a bottlenecked network connection. This can lead to quality of service issues for other network traffic, lead to missed patches if a device is offline during the scheduled process, or corrupt downloads.

To solve this for our clients, we have begun offering agent-based patching. The best part about it? It’s the same agent used for vulnerability management. No more juggling agents or missing patches. It will automatically discover missing patches, validate them, download and install them, and confirm the update was successful. All the while, it will be updating the associated vulnerabilities.

Our Managed Services Process

We follow a systematic approach to deliver our services effectively. It all begins with a discovery call where we will engage with your business to understand their unique needs and challenges. During this phase, we work to understand your business objectives, existing IT infrastructure, and pain points. Following this, requirements gathering takes place to precisely outline what services and solutions will be both most effective and cost efficient.

Once requirements are defined, environment scoping occurs, where we study your IT environment comprehensively, considering aspects like hardware, software, security protocols and how to deploy the requisite agents. After the scoping phase, deployment of the chosen solutions takes place. This involves configuring and implementing the necessary systems, ensuring compatibility with your existing infrastructure.

The next crucial step is initial install verification, where we rigorously test the deployed solutions to guarantee their functionality and compatibility. After successful verification, the system tuning process begins. This involves optimizing the solutions for maximum performance, security, and efficiency.

Throughout the engagement, we will provide ongoing reports, keeping you informed about the status of the project, performance metrics, and any potential issues or opportunities for improvement. This transparent and proactive communication ensures that your IT systems are always aligned with your evolving needs and goals.