Expose security gaps. Detect advanced threats.
Respond accurately.

 

Transform your SOC into a proactive defense unit.


We excel in advanced threat defense through offensive & defensive security solutions.

Talk to GivanExplore Sentry Detect

Trusted by leading organizations around the world

Quote Athora blue teaming

“FalconForce’s advanced detection content has greatly boosted our detective capability in both breadth and depth.” 

Simon – Information Security & Risk Management

Quote-Heineken-purple-teaming

“Together with FalconForce we have been able to further enhance our threat detection capabilities!”

Marina – product owner Cyber Defense & Operations

Quote Menzis red teaming

“FalconForce was flexible as a snake, cunning like a fox, and kept their eyes on the targets as a falcon!”

Jeroen – ISO and control team lead

Our services

We offer multiple connected services

FF-training

Training

Want to train your defensive team to be truly effective in discovering attackers in your environment?

FalconForce has developed an intense 4-day, hands-on training to understand attacker behavior and develop better detection capabilities: Advanced Detection Engineering in the Enterprise.

FalconForce Blue teaming

Sentry Detect

Want to advance your threat detection and response capability, while managing resource constraints?

Our Sentry Detect managed detection engineering service provides you access to our high-fidelity detection content for Microsoft Sentinel and Defender XDR, and toolkit to manage your custom detections at scale.

FalconForce Red teaming

Red teaming

Want to simulate an advanced adversarial attack to test your prevention, detection and response capabilities?

FalconForce is an experienced red teaming provider (TIBER, ART, DORA TLPT). We provide you the best learning experience, help strengthen your defences and level up team dynamics.

Purple teaming alternative

Purple teaming

Want to build a solid cyber defense by having offensive and defensive teams join forces and work together?

Our collaborative purple teaming exercises replay attacks, stimulate knowledge transfer between experts and engage your team in pragmatic defensive enhancements.

Frequently asked questions

CISOs and SOC teams often ask about FalconForce services, so we’ve summarized their most common questions in this section.

Q&A – Sentry Detect

K
L

How can we be confident that Falconforce delivers high-quality detections to close our detection gaps?

FalconForce is a team of digital security professionals with a wealth of experience. We have a unique mix of defensive and offensive specialists.


We have successfully supported threat detection teams in multi-national companies in various industries: Energy, Finance, Insurance, Pensions, Manufacturing, High-tech, Pharmacy, Retail and other.

Our detection engineering training was featured at the 4 most recent editions of BlackHat US.

But don't just take our word for it and hear what our clients say!

“FalconForce’s advanced detection content has greatly boosted our detective capability in both breadth and depth.”

Simon – Information Security & Risk Management - Large insurance provider

K
L

Why do we need your premium detection content?

Our Sentry Detect service aims to complement your out-of-the-box Sentinel and Defender XDR platforms, and your own detection engineering team. Ultimately providing an additional sophisticated layer in your threat detection and response, and allowing your team to focus on their priorities.

K
L

Why is your Sentry detect service needed for my organization or my team?

To enhance your detection coverage beyond out-of-the-box content. Our content is not available to threat actors, so they cannot test their tools and techniques in advance.

To make leapfrogs in deploying additional detection content, via our large repository of ready-to-go premium detections.

To stir knowledge transfer to your detection engineering team.

Want to hear more about our Sentry Detect services and benefits? Watch our webinar here.

    K
    L

    When are we ‘ready’ for Falconforce’s detection content through Sentry Detect?

    Are you using Microsoft Sentinel and/or Defender XDR? And does one or more of the below apply to you?

    An audit or assessment revealed detection coverage gaps.

    Your SOC team is overwhelmed by operational demands.

    It's challenging to maintain detection relevance with emerging threats.

    You question the adequacy of out-of-the-box detection content.

    Then you are ready for Sentry Detect! We will help you:

    Enhancing visibility into detection gaps.

    Reducing operational burden on existing SOC staff.

    Accelerating capability development through knowledge partnership.

    Improving confidence in defensive coverage.

    K
    L

    What cyber attacks does your Sentry Detect service cover? Can I get access to your detection portfolio?

    Our detections flag a wide variety of attacker behavior, instead of relying on specific IoCs (such as hashes or ip addresses).

    This makes our detections more reliable in case the threat actor changes their toolkit or location.

    The threat actor behavior we identify is based on our red teaming experience in the field, own R&D and real-life incidents.

    Want to have a look at our content? Get access to our Sentry portal here.

    Q&A – Red teaming

    K
    L

    What makes you stand out as red teaming provider?

    FalconForce red teaming operators focus on red and purple teaming only, primarily in TIBER, ART or DORA TLPT context.

    They have 4-12 years of experience in red teaming in challenging environments.

    Risk management and constant communication with our clients' control teams are a very important elements of the services we offer.

    We see red teaming as providing a valuable learning experience for our clients' blue team and way to improve your threat detection and response.

    In each red teaming project, we involve our blue teaming exerts to give our clients the best learning experience.

    K
    L

    What types of red teaming exercises did you do? In what sectors?

    We have performed hundreds of exercises.

    We specialize in performing threat-led red teaming exercises under the TIBER or ART frameworks.

    We therefore have extensive experience in operating in the banking, insurance, pension and payments industries.

    FalconForce has also performed red teaming exercises in a variety of other challenging environments, such as high-tech, pharma, consumer goods, airports, ecommerce, managed security services and foods & beverages.

    Q&A – Purple teaming

    K
    L

    What is the difference between purple teaming and red teaming?

    Purple teaming is an open, intense and compact collaboration between red and blue teamers from the very start of the project.

    Red teaming typically has a longer lead time than purple teaming exercises. Red teaming starts out as "red versus blue", where the red team tries to stay undetected. Only towards the end of the red teaming exercise red and blue collaborate.

    We believe that both purple and red teaming should be a valuable learning experience for our clients' defensive teams.

    K
    L

    When should I go for purple teaming instead of red teaming?

    Purple teaming exercises are typically more compact and therefore easier to schedule and can be scope to more specific learning needs.

    Moreover, the collaboration with and knowledge exchange between the red and blue team starts from day one.

    Our clients typically use purple teaming to focus attention on topics left untouched in red teaming exercises and provide regular hands-on training to their defensive teams.

    Q&A – Training

    K
    L

    Is the advanced detection engineering training provided online?

    We only provide the training in-person, as we feel this provides a much richer learning experience for the trainees. Bringing people together stimulates asking questions and discussions, in the training room and at the coffee machine.

    K
    L

    Can you train my whole SOC / detection engineering team?

    Yes, we can facilitate our ADE training as a private training for your company!

    We bring our facilitators onsite at your office location (or another location of your choice) and provide the training.

    A private training allows more detailed discussions on topics and challenges important to your organization.

    Moreover, you can invite a broad selection of staff, including defenders, red teamers and other technical security staff. This will stimulate internal teams working together, share knowledge and raise awareness.

    We are happy to meet you and discuss how we can help. Please reach out to Givan to start a conversation!

    Digital security delivered by professionals with a wealth of experience

    About us

    Trust and integrity are paramount in digital security services. Each individual Falcon has a strong track-record working in offensive or defensive security in sensitive environments. 

    FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.

    Energieweg 3
    3542 DZ Utrecht
    The Netherlands

    FalconForce B.V.
    [email protected]
    (+31) 85 044 93 34

    KVK 76682307
    BTW NL860745314B01

    ISO27001 certified