FalconForce is a team of digital security professionals with a wealth of experience. We have a unique mix of defensive and offensive specialists.


We have successfully supported threat detection teams in multi-national companies in various industries: Energy, Finance, Insurance, Pensions, Manufacturing, High-tech, Pharmacy, Retail and other.

Our detection engineering training was featured at the 4 most recent editions of BlackHat US.

But don't just take our word for it and hear what our clients say!

“FalconForce’s advanced detection content has greatly boosted our detective capability in both breadth and depth.”

Simon – Information Security & Risk Management - Large insurance provider

Our Sentry Detect service aims to complement your out-of-the-box Sentinel and Defender XDR platforms, and your own detection engineering team. Ultimately providing an additional sophisticated layer in your threat detection and response, and allowing your team to focus on their priorities.

To enhance your detection coverage beyond out-of-the-box content. Our content is not available to threat actors, so they cannot test their tools and techniques in advance.

To make leapfrogs in deploying additional detection content, via our large repository of ready-to-go premium detections.

To stir knowledge transfer to your detection engineering team.

Want to hear more about our Sentry Detect services and benefits? Watch our webinar here.

Are you using Microsoft Sentinel and/or Defender XDR? And does one or more of the below apply to you?

An audit or assessment revealed detection coverage gaps.

Your SOC team is overwhelmed by operational demands.

It's challenging to maintain detection relevance with emerging threats.

You question the adequacy of out-of-the-box detection content.

Then you are ready for Sentry Detect! We will help you:

Enhancing visibility into detection gaps.

Reducing operational burden on existing SOC staff.

Accelerating capability development through knowledge partnership.

Improving confidence in defensive coverage.

Our detections flag a wide variety of attacker behavior, instead of relying on specific IoCs (such as hashes or ip addresses).

This makes our detections more reliable in case the threat actor changes their toolkit or location.

The threat actor behavior we identify is based on our red teaming experience in the field, own R&D and real-life incidents.

Want to have a look at our content? Get access to our Sentry portal here.

FalconForce red teaming operators focus on red and purple teaming only, primarily in TIBER, ART or DORA TLPT context.

They have 4-12 years of experience in red teaming in challenging environments.

Risk management and constant communication with our clients' control teams are a very important elements of the services we offer.

We see red teaming as providing a valuable learning experience for our clients' blue team and way to improve your threat detection and response.

In each red teaming project, we involve our blue teaming exerts to give our clients the best learning experience.

We have performed hundreds of exercises.

We specialize in performing threat-led red teaming exercises under the TIBER or ART frameworks.

We therefore have extensive experience in operating in the banking, insurance, pension and payments industries.

FalconForce has also performed red teaming exercises in a variety of other challenging environments, such as high-tech, pharma, consumer goods, airports, ecommerce, managed security services and foods & beverages.

Purple teaming is an open, intense and compact collaboration between red and blue teamers from the very start of the project.

Red teaming typically has a longer lead time than purple teaming exercises. Red teaming starts out as "red versus blue", where the red team tries to stay undetected. Only towards the end of the red teaming exercise red and blue collaborate.

We believe that both purple and red teaming should be a valuable learning experience for our clients' defensive teams.

Purple teaming exercises are typically more compact and therefore easier to schedule and can be scope to more specific learning needs.

Moreover, the collaboration with and knowledge exchange between the red and blue team starts from day one.

Our clients typically use purple teaming to focus attention on topics left untouched in red teaming exercises and provide regular hands-on training to their defensive teams.

We only provide the training in-person, as we feel this provides a much richer learning experience for the trainees. Bringing people together stimulates asking questions and discussions, in the training room and at the coffee machine.

Yes, we can facilitate our ADE training as a private training for your company!

We bring our facilitators onsite at your office location (or another location of your choice) and provide the training.

A private training allows more detailed discussions on topics and challenges important to your organization.

Moreover, you can invite a broad selection of staff, including defenders, red teamers and other technical security staff. This will stimulate internal teams working together, share knowledge and raise awareness.