Expose security gaps. Detect advanced threats. Respond accurately.
Transform your SOC into a proactive defense unit.
We excel in advanced threat defense through offensive & defensive security solutions.
Trusted by leading organizations around the world
“FalconForce’s advanced detection content has greatly boosted our detective capability in both breadth and depth.”
Simon – Information Security & Risk Management
“Together with FalconForce we have been able to further enhance our threat detection capabilities!”
Marina – product owner Cyber Defense & Operations
“FalconForce was flexible as a snake, cunning like a fox, and kept their eyes on the targets as a falcon!”
Jeroen – ISO and control team lead
Our services
We offer multiple connected services

Training
Want to train your defensive team to be truly effective in discovering attackers in your environment?
FalconForce has developed an intense 4-day, hands-on training to understand attacker behavior and develop better detection capabilities: Advanced Detection Engineering in the Enterprise.

Sentry Detect
Our Sentry Detect managed detection engineering service provides you access to our high-fidelity detection content for Microsoft Sentinel and Defender XDR, and toolkit to manage your custom detections at scale.

Red teaming
Want to simulate an advanced adversarial attack to test your prevention, detection and response capabilities?
FalconForce is an experienced red teaming provider (TIBER, ART, DORA TLPT). We provide you the best learning experience, help strengthen your defences and level up team dynamics.

Purple teaming
Want to build a solid cyber defense by having offensive and defensive teams join forces and work together?
Our collaborative purple teaming exercises replay attacks, stimulate knowledge transfer between experts and engage your team in pragmatic defensive enhancements.
Frequently asked questions
Q&A – Sentry Detect
How can we be confident that Falconforce delivers high-quality detections to close our detection gaps?
FalconForce is a team of digital security professionals with a wealth of experience. We have a unique mix of defensive and offensive specialists.
We have successfully supported threat detection teams in multi-national companies in various industries: Energy, Finance, Insurance, Pensions, Manufacturing, High-tech, Pharmacy, Retail and other.
Our detection engineering training was featured at the 4 most recent editions of BlackHat US.
But don't just take our word for it and hear what our clients say!
“FalconForce’s advanced detection content has greatly boosted our detective capability in both breadth and depth.”
Simon – Information Security & Risk Management - Large insurance provider
Why do we need your premium detection content?
Our Sentry Detect service aims to complement your out-of-the-box Sentinel and Defender XDR platforms, and your own detection engineering team. Ultimately providing an additional sophisticated layer in your threat detection and response, and allowing your team to focus on their priorities.
Why is your Sentry detect service needed for my organization or my team?
To enhance your detection coverage beyond out-of-the-box content. Our content is not available to threat actors, so they cannot test their tools and techniques in advance.
To make leapfrogs in deploying additional detection content, via our large repository of ready-to-go premium detections.
To stir knowledge transfer to your detection engineering team.
Want to hear more about our Sentry Detect services and benefits? Watch our webinar here.
When are we ‘ready’ for Falconforce’s detection content through Sentry Detect?
Are you using Microsoft Sentinel and/or Defender XDR? And does one or more of the below apply to you?
An audit or assessment revealed detection coverage gaps.
Your SOC team is overwhelmed by operational demands.
It's challenging to maintain detection relevance with emerging threats.
You question the adequacy of out-of-the-box detection content.
Then you are ready for Sentry Detect! We will help you:
Enhancing visibility into detection gaps.
Reducing operational burden on existing SOC staff.
Accelerating capability development through knowledge partnership.
Improving confidence in defensive coverage.
What cyber attacks does your Sentry Detect service cover? Can I get access to your detection portfolio?
Our detections flag a wide variety of attacker behavior, instead of relying on specific IoCs (such as hashes or ip addresses).
This makes our detections more reliable in case the threat actor changes their toolkit or location.
The threat actor behavior we identify is based on our red teaming experience in the field, own R&D and real-life incidents.
Want to have a look at our content? Get access to our Sentry portal here.
Q&A – Red teaming
What makes you stand out as red teaming provider?
FalconForce red teaming operators focus on red and purple teaming only, primarily in TIBER, ART or DORA TLPT context.
They have 4-12 years of experience in red teaming in challenging environments.
Risk management and constant communication with our clients' control teams are a very important elements of the services we offer.
We see red teaming as providing a valuable learning experience for our clients' blue team and way to improve your threat detection and response.
In each red teaming project, we involve our blue teaming exerts to give our clients the best learning experience.
What types of red teaming exercises did you do? In what sectors?
We have performed hundreds of exercises.
We specialize in performing threat-led red teaming exercises under the TIBER or ART frameworks.
We therefore have extensive experience in operating in the banking, insurance, pension and payments industries.
FalconForce has also performed red teaming exercises in a variety of other challenging environments, such as high-tech, pharma, consumer goods, airports, ecommerce, managed security services and foods & beverages.
Q&A – Purple teaming
What is the difference between purple teaming and red teaming?
Purple teaming is an open, intense and compact collaboration between red and blue teamers from the very start of the project.
Red teaming typically has a longer lead time than purple teaming exercises. Red teaming starts out as "red versus blue", where the red team tries to stay undetected. Only towards the end of the red teaming exercise red and blue collaborate.
We believe that both purple and red teaming should be a valuable learning experience for our clients' defensive teams.
When should I go for purple teaming instead of red teaming?
Purple teaming exercises are typically more compact and therefore easier to schedule and can be scope to more specific learning needs.
Moreover, the collaboration with and knowledge exchange between the red and blue team starts from day one.
Our clients typically use purple teaming to focus attention on topics left untouched in red teaming exercises and provide regular hands-on training to their defensive teams.
Q&A – Training
Is the advanced detection engineering training provided online?
We only provide the training in-person, as we feel this provides a much richer learning experience for the trainees. Bringing people together stimulates asking questions and discussions, in the training room and at the coffee machine.
Can you train my whole SOC / detection engineering team?
Yes, we can facilitate our ADE training as a private training for your company!
We bring our facilitators onsite at your office location (or another location of your choice) and provide the training.
A private training allows more detailed discussions on topics and challenges important to your organization.
Moreover, you can invite a broad selection of staff, including defenders, red teamers and other technical security staff. This will stimulate internal teams working together, share knowledge and raise awareness.

About us
Trust and integrity are paramount in digital security services. Each individual Falcon has a strong track-record working in offensive or defensive security in sensitive environments.

FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.
Energieweg 3
3542 DZ Utrecht
The Netherlands
FalconForce B.V.
[email protected]
(+31) 85 044 93 34
KVK 76682307
BTW NL860745314B01