Go defensive
Blue teaming
As the SOC team, it’s your responsibility to protect business’ and clients’ most critical assets. Unfortunately, advanced threat actors are becoming ever more elusive in this rapidly-changing digital landscape – and catching them requires cutting-edge detections (use-cases). Let us help you staying one step ahead of potential cyber threats by boosting your threat detection capabilities!
Building, maintaining and tuning these advanced use-cases takes time, skills and insights in the latest attack vectors. Creating these new detections is often the responsibility of already overburdened engineers who are busy following up on events or doing incident response. This status quo makes you less flexible in focusing on business priorities and may put additional stress on your workforce.
FalconForce consists of a team of security veterans with a mix of deep offensive and defensive skills. We have performed numerous red team exercises, spent years in hunting or incident response, and scripted our way through so many technology stacks we lost count. In the past years we have been using our skills to create a repository of advanced use-cases. We are ready to support you in your mission to secure your business!
We believe modern threat detection is an interplay between your team, an advanced SIEM/SOAR, automation and specialist external input. FalconForce can support you in a number of these important threat detection topics.
FalconForce Sentry Detect: Managed Detection Engineering
FalconForce Sentry Detect adds value to both MSSPs and in-house (hybrid) SOCs. We provide instant access to our growing repository of advanced detection content or can custom develop content for you.
For in-house (hybrid) SOCs we also offer additional ‘booster packages’ with a selection of proven use-cases from our repository; to kickstart or rapidly increase your detection capabilities.
Blue consultancy
Looking for expertise to enhance specific parts of your threat detection stack? FalconForce can help! We have expertise in setting up automated deployment pipelines, automating enrichment, custom detection development, BloodHound and testing your detections. Please get in touch so we can discuss what you are looking for and where we can help!
Go defensive
Blue teaming
experience
“Great advanced detection content!”
Simon - Information Security & Risk Management @ Athora
“FalconForce’s advanced detection content has greatly boosted our detective capability in both breadth and depth. The steady stream of new, tuned and well-documented detections and discussions with FalconForce’s experts really enhance the efficiency of our team.”
Go defensive
Blue teaming
knowledge
Detection engineering rabbit holes - parsing ASN.1 packets in KQL
[dsm_breadcrumbs show_home_icon="off" separator_icon="K||divi||400" admin_label="Supreme Breadcrumbs" _builder_version="4.18.0" _module_preset="default" items_font="||||||||" items_text_color="rgba(255,255,255,0.6)" custom_css_main_element="color:...
FalconFriday — Detecting MMC abuse using GrimResource with MDE— 0xFF24
[dsm_breadcrumbs show_home_icon="off" separator_icon="K||divi||400" admin_label="Supreme Breadcrumbs" _builder_version="4.18.0" _module_preset="default" items_font="||||||||" items_text_color="rgba(255,255,255,0.6)" custom_css_main_element="color:...
Go defensive
What does blue teaming bring you?
We protect your business
Reduce operational costs
Hiring new experts or developing expertise in-house is challenging, and ROI will take time. You can reduce those efforts by collaborating with FalconForce. Moreover, our content enables automation of deployment, and your team can chase mostly true positives.
Grow coverage faster and learn
Olaf speaking
Defensive specialist @ FalconForce & Microsoft MVP
“Constantly researching threat actor behavior, building and testing advanced detections takes a lot of knowledge, skills and time. Based on FalconForce’s offensive and defensive teams we have built and are continuously improving a repository of advanced use-cases for MDE and Sentinel. Moreover, we added various smart automations for deployment and documentation to help our clients focus on what really matters.”
Go defensive
Our other services
Purple teaming
Red teaming
Want to test your cyber threat detection and response with an extensive, realistic adversarial simulation or complete TIBER exercise? Our red teaming experts are ready to put your defenses to the test.
Together. Secure. Today.
Get in touch with one of our professionals
FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.
Energieweg 3
3542 DZ Utrecht
The Netherlands
FalconForce B.V.
[email protected]
(+31) 85 044 93 34
KVK 76682307
BTW NL860745314B01